There must be a option to set the register DNS at the TAP Adapter to reach out from LAN to VPN for internal services. At the moment we must set these Option after first connect manually as Admin remotely or with a PowerShell script like:
Get-NetIPConfiguration | where {$_.InterfaceDescription -eq 'Sophos TAP Adapter'} | Set-DnsClient -RegisterThisConnectionsAddress:$True
Please ad a function to provide the needed settings via provisioning or as MSI option.