However, the DNS setting does not work as the local domains cannot be found. Strangely the external domains work even while I disabled the DNS backup option in the client.
Here is my setup:
Server:
Local IP of the OpenVPN Server: 10.27.0.40
Synology DSM version: DSM 7.0.1-42218 Update 3
Clients:
iOS version: 15.4
openvpn.conf
push "route 10.27.0.0 255.255.255.0"
push "route 10.8.0.0 255.255.255.0"
dev tun
management /var/run/openvpn.sock unix
server 10.8.0.0 255.255.255.0
dh /var/packages/VPNCenter/target/etc/openvpn/keys/dh3072.pem
ca /var/packages/VPNCenter/target/etc/openvpn/keys/ca.crt
cert /var/packages/VPNCenter/target/etc/openvpn/keys/server.crt
key /var/packages/VPNCenter/target/etc/openvpn/keys/server.key
max-clients 10
comp-lzo
persist-tun
persist-key
verb 3
#log-append /var/log/openvpn.log
keepalive 10 60
reneg-sec 0
plugin /var/packages/VPNCenter/target/lib/radiusplugin.so /var/packages/VPNCenter/target/etc/openvpn/radiusplugin.cnf
client-cert-not-required
username-as-common-name
duplicate-cn
status /tmp/ovpn_status_2_result 30
status-version 2
proto udp6
port 1194
cipher AES-256-CBC
auth SHA512
mssfix 1450
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.27.0.40"
client log:
Sorry that I can't get oconf and olog tags work.2022-03-21 00:37:18 1
2022-03-21 00:37:18 ----- OpenVPN Start -----
OpenVPN core 3.git::58b92569 ios arm64 64-bit
2022-03-21 00:37:18 OpenVPN core 3.git::58b92569 ios arm64 64-bit
2022-03-21 00:37:18 Frame=512/2048/512 mssfix-ctrl=1250
2022-03-21 00:37:18 UNUSED OPTIONS
1 [tls-client]
4 [register-dns]
5 [block-outside-dns]
6 [pull]
8 [script-security] [2]
2022-03-21 00:37:18 EVENT: RESOLVE
2022-03-21 00:37:18 Contacting [[IP omitted for privacy]]:1194/UDP via UDP
2022-03-21 00:37:18 EVENT: WAIT
2022-03-21 00:37:18 Connecting to [[Domain omitted for privacy]]:1194 ([IP omitted for privacy]) via UDPv4
2022-03-21 00:37:18 EVENT: CONNECTING
2022-03-21 00:37:18 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client
2022-03-21 00:37:18 Creds: Username/Password
2022-03-21 00:37:18 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=ios
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
IV_SSO=openurl
2022-03-21 00:37:18 VERIFY OK: depth=2, /C=US/O=Internet Security Research Group/CN=ISRG Root X1
2022-03-21 00:37:18 VERIFY OK: depth=1, /C=US/O=Let's Encrypt/CN=R3
2022-03-21 00:37:18 VERIFY OK: depth=0, /CN=<Domain omitted for privacy>
2022-03-21 00:37:18 SSL Handshake: CN=<Domain omitted for privacy>, TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
2022-03-21 00:37:18 Session is ACTIVE
2022-03-21 00:37:18 EVENT: GET_CONFIG
2022-03-21 00:37:18 Sending PUSH_REQUEST to server...
2022-03-21 00:37:18 OPTIONS:
0 [redirect-gateway] [def1]
1 [route] [10.27.0.0] [255.255.255.0]
2 [route] [10.8.0.0] [255.255.255.0]
3 [redirect-gateway] [def1] [bypass-dhcp]
4 [dhcp-option] [DNS] [10.27.0.40]
5 [route] [10.8.0.1]
6 [topology] [net30]
7 [ping] [10]
8 [ping-restart] [60]
9 [ifconfig] [10.8.0.6] [10.8.0.5]
2022-03-21 00:37:18 PROTOCOL OPTIONS:
cipher: AES-256-CBC
digest: SHA512
compress: LZO_STUB
peer ID: -1
2022-03-21 00:37:18 EVENT: ASSIGN_IP
2022-03-21 00:37:18 NIP: preparing TUN network settings
2022-03-21 00:37:18 NIP: init TUN network settings with endpoint: <IP omitted for privacy>
2022-03-21 00:37:18 NIP: adding IPv4 address to network settings 10.8.0.6/255.255.255.252
2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.4/30
2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.27.0.0/24
2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.0/24
2022-03-21 00:37:18 NIP: adding (included) IPv4 route 10.8.0.1/32
2022-03-21 00:37:18 NIP: redirecting all IPv4 traffic to TUN interface
2022-03-21 00:37:18 NIP: adding DNS 10.27.0.40
2022-03-21 00:37:18 Connected via NetworkExtensionTUN
2022-03-21 00:37:18 LZO-ASYM init swap=0 asym=1
2022-03-21 00:37:18 Comp-stub init swap=0
2022-03-21 00:37:18 EVENT: CONNECTED <user@domain omitted for privacy>:1194 (<IP omitted for privacy>) via /UDPv4 on NetworkExtensionTUN/10.8.0.6/ gw=[/]