Remember that you have to start FC manually on a remote PC. As long as FC is not started the routes are unchanged. That is, the client will have internet access via it' s router.
When FC is started (more precisely: when the tunnel is up), the route to the network behind the tunnel is inserted into the routing table of the client.
Often you only specify the private network behind the tunnel (on the FGT' s side) in FC, like ' remote subnet: 192.168.44.0/24' . If you specify ' remote subnet: 0.0.0.0/0' instead, ALL traffic which is not directed at a local target will be sent across the tunnel, especially all internet traffic. ' 0.0.0.0/0' is called the ' default route' .
@neonbit:
I think you' ve got jpp wrong. The remote clients using FC should have no internet access - that' s got nothing to do with the Fortigate settings. Clients behind the FGT should well have internet access.
Ede
"Kernel panic: Aiee, killing interrupt handler!"