If you use a VPN on Android 10, be aware that there are leaks outside the VPN tunnel. I noticed this by logging every outgoing request from an Android 10 tablet (bug fixes as of Sept. 2020) after the tablet made a VPN connection. Every such request is a VPN leak. The leaks don’t happen often, but they do happen.
At first I noticed this with a WireGuard based Android app from a VPN provider. Then, I noticed it using the OpenVPN Connect app. Thus, I conclude the problem is with Android 10.
One leak is TCP requests to IP address 45.90.28.0 on port 853. The IP belongs to NextDNS which the tablet is using as its Private DNS. Private DNS is a relatively new Android feature, so no surprise that it might be buggy.
The other leak is to TCP port 80 to a number of IP addresses (172.217.11.3, 172.217.12.195 and 172.217.12.131) that belong to Google. Yes, port 80.
The two leaks happen at the same time, for whatever reason.