Force all network traffic pass through OpenVPN tunnel

# Flush all rules
iptables -F

# Let's change the policy to DROP.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Allow basic INPUT traffic.
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT

# Allow basic OUTPUT traffic.
iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT

# Allow traffic to the OpenVPN server, DNS and via the tunnel.
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A OUTPUT -p udp -m udp -d 8.8.8.8 --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m udp -d 8.8.4.4 --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m udp -d vpn.server.example.com --dport 1194 -j ACCEPT

# Reject everything else.
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
iptables -A FORWARD -j REJECT --reject-with icmp-port-unreachable
iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable

Write new system image using bmaptool (beaglebone)

#install
sudo apt-get -y install bmap-tools

# download image and bmap file
wget https://debian.beagleboard.org/images/bone-debian-8.3-lxqt-4gb-armhf-2016-01-24-4gb.img.xz
wget https://debian.beagleboard.org/images/bone-debian-8.3-lxqt-4gb-armhf-2016-01-24-4gb.bmap

 #write system image
bmaptool copy bone-debian-8.3-lxqt-4gb-armhf-2016-01-24-4gb.img.xz /dev/sdb


#results
bmaptool: info: discovered bmap file 'bone-debian-8.3-lxqt-4gb-armhf-2016-01-24-4gb.bmap'
bmaptool: info: block map format version 2.0
bmaptool: info: 870400 blocks of size 4096 (3.3 GiB), mapped 743361 blocks (2.8 GiB or 85.4%)
bmaptool: info: copying image 'bone-debian-8.3-lxqt-4gb-armhf-2016-01-24-4gb.img.xz' to block device '/dev/sdb' using bmap file 'bone-debian-8.3-lxqt-4gb-armhf-2016-01-24-4gb.bmap'
bmaptool: info: 1% copied