Push block-outside-dns (DNS leak/Windows 10)

[TitianRob16]

Hi all,

Firstly, you'll have to forgive me as I've never used OpenVPN before and I'm trying to get my head around it.
We currently have a DNS leak issue where Windows 10 appears to use the ISP DNS instead of the OpenVPN DNS. My temporary fix was to change the metric interfaces on the network settings, but I've read recently that you can add a configuration setting on the server-side called 'block-outside-dns'.

I've used Putty to log-in to our IPCOP server and I've added the line "block-outside-dns" underneath the 'push "dhcp-option DOMAIN"' and 'push "dhcp-option DNS"' to the server.conf file. However, I'm not sure if this is right. My understanding is that this "block-outside-dns" setting needs to be pushed to the clients running Windows 10. Is this the way to do it? Does it update the config file for the client when you download it from the certificates page on the web portal of the server? If so, does that mean I simply need to download the certificates again for each client?

Any help with this would be appreciated

[TinCanTech]

My understanding is that this "block-outside-dns" setting needs to be pushed to the clients running Windows 10. Is this the way to do it?

That is correct.

Code: Select all

# server.conf

push "dhcp-option DNS x.x.x.x"   # Push your preferred VPN DNS - google eg. 8.8.8.8
push "block-outside-dns"         # Block access to any other DNS

Otherwise, you can simply add block-outside-dns to your Windows 10 client config files.

[TitianRob16]

That's great - thanks! Is there a way to check to see if this is working through the GUI logs at all?

[TinCanTech]

Check your client log files ..

[TitianRob16]

Thanks for the help!