ColinTaylor
Part of the Furniture
It's not a matter of "respecting" the dnsmasqs flag. As I said above, when you're using conditional routing for the VPN clients and a dedicated VPN DNS server it doesn't use dnsmasq at all. The only scenario where this worked in the past (with policy routing) was a special case where ALL LAN clients were being directed through the tunnel. For this to work with selective VPN clients you would need to run a separate instance of dnsmasq just for the VPN tunnel.Now it is a matter of finding how to get OVPN traffic to also sendadd-mac and add-subnet
and respect the dnsmasq flags.