# updating DNS servers in OpenVPN client session



## dch (May 4, 2020)

I've got a pretty standard desktop FreeBSD setup in my home office, with a DHCP IP & DNS. A couple of customers have OpenVPN setups to connect in with, and I need to amend my DNS servers accordingly during the session.

At present I have a Small Shell Script(tm) that updates /etc/resolv.conf before and after the connection, but is there any functionality or hooks in openvpn (or FreeBSD) to do this more tidily? Ideally openvpn could tackle this directly,but adding the appropriate "dhcp-option DNS ..." to the config hasn't helped.


----------



## zirias@ (May 4, 2020)

If you're talking about a *nix client, use e.g.

```
script-security 2
up /usr/local/libexec/openvpn-client.up
plugin openvpn-plugin-down-root.so /usr/local/libexec/openvpn-client.down
```
You can also copy these scripts to a different location if you want to be able to edit them.

A Windows client will automatically apply the DNS options you're pushing from the server.


----------



## dch (May 4, 2020)

it is a FreeBSD client, yes, sorry that's not clear. I connect from FreeBSD to their openvpn stuff. thanks for the tips wrt openvpn. I've since found resolvconf(8) which might be exactly the right thing to use here.


----------



## zirias@ (May 4, 2020)

The scripts above are packaged with openvpn and use resolvconf if present.


----------



## cybersans (Aug 23, 2021)

Zirias said:


> If you're talking about a *nix client, use e.g.
> 
> ```
> script-security 2
> ...


should that line to be put insiden *.ovpn config file?
anyway should the *.down script path is for "down"?

how about the plugin?

thanks.
sans


----------

