Improve routing loops detection

[lstipakov]

At moment we drop all tun packets with the same destination as VPN server, since we assume them originating from openvpn and we want to avoid routing loop. This might backfire in case of more complex routing rules. Let's use more fine-grained approach - drop packet if all following criteria are met:

• packet IP family matches transport IP family
• packet protocol (UDP/TCP) matches transport protocol
• packet destination address matches transport address
• packet destination port matches transport port