I was really keen to get ipv6, and very pleased when my provider (wretched hateful Comcast) finally gave me an ipv6 address.
What I didn’t know was that most VPN providers, including the one I use, are only tunneling the ipv4 traffic. So if you make a connection to a location that supports ipv6 (has an AAAA record) the connection will completely bypass the vpn tunnel.
I have temporarily turned off ipv6 on the external interface by putting this into /etc/sysctl.conf:
net.ipv6.conf.enp4s1.disable_ipv6 = 1