So you’ve got VPN working and people are able to access LAN resources remotely via VPN.
But they’re not able to access the Internet via VPN. This isn’t usually a problem since users can always use their local internet access to access the internet. After all, this is how they’re getting to the VPN.
There are situations where they’d rather access the internet via the VPN connection. For instance, maybe their internet access allows VPN connections but blocks access to their favorite news site. Or their favorite search engine.
If you’re providing VPN access using a SOHO firewall/router combo device then there is a good chance that the device will not support providing internet access to its VPN clients. Emphasis on “will” since this restriction is an optional restriction mainly aimed at getting you to buy a router. It’s usually worded along the lines of something like “this device won’t transmit packets received on an interface back out that interface”.
Fair enough, it *is* a routing function and businesses have every right to differentiate their products as they see fit.
If you’re not interested in, or are unable to, purchase a router then you can use a proxy server to provide access to the internet for remote VPN clients. Proxy servers are cheap and setting them up is easy.
The major downside to this approach is that clients have to configure their applications to use the proxy server. Many networked applications have support for this (e.g., browsers) but the configuration is slightly different for each application. And users have to remember to turn it on and off as their connection changes. But in a pinch this will do the trick.