OpenVPN + DNSCrypt and Unbound traffic (Debian)

conf.sh

# Unbound configuration file for Debian.
# See the unbound.conf(5) man page.
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.

server:
    # The following line will configure unbound to perform cryptographic
    # DNSSEC validation using the root trust anchor.
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
server:
   # access-control: 10.8.0.0/24 allow
    logfile: "/var/log/unbound.log"
    log-time-ascii: yes
    module-config: "iterator"
    do-not-query-localhost: no
    interface: 127.0.0.1
    interface: 10.8.0.1
    access-control: 127.0.0.1 allow
    access-control: 10.8.0.1/24 allow
forward-zone:
   name: "."
   forward-addr: 127.0.0.1@40
   forward-first: no

remote-control:
       control-enable: no

dnscryptinit.d

#! /bin/sh
### BEGIN INIT INFO
# Provides: dnscrypt-proxy
# Required-Start: $local_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: dnscrypt-proxy
# Description: dnscrypt-proxy secure DNS client
### END INIT INFO
PATH=/usr/sbin:/usr/bin:/sbin:/bin
DAEMON=/usr/local/sbin/dnscrypt-proxy
NAME=dnscrypt-proxy
case "$1" in
start)
echo "Starting $NAME"

/usr/local/sbin/dnscrypt-proxy --local-address=127.0.0.1:40 --edns-payload-size=4096 --pidfile=/run/dnscrypt/dnscrypt-proxy.pid --logfile=/var/log/dnscrypt-proxy.log --user=dnscrypt -R opendns --daemonize

;;
stop)
echo "Stopping $NAME"
pkill -f $DAEMON
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: /etc/init.d/dnscrypt-proxy {start|stop|restart}"
exit 1
;;
esac

gistfile1.txt

# Update main settings 
update-rc.d dnscrypt-proxy defaults

iptables

iptables -A INPUT -s 10.8.0.0/24 -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -s 10.8.0.0/24 -p udp -m udp --dport 53 -j ACCEPT

querycheck

ls -la /run/dnscrypt

resolv.conf

nameserver 127.0.0.1

server.conf

push "dhcp-option DNS 10.8.0.1"

worksornot

dig @10.8.0.1 google.com