[betaby]

I would break it down in two parts.

1. Coffee shop Wi-Fi router is compromised. Than that's a possible vector.

2. Bad actor sitting in the coffee shop and trying to carry out attack similar to the one described on the link. Fortunately that won't work on any decent WiFi infra from Meraki, Ubiquiti or similar.

DHCP attacks are always a problem on dumb wired switches though.

[ls612]

Are there workarounds VPN clients can use to prevent this attack from working (or in the worst case, disconnect rather than send traffic outside the tunnel on a hostile network)?

[betaby]

Yes. On Linux there are methods to put VPN in a namespace and thus avoid the issue.