How do I prevent 'block-external-dns' at client?

[tt6519]

I am testing a new AWS Client VPN Endpoint setup, which is effectively hosted OpenVPN. As such, I do not have access to the server-side configs (only those options exposed in the AWS console). The problem is that we need to co-exist with the Palo Alto 'GlobalProtect' VPN client and everything I tried with the OpenVPN Connect clients (both v2 / v3) breaks the DNS of the GlobalProtect. I assume this is because the AWS-hosted server is pushing the 'block-external-dns' directive to my clients.

I have tried all the following variations of this client-side directive, without success:

• pull-filter ignore "block-outside-dns"
• pull-filter reject "block-outside-dns"
• pull-filter ignore "block-external-dns"
• pull-filter reject "block-external-dns"

In the ovpn.log file for Connect v3 it appears that the 'pull-filter' directive is being ignored; is it deprecated?
Is there a list of supported client-side directives for both versions of OpenVPN Connect v2 and v3?

And, just to clarify, in every other respect the networking for both VPN clients seems to be working properly. I can even ping my DNS server hosted across GlobalProtect -- I just can't connect to it on port 53 when the OpenVPN Connect client is connected.

Thank you for any suggestions and assistance !

[300000]

you can add " no pull " on your client config so nothing will be push to client but you need add routing infor if there is more than subnet .add routing in for is simple as

route 192.168.10.0 255.255.255.0 vpn_gateway
route 192.168.30.0 255.255.255.0 vpn_gateway


you can add as many as you one and try it.