[lxgr]

Arguably, a setup using a VPN for anonymity purposes is badly flawed if it allows traffic to anything but the VPN gateway. This includes the local network.

Mediocre home appliances or (as in this case) ISP CPEs can easily deanonymize you.

[mindslight]

Yes, but you do want deliberate access to specific services on the local network. Mainly NFS exports and the like.

[lxgr]

Yes, but that's a deliberate security–convenience trade off then.

One solution is to use proxy servers or per-app VPNs (without local network access) instead of a system-wide VPN, and effectively partition applications into trusted and untrusted ones.

[mindslight]

I've done that partitioning with virtual machines. I don't see how it's a "tradeoff". Yes, every additional service you expose can have its own security flaws, but you have to get data in/out of a VPN'd VM somehow. Even if I allocated more local storage to the VM and only ssh'd in to send/receive files, the ssh client could have a hole in it. nfsd, samba, sshd, and ssh are designed to do singular jobs. The issue in this case is the exposing of a consumer router that was never designed for security from the local network.