Control: tags -1 moreinfo Hi,
> 4. I then disconnect from B by running sudo systemctl stop openvpn@B and note > that the first tunnel is still established (good!), but all traffic seems to > be directed to my main network interface instead (bad!). This can be verified > by going to e.g. https://whatismyipaddress.com and noticing that your ISP's > IP address is the one showing there rather than the IP address assigned by > your VPN provider. > > I would have expected the first tunnel to take over the connection, > especially since resolvectl status still seemed to indicate that everything > was set correctly on the DNS end (correct domain routing, etc) and systemctl > status openvpn@A seemed to show that the VPN is still connected. Since you don't seem to experience (only) leaking DNS queries but especially leaked traffic this is not related to resolved etc, but to the routing table. Please show the output of ip route show ip addr show at each of the steps described below, i.e. before A is established, after A is established, after B is established, after B is dropped. Bernhard
