Hurrah! Sorted!
For those in the future who might stumble across this here is what worked for me in the end.
Android N VPN settings
- L2TP/IPSec PSK
- server address set to my dynamic DNS entry
- DNS server set to the ERX gateway, in my case this is 10.10.0.1
- Forwarding route 0.0.0.0/0 (Suspect this is PPPoE related)
- Username & password as you'd expect
ERX settings in addition to earlier posted config
- set vpn l2tp remote-access dns-servers server-1 10.10.0.1
- set service dns forwarding options 'address=/domain.name/10.10.0.43'
- set service dns forwarding options "listen-address=10.10.0.1"
On the internal network server I also created an nginx reverse proxy for the primary domain name, because I have two public DNS entries for domain.name and *.domain.name, and the primary is hosted outside my home office network.
Now as a result all my internal subdomains work fine and direct to my internal server, whilst the primary domain is active on its server in the cloud and my dynamic DNS continues to operate on my gateway.
Cheers 