The Server VPN range (10.56.5.0/24) is used for point-to-point links between the shop and servers that aren't at the shop (such as remote2.makerslocal.org).
Sometimes we also just use IPsec to encrypt the 10.x traffic between the remote server's public address and the on-prem stuff. In this configuration, the edgerouter seems to love to add extraneous routes that you have to delete. Example:
ip route del 184.108.40.206 dev br0 scope link src 220.127.116.11
To ensure this happens if the VPN restarts, I add that "ip route del" line into root's crontab on the router, to run every few minutes. Terrible solution but it'll work for now.