Both really.
My infrastructure segment is inaccessible unless you can either get on that vlan through a physical port on the switch, or via a VPN that the FW originates as the server to get on an administrative network.
There are also client mode VPN connections to a commercial provider.
Regardless of if the traffic is coming in via the admin VPN and then out WAN, or on the local segment and then routed over the client VPN out to the web it takes a big hit to throughput. It would be difficult to pin down if it affects traffic both ways given the huge imbalance in the down/up speeds.
It does seem to be limited to traffic routed externally that has the issue though. Running a speed test from the admin net to a local server works as expected despite going through a vpn tunnel to get to that network. But anything either from the admin vpn or going over the external commercial vpn to an external site is heavily limited.