Thanks for the comment, I've tried this but it didn't make any difference.
I set the address range to 172.29.100.96/28 and, after connecting, confirmed the client was using an address in the range. Pinging a server on the LAN at 192.168.100.2 succeeds, but pinging the SmallWall LAN IP address at 192.168.100.1 times out.
DNS requests also fail. Looking in the firewall log the responses (UPD port 53 to the L2TP client IP address) are being blocked, so the request is getting to the firewall but it cannot get the response out.