[Swan] Help with IKEv1 roadwarrior to subnet?

[Manfred]

I'm trying to set up a remote VPN access, and for simplicity I am 
starting with IKEv1 & PSK (the final setup will be IKEv2 & certs, but 
I'd rather figure this out first).

I am able to establish a connection from client to server, and access 
all services on the server itself (http, ssh, ...) but I'm stuck at the 
point that I can't access any other host at the server site (e.g. 
192.168.0.35)

Thanks in advance for any help!

On the server site:
UDP ports 500, 4500, and 50 are being NAT forwarded from the public 
gateway to the ipsec server at 192.168.0.27, subnet is 192.168.0.0/24

server config is:
conn server-vpn
     ikev2=no
     ike=aes256-sha1;dh14
     esp=aes256-sha1

     authby=secret
     # left=XXX.XXX.XXX.XXX # public IP of the gateway
     # leftnexthop=%defaultroute
     left=%defaultroute
     leftid=XXX.XXX.XXX.XXX # public IP of the gateway
     # leftsourceip=192.168.0.27
     leftsubnet=192.168.0.0/24

     right=%any
     rightsubnet=vhost:%no,%priv

     auto=add

client site is supposed to be dynamic IP, behind a gateway at 
192.168.1.25, subnet is 192.168.1.0/24
client config:
conn client-vpn
     ikev2=no
     ike=aes256-sha1;dh14
     esp=aes256-sha1

     authby=secret
     left=%defaultroute
     # leftid=XXX.XXX.XXX.XXX
     # leftsubnet=vhost:%no,%priv
     # leftsubnet=192.168.1.0/24

     right=XXX.XXX.XXX.XXX # public IP of the gateway at server site
     rightsubnet=192.168.0.0/24

     auto=add

(Maybe it's worth mentioning that the server is running libreswan 4.1 on 
Fedora 32, the client is with 3.30 on Fedora 30)