@Mike A.
Hi mike or anyone else,
Can you confirm with the current method I have of not checking the "Direct clients to redirect Internet traffic" on my Asus openVPN server, am I still protected when I check my cams using BI app on my mobile device (iphone/ipad)?
Yes, assuming that you're going through your VPN to hit your BI server. The toggle only works to affect other traffic outside of that destined for your home network (see below). Traffic to your VPN/local network is secured either way that toggle is set.
I am trying to understand with the basic setup, how exactly are my communications encrypted or protected while my surfing is still visible (and presumably can be read by someone) when i am in a public wifi. I am trying to better understand how this VPN actually works selectively for my home network but not for others. thanks for your time.
Land
When you run the VPN client and connect to your router running the VPN server, it sets up a secured, encrypted connection between the two devices. Part of what is done during that is to assign your client device another IP address and to set up the routing for that IP so that it effectively becomes another device on your home network as if you were connected locally. So any traffic that is destined to your local network is routed from your client through the VPN server and then onto wherever intended on your local net.
With the toggle turned off, traffic NOT destined for your local net is NOT routed through the VPN connection. That traffic goes out unsecured through whatever Internet service you're using via that IP and onto wherever.
With the toggle turned on, ALL traffic is routed through the VPN connection both that intended for your local net and that to other outside IP addresses.
That's how it's supposed to work in the default setup at least. I doubt that yours changes that basic flow but Merlin does give some more direct control over IP tables so that you could do more complex routing if you wanted.
As I mentioned above if you want to have your browsing secured in some place using public WiFi without running through your own VPN for whatever reasons, then there are third-party VPN services that you can pay for which do basically the same thing using their servers typically better hiding your originating IP, etc.