...
For the LANCOM Advanced VPN Client for macOS, the LocalNet attack can be prevented only partially by enabling the “Full Local Network Enclosure Mode” option. Network traffic to and from the standard gateway will not be routed into the VPN tunnel.
Alternatively, a third-party firewall can be configured such that only VPN traffic is allowed outside the tunnel, with dedicated exceptions for, e.g., the local network printer.
...