Living in the north eastern United States means being very familiar with snow. In fact, nor'easter is nutmeg for blizzard. With that in mind, occasionally I find myself needing to work remotely. That means setting up OpenVPN, which is simple enough. Or so it seemed -- it helps to have your custom DNS entries available before you need to connect through a VPN 😛.

Assuming you have that though, getting OpenVPN to play nice with OpenResolv for local DNS is actually pretty simple. Below I use three shell scripts and a custom resolv.conf file to configure access to my VPN:

openvpn --config ./my-vpn-config.ovpn \
 --script-security 2 \
 --up ./up.sh \
 --down ./down.sh

This is just a simple frontend to OpenVPN. It takes in our work-provided VPN settings and tells OpenVPN to run our own custom scripts on connections coming on/offline. Note our use of --script-security 2, this allows OpenVPN to call the shell scripts we provide in the --up and --down arguments.

#!/bin/sh
echo "Bringing up the tunnel DNS.."
resolvconf -a tap0 <resolv.conf

After the connection is established, OpenVPN calls this up.sh script. It's just a frontend to resolvconf to add our local resolv.conf file (featured below) for the tap0 interface that OpenVPN creates to tunnel our network connection.

echo "Bringing down the tunnel DNS.."
resolvconf -d tap0

Similar to our up script, this script is called when OpenVPN brings down the connection, to remove our DNS servers from resolv.conf.

nameserver 0.0.0.0 #DNS ip address 1 here
nameserver 0.0.0.0 #DNS ip address 2 here

And there you have it -- easy on/off custom DNS-servers using OpenResolv with OpenVPN. This works equally well on FreeBSD and Linux (tested with a Manjaro install). There's plenty of additional functionality in both commands, so be sure to check the docs.