Many thanks for your reply - this is what I was trying to do but clearly getting it wrong. If I'm clearer about how our routing is currently set up and can you walk me through what you did to make it work?
The networks look like this:
(192.168.500.250 - eth0)
IPCOP1 <-> ZerinaVPN1 (10.72.180.0 - tun0)
(xx.xx.xx.xx - eth1)
INTERNET (VPN Tunnel using ipsec0 from xx.xx.xx.xx to aa.aa.aa.aa)
(aa.aa.aa.aa - eth1)
IPCOP2 <-> ZerinaVPN2 (10.72.181.0 - tun0)
where xx.xx.xx.xx etc are Internet static IP addresses
My routing tables on IPCOP1 (for example) look like this - note that this box acts as the gateway for everything in OfficeNet1:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.72.180.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
xx.xx.xx.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
xx.xx.xx.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
10.72.180.0 10.72.180.2 255.255.255.0 UG 0 0 0 tun0
192.168.500.0 xx.xx.xx.yy 255.255.255.0 UG 0 0 0 ipsec0
192.168.600.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 xx.xx.xx.yy 0.0.0.0 UG 0 0 0 eth1
Note that the IPCOP1 external address (xx.xx.xx.xx) isn't used directly in this table, although the very small subnet it is on as part of our Office1 static IP allocation is. This is the default setup for the IPCOP box.
All help gratefully received.