Also I am not familiar with IPSEC, if there is no IP interface regarding this IPSEC, @Alefsuggestion is a good idea to look at, GRE will encapsulated all traffic.
Also look into SSH tunneling which allows you to create a tunnel over SSH and redirecting traffic without port forwarding. You can specify local machine ports to forward over SSH torwards to your Hertz Server.