When setting up a VPN server in Keenetic (PPTP, L2TP/IPsec, SSTP, IKEv2), there is the 'NAT for clients' option (enabled by default). This setting is used for VPN server clients' Internet access (in other words, it is needed to enable Source NAT — for the traffic from VPN clients to replace the source address with the router's WAN interface address, and then the clients will have access to the Internet).
In the Windows built-in client, this feature is enabled by default and requests to the Internet are sent through it when the tunnel is enabled. Be careful in this case because all home VPN-client traffic starts to go to the VPN tunnel through the Internet connection of the VPN server.
NOTE: Important! Suppose you disable the 'NAT for clients' option on the VPN server but do not reconfigure the Windows client's default routing policy. In that case, the computer may not be able to access the Internet after the tunnel is established.
To manage these settings in Windows, you need to enter the properties of the VPN connection. To do this, open Control Panel and go to 'Network Connections'. Then right-click on the previously created VPN connection shortcut, and in the context menu, click 'Properties'.
Go to the 'Networking' tab, click on 'Internet Protocol Version 4 (TCP/IPv4)' and then click on 'Properties'.
Then click the 'Advanced...' button.
In the 'Advanced TCP/IP Settings' window on the 'IP Settings' tab, turn off the 'Use default gateway on remote network' option (it is enabled by default, and this field is checked). This option is used only when connecting to the local network and the remote access network at the same time. If this option is enabled, data that cannot be transmitted over the local network is routed to the remote access network.
Uncheck this box and click 'OK'.
Press 'OK' to save all settings.
If you already have a VPN connection up and running, you will need to rerun it for these settings to apply.
Now the VPN client will access the Internet through its local ISP, and only network packets destined for the remote network will go to the VPN tunnel.
In macOS, the 'Send all traffic over VPN connection' option is in the VPN connection settings:
If you disable this option, VPN is no longer used as the primary Internet connection.
For Android OS, a similar effect is achieved by specifying particular networks to be routed to the VPN connection (a route to the local network of the router VPN server):
With this setting, only the specified subnet will be routed to the VPN tunnel, and the rest of the traffic will go to the Internet through the main connection of the mobile device.