I was moved to encrypt.me after buffered was acquired. This VPN automatically encrypts network connections _it_ feels are unsafe. If you encrypt all traffic, your local routed networks may become unavailable. Here is an example network:

If you enable “Secure my connection” from the encrypt.me application, you will loose connection to both the Corporate and DMZ networks.

Solution:

To fix this problem, create static routes on the workstation to point to the firewall/router for specific networks. It seems that encrypt.me only redirects the default gateway, so by adding static routes, you can bypass encrypt.me.

macOS:

sudo networksetup -setadditionalroutes "Ethernet 1" 172.16.0.0 255.255.0.0 192.168.200.1

sudo networksetup -setadditionalroutes "Ethernet 1" 192.168.20.0 255.255.255.0 192.168.200.1

Windows:

route -p 172.16.0.0. MASK 255.255.0.0 192.168.200.1

route -p 192.168.20.0 MASK 255.255.255.0 192.186.200.1

macOS script

    # Add-Static-Routes.sh
    # This gets around the VPN system on the mac is sending these networks through it's VPN 
    # Networks:
    #  172.16.0.0/16 --> Router VPN to Corporate
    #  192.168.20.0/24 --> Router DMZ IoT network
    #
    # These 'route' commands will work until next boot. Great for testing
    route add 172.16.0.0 192.168.200.1 255.255.0.0 # Corporate Network router VPN
    route add 192.168.20.0 192.168.200.1 255.255.255.0 # IoT DMZ in router

    # networksetup allows persistent routes across reboots. 
    # -listnetworkservices will show current interfaces that -setadditionalroutes uses. Mine is "Ethernet 1"
    networksetup -listallnetworkservices # What network services are available on this Macintosh?
    networksetup -setadditionalroutes "Ethernet 1" 172.16.0.0 255.255.0.0 192.168.200.1
    networksetup -setadditionalroutes "Ethernet 1" 192.168.20.0 255.255.255.0 192.168.200.1

    # Show the routes
    route get 172.17.1.1
    route get 192.168.20.1

    # Test the routes
    ping -c 1 172.17.1.1
    ping -c 1 192.168.20.1