If a point-to-point virtual network interface created by a VPN client has a single host in the interface subnet and is configured to be a default routing path, all traffic sent to such virtual network is dropped.
This comes from the fact that we drop traffic that is routed to default network interface and packet destination is not on the interface subnet because this case resemble "fallback" logic of the default route that sends any arbitrary traffic over.
The logic we have falls short for some of the VPN clients and needs to be improved to account for the PTP virtual network interface with conservative netmasks.
If a point-to-point virtual network interface created by a VPN client has a single host in the interface subnet and is configured to be a default routing path, all traffic sent to such virtual network is dropped.
This comes from the fact that we drop traffic that is routed to default network interface and packet destination is not on the interface subnet because this case resemble "fallback" logic of the default route that sends any arbitrary traffic over.
The logic we have falls short for some of the VPN clients and needs to be improved to account for the PTP virtual network interface with conservative netmasks.