why is a split tunnel relevant? I thought all VPNs are vulnerable unless they use a firewall like I do, or network namespaces.
At least the way I understand it, a normal VPN redirects your internet traffic to instead go through a virtual network interface, which then encrypts and sends your traffic through the VPN. This attack uses a malicious DHCP server to inject routes into your system, redirecting traffic to the attacker instead of towards the virtual network interface.
I see what you mean now. I wouldn’t advocate for people to disable DHCP features either. It should be the VPN provider’s responsibility to provide a proper VPN client that mitigates attacks like these.