Why are there so many public IP addresses associated with one VPN client endpoint?

I'm using this tool but still unable to confirm which public ip addresses associated with the Client VPN endpoint are not in use so that we can delete them.

Those public IP addresses are not Elastic IP addresses. I'm trying to understand when a Client VPN endpoint is created, how does it manage the public ip address? When will it create a new eni and the associated public ip address? I couldn't find it from the Client VPN Endpoint document (https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).

• A1: The Client VPN endpoint itself does not have a public IP address. Instead, it relies on ENIs that are created for each client connection. If the subnet in which the ENI is created is a public subnet, then the ENI can be assigned a public IP address from the VPC's pool of public IP addresses.
• A2: A new ENI is created for each new client connection to the Client VPN endpoint. This ENI is created in the subnet associated with the Client VPN endpoint's target network. If the subnet is a public subnet, then the ENI will be assigned a public IP address. This public IP address is used to route traffic between the client and the VPN endpoint over the internet. It's important to note that the creation of a new ENI and a public IP address is tied to client connections, not the creation of the VPN endpoint itself.

Thank you, Osvaldo. That seems to be the reason. However, our client VPN endpoint's target network association is to the private subnets. We do have public subnets corresponding to the private subnets. So I guess it still assigns a public IP address when it creates an ENI. If this is the case, is there a way to set the ENI's 'Delete on termination' to true? Basically a way to automatically delete the Public ip address when we disconnect from the Client VPN endpoint?