I think the short answer is yes. But you will have some issues here…
Not really. You won’t be able to have the remote site initiate the connection to your routers in your orange network. You could get away with that by assigning each router a different public IP address, but that would entail that you have a small subnet with public IP address space available.
You should use the IPFire box to handle all IPsec VPNs in my opinion.
I have no idea why you needed to setup firewall rules on the console. The web UI can do that for you.
You probably didn’t setup any static routes.
This is not how networks or routing works.
Unless your customer is AT&T, you are using public address space here - for starters.
What is a “virtual” network? Aren’t they all quite virtual?
You have a very complicated setup here and since you are using this in some business, I can only ask you learn how basic routing works or have an expert have a look at it.