How to execute script after openvpn connects and changes IP address

I would like puppeteer in docker on google's cloud run and put the trafic through expressvpn (openvpn).

I faced a problem that if I run openvpn, the IP doesn't change:

~/d/docker-signin ❯❯❯ sudo openvpn --config my_expressvpn_usa_-_new_york_udp.ovpn --auth-user-pass credentials_expressvpn.txt --script-security 2 --up script_.sh
Sun Dec 27 07:07:48 2020 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Sun Dec 27 07:07:48 2020 WARNING: file 'credentials_expressvpn.txt' is group or others accessible
Sun Dec 27 07:07:48 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2019
Sun Dec 27 07:07:48 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Sun Dec 27 07:07:48 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Dec 27 07:07:48 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Dec 27 07:07:48 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Dec 27 07:07:48 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Dec 27 07:07:48 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]104.000.220.30:1195
Sun Dec 27 07:07:48 2020 Socket Buffers: R=[212992->425984] S=[212992->425984]
Sun Dec 27 07:07:48 2020 UDP link local: (not bound)
Sun Dec 27 07:07:48 2020 UDP link remote: [AF_INET]104.000.220.30:1195
Sun Dec 27 07:07:49 2020 TLS: Initial packet from [AF_INET]104.000.220.30:1195, sid=b6582f70 0864a05e
Sun Dec 27 07:07:49 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Dec 27 07:07:49 2020 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, [email protected]
Sun Dec 27 07:07:49 2020 VERIFY OK: nsCertType=SERVER
Sun Dec 27 07:07:49 2020 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-3807-1a, [email protected]
Sun Dec 27 07:07:49 2020 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-3807-1a, [email protected]
Sun Dec 27 07:07:49 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Sun Dec 27 07:07:49 2020 [Server-3807-1a] Peer Connection Initiated with [AF_INET]104.000.220.30:1195
Sun Dec 27 07:07:50 2020 SENT CONTROL [Server-3807-1a]: 'PUSH_REQUEST' (status=1)
Sun Dec 27 07:07:50 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.00.0.1,comp-lzo no,route 10.00.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.00.0.234 10.00.0.233,peer-id 27,cipher AES-256-GCM'
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: timers and/or timeouts modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: compression parms modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: --ifconfig/up options modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: route options modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: peer-id set
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: adjusting link_mtu to 1629
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: data channel crypto options modified
Sun Dec 27 07:07:50 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Dec 27 07:07:50 2020 NCP: overriding user-set keysize with default
Sun Dec 27 07:07:50 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Dec 27 07:07:50 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Dec 27 07:07:50 2020 ROUTE_GATEWAY 172.00.144.1/255.255.240.0 IFACE=eth0 HWADDR=00:15:00:bc:a8:64
Sun Dec 27 07:07:50 2020 TUN/TAP device tun0 opened
Sun Dec 27 07:07:50 2020 TUN/TAP TX queue length set to 100
Sun Dec 27 07:07:50 2020 /sbin/ip link set dev tun0 up mtu 1500
Sun Dec 27 07:07:50 2020 /sbin/ip addr add dev tun0 local 10.00.0.234 peer 10.00.0.233
Sun Dec 27 07:07:50 2020 script_.sh tun0 1500 1557 10.00.0.234 10.00.0.233 init
67.000.252.253Sun Dec 27 07:07:52 2020 /sbin/ip route add 104.000.220.30/32 via 172.00.144.1
Sun Dec 27 07:07:52 2020 /sbin/ip route add 0.0.0.0/1 via 10.00.0.233
Sun Dec 27 07:07:52 2020 /sbin/ip route add 128.0.0.0/1 via 10.00.0.233
Sun Dec 27 07:07:52 2020 /sbin/ip route add 10.00.0.1/32 via 10.00.0.233
Sun Dec 27 07:07:52 2020 Initialization Sequence Completed
^C
Sun Dec 27 07:07:56 2020 event_wait : Interrupted system call (code=4)
Sun Dec 27 07:07:56 2020 /sbin/ip route del 10.00.0.1/32
Sun Dec 27 07:07:56 2020 /sbin/ip route del 104.000.220.30/32
Sun Dec 27 07:07:56 2020 /sbin/ip route del 0.0.0.0/1
Sun Dec 27 07:07:56 2020 /sbin/ip route del 128.0.0.0/1
Sun Dec 27 07:07:56 2020 Closing TUN/TAP interface
Sun Dec 27 07:07:56 2020 /sbin/ip addr del dev tun0 local 10.00.0.234 peer 10.00.0.233
Sun Dec 27 07:07:56 2020 SIGINT[hard,] received, process exiting

~/d/docker-signin ❯❯❯ cat script_.sh
#!/bin/bash
wget -qO- https://ipecho.net/plain
# xvfb-run --server-args="-screen 0 1024x768x24" node puppeeer_test.js

67.000.252.253 is my real IP address. it should be changed to 104.000.220.30 because i used --up which means the script was suppose to run after openvpn routed the traffic.

Why doesn't IP change and how to make it so that my script_.sh uses the vpn's IP?