So..
I have a Chinese router behind which I configured a Soft Ether VPN server. Using the SE ddns I 'found' a Chinese IP address through which the SE client successfully Nat tunnelled to the server. The actual public IP address of the router is on the ee network, SE can tunnel through to that as well (this (useful) software must be every sysadmins nightmare).
Can anyone hazard what is going on? It's not my router, was supplied as part of a contract by a small name company who should have a reputation to uphold. They are not #1 with me already as they provided a vpn solution that is not fit for purpose. Clients on the router then wasted time port forwarding As the software on my client PC needs to use the remote LAN IP addresses was never going to work. .