Our Support Engineers worked with a customer to setup a full tunnel OpenVPN connection with a AWS Access Server that allows the Roaming Client to continue filtering DNS traffic. We wanted to share what worked for them to our community to help with other's environment configurations. 

OpenVPN users typically opt to setup a split tunnel connection to keep the DNSFilter agent running while connected to the VPN. When configuring OpenVPN through an AWS Access Server, simply set Do not alter clients DNS Server settings to "Yes" and the connection will work. 

However, in full tunnel connection, the setting Should client internet traffic be routed through the VPN voids the split tunnel setting to not alter the client settings. This is by design for security reasons to avoid DNS local IP leaks. 

Full tunnel OpenVPN + Roaming Client setup

Circumvent the default full tunnel behavior to have both the VPN and agent function properly at the same time. OpenVPN documented this process in their support content.

We recommend using the group method and set the group area as default for all users. 

🧐 Work with OpenVPN and have a different solution? Tell us in the comments below!