Enabled services: systemd-resolved
NOTE: Replace ${systemconfig} by your etc directory. I am not allowed to write this directory path due to
server policy rules I cannot change.
Assuming you have a working openvpn configuration named
${systemconfig}/openvpn/client.conf
then the only step to activate the openvpn connection is to type
systemctl start openvpn@client.service
which automatically looks for the client.conf file. If you use systemd-resolved and have
${systemconfig}/resolv.conf pointing to /run/systemd/resolve/resolv.conf, you can create a simple bash
script to temporarily overwrite the DNS entries appropriate for your VPN tunnel.
For example, you can create an executable file in ${systemconfig}/openvpn/update-systemd-resolved:
cat > ${systemconfig}/resolv.conf <<EOF
search blah.server.com server.com
nameserver xxx.yyy.zzz.vvv
EOF
with according IP addresses and search entries. Then you can use this script as a hook by
adding the following to your ${systemconfig}/openvpn/client.conf:
script-security 2
setenv PATH /usr/bin
up ${systemconfig}/openvpn/update-systemd-resolved
After starting the connection with systemctl, the name resolution should work according
to your vpn settings. After stopping the openvpn@client.service, the resolv.conf should
be automatically generated again.