IP addresses
It is important to choose an IP address range that does not have or has goods odds against, conflicting with remote client address pools. If VPN uses IP addresses from a range shared by a remote client address pool, packets meant for the client LAN may attempt to traverse the VPN to the wrong system or to a system that doesn't exist at all. Alternatively, the traffic may never leave the client LAN and be routed to a local resource, instead.
The following diagram illustrates a fairly severe case of what I'm describing. There are various resources identified with their associated LAN address on both sides.
On the left, there is a network where the VPN server resides. The LAN on the server network uses the 10.4.0.0/24
subnet. For the VPN, the 10.8.0.0/24
subnet is used. This will facilitate VPN traffic, and a route will be pushed for the server-side LAN subnet. There are two internal servers for which the VPN was created. The first is an application server using LAN...