IKEv2 VPN connection routes ALL traffic through VPN tunnel - no way to change this.

Until recently, we have been using L2TP-over-IPSEC connections on users' Macs to connect them to our enterprise network. We are now deploying IKEv2 connections on several devices aiming at switching all users to this protocol in the near future.

While testing, we have noticed that IKEv2-based connections forward all Internet traffic from the client to the Internet unconditionally through the VPN tunnel. We can confirm this behaviour by examining the public IP address of the client device (for example: "what is my ip" in a browser window): on IKEv2 connections, this is always one of the public IP addresses assigned to the Internet links we use in office (the links connecting our VPN server to the Internet). This is not desired since we want client devices to use the tunnel only when accessing systems within our headquarters' networks (for example, in subnets "172.16.0.1/24", "192.168.1.0/24", etc.) while reaching the Internet - sites like Google / Apple / Facebook / etc. - outside of the VPN link (for example, using the user's home broadband connection). We do not seem to be able to find any way in System Preferences to change this behaviour for IKEv2 connections (as opposed to L2TP ones, where there is an advanced option named "Send all traffic over VPN connection", that allows us to control that).

We have seen this problem on both Big Sur & Monterey versions.

Any ideas how this can be configured in an IKEv2 connection? Are we missing something, maybe? We have been reading through lots of Apple documents and posts in this community without any useful finding so far.

Thanks.