VPNing with OpenVPN and OpenResolv

Posted: 2017-03-14
Filed under: openvpn openresolv

Living in the north eastern United States means being very familiar with snow. In fact, nor'easter is nutmeg for blizzard. With that in mind, occasionally I find myself needing to work remotely. That means setting up OpenVPN, which is simple enough. Or so it seemed -- it helps to have your custom DNS entries available before you need to connect through a VPN 😛. Assuming you have that though, getting OpenVPN to play nice with OpenResolv for local DNS is actually pretty simple. Below I use three shell scripts and a custom resolv.conf file to configure access to my VPN:

#!/bin/sh openvpn --config ./my-vpn-config.ovpn --script-security 2 --up ./up.sh --down ./down.sh

This is just a simple frontend to OpenVPN. It takes in our work-provided VPN settings and tells OpenVPN to run our own custom scripts on connections coming on/offline. Note our use of --script-security 2, this allows OpenVPN to call the shell scripts we provide in the --up and --down arguments.

#!/bin/sh echo "Bringing up the tunnel DNS.." resolvconf -a tap0 <resolv.conf

After the connection is established, OpenVPN calls this up.sh script. It's just a frontend to resolvconf to add our local resolv.conf file (featured below) for the tap0 interface that OpenVPN creates to tunnel our network connection.

#!/bin/sh echo "Bringing down the tunnel DNS.." resolvconf -d tap0

Similar to our up script, this script is called when OpenVPN brings down the connection, to remove our DNS servers from resolv.conf.

search tld.here nameserver #DNS ip address 1 here nameserver #DNS ip address 2 here

This file contains the additional nameservers and the domain they correspond to.

And there you have it -- easy on/off custom DNS-servers using OpenResolv with OpenVPN. This works equally well on FreeBSD and Linux (tested with a Manjaro install). There's plenty of additional functionality in both commands, so be sure to check the docs.