Let A.B.C.D be the public IP of my VPN server. Let W.X.Y.Z be the IP of the client before it connects to the VPN.
My VPN server's IP address on the LAN in 10.8.0.1, and the client is 10.8.0.6. I also run a webserver on the same machine hosting the VPN. On it is a simple webpage that performs the exact same thing as whatismyip.org (i.e., simply prints the IP of the requester)
Let me illustrate the scenario for you.
In a Chrome window I have three tabs, what I have in parenthesis is the URL:
Tab 1 (http://whatismyip.org):
A.B.C.D
This is what I expect to see. It's the public IP of the VPN server.
Tab 2 (http://10.8.0.1):
10.8.0.6
ok, looks expected. They are behind the same LAN now.
Tab 3 (http://A.B.C.D)
W.X.Y.Z
WTF?? Basically, if I access the webserver while tunneled, in shows the IP address of my machine PRIOR to tunelling!
Remember, tab2 and tab3 are the same webpage. Why does Tab3 not show the client IP as it's own IP (i.e., show A.B.C.D)???
I hope this question is clear, thanks in advance!
At a guess a.b.c.d is also your NAT gateway. When you set up the VPN the client sets an entry in the routing table for how to get to the VPN gateway. It needs this route in order to get to the VPN before the VPN's routing policy takes over. When you talk directly to a.b.c.d, your client is connecting over the internet not the VPN.
You can verify this by looking at the routing table on the client. It should have a route-entry to talk to a.b.c.d over the client's normal route, and the default route should be taken over by the VPN gateway on the VPN adapter.