Root access needed.
Keep programs from accessing the internet even if the VPN software crashes or has not been started yet.
- Configure your VPN.
- Within the firewall tool:
- Verify that the firewall is in white-list mode.
- Under "Settings" enable "VPN Support" (and IPv6 since you're already there).
You most likely want to enable "Tethering Support" and "Notification Support" too.
- Give internet access only to the installed OpenVPN for Android app (the one with the icon next to it).
- Give VPN access either to "(Any application)" or just to some of them.
- Due to the unstable nature of mobile network connections it can be advisable to use the TCP mode of OpenVPN (tradeoff: ~10% slower connection but less downtime).
If you use VoIP, stick to UDP since speed is more important than quality when it comes to speech.
- If your OpenVPN crashes when switching networks (eg. from WLAN to mobile network) then you should enable floating ("Advanced" -> "Allow floating server").