Any way to adjust client config files to protect against TunnelVision attack?

[philCryoport]

Is your feature request related to a problem? Please describe.
The TunnelVision attack was just published yesterday. If the client receives its IP address from a rogue DHCP server with option 121 configured in a specific way, the traffic that should be encrypted and going to the VPN server is instead "decloaked".

Describe the solution you'd like

• Android ignores DHCP option 121, so it's apparently immune until Android decides DHCP option 121 should no longer be ignored.
• For Linux, supposedly if the VPN client uses "network namespaces" it's safe. Does Algo use "network namespaces" in Linux client config? If not, it sounds like will need to be default config for Linux henceforth.
• Until iOS / iPadOS / MacOS / Windows enable "network namespaces", the only other solution proposed by the researchers is to set up a VM with NAT -- getting a private IP from the host device -- and then initiate the VPN connection from within the VM. I'm not sure how that could be configured...thus asking here...
• Alternatively, if not using "network namespaces" or the connection-within-VM functionality, use the Private Internet Access methodology and prevent the activation of the VPN if DHCP option 121 is pushing routes -- potentially even put up an alert that the network connection is actually actively trying to decloak communication

Describe alternatives you've considered
¯\_(ツ)_/¯

Additional context
N/A

[philCryoport]

Bump