@itas 

Yes you can do that, but you will need to use L2TP VPN.

Main office router set up as VPN server; then on the branch office side configure router as VPN client.

On branch office site router, configure Policy Routing. Source IP: All LAN; Destination IP: Any; WAN choose the VPN tunnel name.

  @Somnus L2TP Client-to-LAN require Working Mode NAT for client, so the router will act as a proxy and the firewall does not see every computer that accesses the Internet from branch office.
To be a effective firewall, the IP address of each computer at the branch office should be visible on the firewall at the headquarters - the router should be in ROUTER mode, not NAT mode.

Does L2TP allow the client to be in ROUTER mode?

  @itas 

No, I don't think so. Your requirement can't be done via one VPN tunnel.

If you have two WAN modems on both side, you can try to build two VPN connections. One is IPSec for site-to-site; another one is L2TP/PPTP for porxy Intenret only

  @Somnus I made the following progress: at the main office I installed a pfsense that has a lot of firewall options and at the branch office I used TP-LINK ER605 routers.

I made the connection on L2TP over IPSEC. Everything goes well if the L2TP client on the ER605 is in NAT mode (computers in the branch office can access the LAN from the main office.).

If the L2TP client on the ER605 is in Routing mode, the packets from the branch office do not reach the LAN from the main office.

The L2TP client on the ER605 in NAT mode does not allow me to see on the Firewall every computer from the branch office, only the traffic on the VPN connection to the branch office.

Some ideas - why doesn't the L2TP client on the ER605 don't work in Routing mode?