In this article

Use this guide to configure a full-tunnel OpenVPN connection through an AWS Access Server while allowing the Windows Roaming Client to continue filtering DNS traffic.

Background

Split-tunnel OpenVPN deployments typically work with the Windows Roaming Client when the AWS Access Server setting Do not alter clients DNS Server settings is set to Yes.

Full-tunnel deployments behave differently. When Should client internet traffic be routed through the VPN is enabled, the VPN applies DNS protections designed to prevent DNS leaks. This can override split-tunnel DNS behavior and interfere with Roaming Client filtering.

Full-tunnel configuration guidance

To support full-tunnel routing while keeping Roaming Client DNS filtering active, configure OpenVPN using the approach documented by OpenVPN for full-tunnel DNS handling.

Recommended configuration approach:

• Use the group-based method
• Set the selected group as the default for all users

After applying the OpenVPN configuration, the VPN tunnel should remain active while the Windows Roaming Client continues filtering DNS traffic as expected.