Well this is the dilemma, I want remote clients to connect to my network and only route local access through the VPN. This is split tunneling, the client uses its internet connection for all other internet requests and the VPN tunnel to my network for local requests.

There's a couple of issues that arise: split tunneling in Windows is achieved by unticking an option which reads "Use default gateway on remote network" in the TCP/IP settings of the client VPN connection. At any point the user can tick it and route all his internet traffic through my network eating away at my bandwidth and being cloaked by my IP address. This is unacceptable.

Issue number 2 is that if the client is split tunneling, he becomes a gateway between the internet and my network, this is also unacceptable.

My questions are: how does one achieve split tunneling serverside? And is the latter issue a valid con worthy of worry?

Any thoughts would be appreciated!