I think...
The above explains VPN, check all your traffic is going through it.
I'm only familiar with Cisco Anyconnect which routes 0.0.0.0 (everything) when connected, with the local subnet being the only other route.
However, debugging a connection to amazon... It's doing a lookup for cloudfront.net, which is how they move stuff to an edge server to make things responsive and tie up less international trunks. If this dns lookup goes out locally, then it will find you are in frog land.
http://aws.amazon.com/cloudfront/ for more details.
Try changing your dns to something other than your local router, like opendns? See if that then gets tunnelled?
The above explains VPN, check all your traffic is going through it.
I'm only familiar with Cisco Anyconnect which routes 0.0.0.0 (everything) when connected, with the local subnet being the only other route.
However, debugging a connection to amazon... It's doing a lookup for cloudfront.net, which is how they move stuff to an edge server to make things responsive and tie up less international trunks. If this dns lookup goes out locally, then it will find you are in frog land.
http://aws.amazon.com/cloudfront/ for more details.
Try changing your dns to something other than your local router, like opendns? See if that then gets tunnelled?
