Werner Ok just to be clear. The set up I have works, do you believe that to be a fault?
I did try the static route option above but it was a bit of a “sledgehammer to crack a nut” I don’t need the entire second router in with the VPN network.
So, I decided to have the Internet box with VPN, I arrive at the internet box with the tunneled IP of 10.0.1.2, this the goes on to an openwrt router where I set a firewall rule to allow me to route a particular port (in this case for my test port 8080) to a test web server running on a system attached to the second router.
For sure I could run the VPN on openwrt but why? the Internet box doesn’t have much to do so why not let it process the VPN? Happy to hear discussions about this.
My first question though, which I don’t see an answer to yet is, how fixed the 10.0.1.x addresses are? Is “x” fixed to a tunnel name or is it simply a random pool and how big is it?