I cannot fully understand this. vpn client already know its lan subnet, although it took default network from server side by mode-cfg, it can still exclude its local lan subnet by itself for encryption. Why does it need server side to configure "include-local-lan" to enable client local lan access?
for security? if server side don't have include-local-lan, then all traffic from client must go through vpn tunnel? I think client can still change its routing table to workaround this very easily after tunnel established.
Anybody can give me an idea about this?