How to properly setup Mullvad VPN with a Synology Diskstation

There's lots of howtos out there for this, and I've even (successfully!) followed them in the past to get my VPN setup on my Synology but for some reason, since I reset the box and wiped everything (currently running DSM 6.2.4-25556 Update 2) VPN setup just does not work.

What I do

1. Via the web UI, on a freshly installed Synology, go to Control Panel → Network → Network Interface → Create → Create VPN Profile.
2. Select OpenVPN (via importing a .ovpn file)
3. Enter my account number in Username, and m in the Password field.
4. Upload the following file for the Import .ovpn file field which I downloaded from their site:

client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
proto udp
auth-user-pass
reneg-sec 0
tun-ipv6
fast-io
remote-random
remote us-sea-101.mullvad.net 1300
remote us-sea-103.mullvad.net 1300
remote us-sea-102.mullvad.net 1300
<ca>
-----BEGIN CERTIFICATE-----
[redacted]
-----END CERTIFICATE-----
</ca>

5. Click Next
6. Check the box next to "Use default gateway on remote network"
7. Check the box next to "Reconnect when the VPN connection is lost"
8. Click Apply
9. Select my newly-created VPN connection and click the Connect button.

What happens

After a few seconds, outgoing internet connectivity on the machine is effectively dead. DNS lookups don't work, and I can't even ping 1.1.1.1. The output of route -n is not what I would have expected. Here's what it was before clicking Connect:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0

...and here's what it's like after:

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.14.0.1       128.0.0.0       UG    0      0        0 tun0
0.0.0.0         10.14.0.1       0.0.0.0         UG    0      0        0 tun0
10.14.0.0       0.0.0.0         255.255.0.0     U     0      0        0 tun0
128.0.0.0       10.14.0.1       128.0.0.0       UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
198.54.131.34   192.168.1.1     255.255.255.255 UGH   0      0        0 eth0
198.54.131.34   192.168.1.1     255.255.255.255 UGH   0      0        0 eth0

This doesn't look right to me, and it's quite different from my desktop machine when connected to the same Mullvad service:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    100    0        0 eno1
10.8.0.0        0.0.0.0         255.255.0.0     U     0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eno1

Stuff I've checked

• My Mullvad account is paid up through next year
• There's only a 4 devices connecting to said account, including this Synology.
• The Synology is the only one failing to connect properly.
• I can ping 1.1.1.1 and do all normal internet things before initiating the VPN connection.
• A look at /var/log/messages and /var/log/synoservice.log don't show anything particularly alarming other than the following in messages:

2021-10-27T23:23:42+01:00 synology openvpn[13618]: WARNING: file '/tmp/ovpn_client_up' is group or others accessible
2021-10-27T23:23:42+01:00 synology openvpn[13619]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-27T23:23:42+01:00 synology openvpn[13619]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-10-27T23:23:43+01:00 synology openvpn[13735]: WARNING: file '/tmp/ovpn_client_up' is group or others accessible
2021-10-27T23:23:43+01:00 synology openvpn[13736]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-10-27T23:23:43+01:00 synology openvpn[13736]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-10-27T23:23:44+01:00 synology openvpn[13736]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
2021-10-27T23:23:44+01:00 synology openvpn[13736]: WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2021-10-27T23:23:47+01:00 synology openvpn[13736]: NOTE: setsockopt TCP_NODELAY=1 failed

Any insight someone could offer here would be greatly appreciated. I'm a programmer, not a network engineer, so I'm afraid I lack the skills to properly debug this.