I have an Widows 2012 R2 server.
IT is always connected to a VPN
I run IIS for a couple of internal websites (These are not internet facing).
Most PCs on the network are permanently connected to a VPN.

Recently I found that we have DNS leaks. Where the PCs local adapter is configured with the VPN's DNS servers we hit a transparent DNS Proxy run by the ISP. To fix this we use the openVPN directive block-outside-dns...