I have set up an IPSEC/L2TP VPN based on guides for the ERL, and it is working great, except remote clients can only access 10.1.0.0/24 address (10.1.0.1 - 10.1.0.254), but cannot access 10.1.1.1-10.3.1.254. eth0 on the ERL is 10.1.0.1/22, and LAN clients call all talk to each other. Additionally, while remote clients can only access the /24 IPs, LAN clients can all talk to the remote clients. Looking at the remote routing tables, everything looks correct, and traceroutes do hit the ERL before being dropped, so it seems like this is a routing issue on the ERL.
If anyone has any ideas on how I might get the ERL to route remote client's traffic for the full 10.1.0.1-10.3.1.254 range I'd greatly appreciate it!