Sure, the config is attached to the post.
The VPN GW provides multiple purposes. The purpose which causes issues here is providing access to a remote Webserver. In the diagram, the green one shows the way which works without TCP retransmits, and the red one shows the way with the delay and TCP retransmits.
