response 221 of 223:

Dec 5 22:10 UTC 2020

resp:220: What I did was created a vm at home to route the tunnel, and
established a strongswan tunnel between the two sites. I then created an
iptables rule to create a route to my network via the tunnel:

-A POSTROUTING -s 10.0.0.0/24 -d 192.168.0.0/20 -j MASQUERADE

and the opposite on the other end of the tunnel:

-A POSTROUTING -s 192.168.0.0/20 -d 10.0.0.0/24  -j MASQUERADE

For the Azure side, I also route the additional bound IP's over the
tunnel back home via:

-A PREROUTING -d 10.0.0.9/32 -j DNAT --to-destination 192.168.0.110
-A POSTROUTING -d 192.168.0.110/32 -j SNAT --to-source 10.0.0.9

strongswan starts on boot, and I've put the iptables rules in the
appropriate file for the OS (ubuntu/centos), so everything comes up on
boot and strongswan monitors the tunnel so it automatically restarts
should it drop. It ended up working out quite well, and it was much
easier to get it running than I'd expected.

response 223 of 223:

Feb 21 16:19 UTC 2023

The machine grex is running on had more disk space added yesterday. That
took it offline and made it appear the SSH security info had changed.
It's back up now and everything should be back the way it was before the
changes.  Thanks go to Tony for keeping grex going.