Enable/disable DNS Proxy Use setting to disable DNS Proxy if your organization doesn’t want OpenVPN to protect DNS requests and use domain routing and domain filtering.
Different DNS servers can be configured for different DNS zones
Default domain suffix can be configured for Windows clients
Enable/disable SNAT Source Network Address Translation (SNAT) is helpful in remote access scenarios to simplify routing configuration on a remote site. However, it might be helpful to disable SNAT for audit purposes or for VoIP solutions that do not work correctly with SNAT.
Define custom client options that can be pushed to all clients
Ability to combine private and public DNS servers OpenVPN Cloud will automatically switch to the next server if first server cannot resolve a domain.
Network domain can have embedded IP enabled Embedded IP enabled permits you to append an IP address to a domain and resolve such domains without a DNS server configuration. For example, ssh firstname.lastname@example.org can be used to SSH into the computer with a private IP address of 192.168.1.1 on the network that is announcing the domain name of server.example.com.
Blocking rules If the Access Group configuration does not permit a resource, then the session will be dropped without waiting for the resource to time out.
Introduced Allow list functionality in the Cyber Shield Domains Filtering section that allows unblocking added domains and their subdomains. Details are here.
Introduced Block list functionality in the Cyber Shield Domains Filtering section that allows blocking the specified domains and subdomains. Details are here.
Introduced Domains' detailed reporting functionality in the Cyber Shield. It allows downloading a csv file with a list of monitored and blocked domains for all or selected category, or a user from the Top 10 dashboard when reviewing domains statistics. Details are here.
When accessing blocked domains, the ‘site not found’ web browser error page is now seen faster as the TCP connection is being reset instead of being allowed to time out