Most OpenVPN tunnels only support IPv4. Thus, the system has to be configured such that IPv6 is disabled. Moreover, DNS leaks are still possible and thus, the DNS configuration needs to be adjusted as well.
On Arch, install update-systemd-resolved
from AUR (GitHub repo).
The following lines then go in the OpenVPN configuration:
script-security 2
up /usr/bin/update-systemd-resolved
up-restart
down /usr/bin/update-systemd-resolved
down-pre
block-ipv6
dhcp-option DOMAIN-ROUTE .
Create /etc/sysctl.d/40-ipv6.conf
with the following content:
# https://wiki.archlinux.org/title/IPv6#Disable_functionality
# Restart the systemd-sysctl.service unit to apply the configuration changes.
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.wls6.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1
This should do it...