The attack vector described in the article uses the VPN client machine's host network, i.e. the local network the device is attached to. They don't discuss the DHCP server of the VPN provider.