Windows 10 connected to VPN: DNS issue and solution

We use OpenVPN to connect to some resources in AWS private subnets.
It works as expected on macOS, iOS, and even on old Windows 7, but not on Windows 10.
In case of Windows 10 when you’re connected to VPN (doesn’t matter OpenVPN, L2TP or even PPTP) you will still get responses from DNS server which is set on your Ethernet (or WiFi) adapter.

block-outside-dns option for OpenVPN didn’t fix this problem and I decided to provide solution for all VPN types, so here it is:

<#	
	.NOTES
	===========================================================================
	 Created on:   	Jan 2017
	 Created by:   	Dmitriy Kagarlickij
	 Contact: 	    dmitriy@kagarlickij.com
	===========================================================================
	.DESCRIPTION
		This script should be executing with Administrator-level permissions
#>

$mainIfName = "Ethernet"
$vpnIfDescription = "TAP-Windows Adapter*"

$mainIfIndex = $((Get-NetAdapter | Where-Object {$_.Name -eq $mainIfName}).ifIndex)
$vpnIfIndex = $((Get-NetAdapter | Where-Object {$_.InterfaceDescription -like $vpnIfDescription}).ifIndex)

$mainIfMetric = $((Get-NetIPInterface | Where-Object {$_.ifIndex -eq $mainIfIndex -and $_.AddressFamily -eq 'IPv4'}).InterfaceMetric)
$vpnIfMetric = $((Get-NetIPInterface | Where-Object {$_.ifIndex -eq $vpnIfIndex -and $_.AddressFamily -eq 'IPv4'}).InterfaceMetric) 

if ($vpnIfMetric -ge $mainIfMetric) {
    Write-Output "VPN DNS will be fixed now"
    Set-NetIPInterface -InterfaceIndex $vpnIfIndex -InterfaceMetric $($mainIfMetric-5)

    $mainIfMetric = $((Get-NetIPInterface | Where-Object {$_.ifIndex -eq $mainIfIndex -and $_.AddressFamily -eq 'IPv4'}).InterfaceMetric) 
    $vpnIfMetric = $((Get-NetIPInterface | Where-Object {$_.ifIndex -eq $vpnIfIndex -and $_.AddressFamily -eq 'IPv4'}).InterfaceMetric) 

    if ($vpnIfMetric -lt $mainIfMetric) {
        Write-Output "VPN DNS has been fixed successfully"
    } else {
        Write-Output "VPN DNS has been fixed with error"
    }

} else {
    Write-Output "VPN DNS is ok"
}

You only have to fulfill variables mainIfName and vpnIfDescription with values relevant to your Windows installation:

I hope this info will be useful for you, and if you need any help feel free to use contact formĀ on the main page.