I think the full proof solution is to tinkle with the routing table of your OS, VPN is a great tool for your privacy but it is up to you on how to patch your holes.
e.g.
delete the 0.0.0.0 Destination with netmask 0.0.0.0
add route to the openvpn server IP with netmask 255.255.255.255 with your router's ip as gateway
that way NO connection can slip out from your computer directly.
sample of routing table
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 50 <--- delete your 0.0.0.0 route! so no connection can get out even bolehvpn fails!
46.165.197.36 255.255.255.255 192.168.1.2 192.168.1.1 10 <-- an example of added route, if 0.0.0.0 is deleted, only this ip are allowed to pass and to your internet connection (this ip is one of the bolehvpn server)
10.10.10.1 255.255.255.255 10.10.15.21 10.10.15.22 30 <--|
10.10.15.20 255.255.255.252 On-link 10.10.15.22 60 <--|
10.10.15.22 255.255.255.255 On-link 10.10.15.22 60 <--\
10.10.15.23 255.255.255.255 On-link 10.10.15.22 60 <----- After connected to a proxied server this will be added. these route you to 10.10.10.1
127.0.0.0 255.0.0.0 On-link 127.0.0.1 70 <--|
127.0.0.1 255.255.255.255 On-link 127.0.0.1 70 <--\
127.255.255.255 255.255.255.255 On-link 127.0.0.1 70 <----- Your own computer's loopback do not delete
i have no idea how to play with route on MAC, but google is your friend.