You can add a firewall rule to disable data forwarding and clear trace table before executing" /etc/init.d/startvpn restart"
iptables -I FORWARD -j DROP
echo n >/proc/net/nf_conntrack
Allow data forwarding after executing “/etc/init.d/startvpn restart”
iptables -D FORWARD -j DROP