Does the IPSec pass-thru now work?
Assuming you will always use VPN Client 1 then all the rules can be hard-coded using scripts that run during the router boot process.
I suggest you try without cloning table 220 as given IPSec is different from OpenVPN it may not actually be required?
Iv managed to find out whats happened. I had a look at the ipsec.postconf script & changed it so the tunnel uses the 10.10.10.0/24 subnet. I rebooted the router, ran your original code & hey presto, it works! In this case, should i keep the 220 table clone part? Where would you recommend i put the code so it always runs? Iv had an issue recently where some code has disappeared when amtm updates on the router, i think it overwrites or deletes & re adds files which continuously gets rid of some of my code. I cant put a user defined script in somewhere can i?
Thank you so much for your help, you've been really kind