OPENVPN Client on BSD I have seen tons of stuff out there for server configs and point to point configs however getting openvpn running with multiple configs as a road warrior setup is largely missing. If you have a VPN service with dozens of servers and connect to a different one every few hours sometimes. Here's how to setup: 1. Make sure tap is loaded (kldload if_tap) typically I put it in the /boot/loader.conf if_tap_load="YES" 2. pkg install openvpn 3. modify your rc.conf as by adding the following lines: openvpn_enable="YES" openvpn_if="tap" gateway_enable="YES" 4. get config files from your provider. Put them in /usr/local/etc/openvpn. I renamed them from myconfig.ovpn to myconfig.conf example: for F in *.ovpn;do mv "$F" $(echo "$F" | sed 's/ovpn/conf/g');done 5. add a line to the top of your config files. The following line tells opvnvpn where to find your configs, scripts, ca files userpass.text files up/down scripts etc. cd /usr/local/etc/openvpn for F in *.conf;do sed -i bak '1s/^/cd \/usr\/local\/etc\/openvpn'$\n''/g' $F;rm $F.bak;done By the way that's two single quotes back to back. BSD sed doesn't like new line's and this is the only way to make it work. Every time you want to connect to a different server simply execute sudo openvpn You will be leaking DNS at this point. To prevent that is a bit more difficult. More on this in a moment I also use the openvpn-admin client to list all my vpn configs. It is not so good for building a config as it is very limited and unmaintained at this point. but it is still useful for executing them if you are using a desktop of some form. 6. pkg install openvpn-admin This must be run as root so you start it will sudo openvpn-admin&. It will put a little icon in your tool bar somewhere with all your configs listed. This will be problomatic for some x installs so make sure your sudoers config is passing x display security and information correctly. If sudoers is setup correctly you can start this little program when you log on to your window manager. OK now for the DNS leak issue: You're going to need some form of script which runs when you connect or disconnect to your vpn provider. This script will alter your dns accordingly. openvpn does come with a script in /usr/local/libexec/openvpn-client.up and openvpn-client.down. These scripts should be copied or linked to the /usr/local/etc/openvpn directory so that openvpn can find them However these scripts work by modifying your resolv.conf file. If you are using local_unbound this may not work. So you're going to need to modify them to use the resolvconf command and also reload local_unbound (if your using it) service local_unbound restart after you're done. To do this you require 2 steps. 1. Modify your config files again by adding the following lines: up 'openvpn-client.up down 'openvpn-client.down' 2. in the appropriate places in the script you need to use the resolvconf command as follows: echo -n nameserver | resolvconf -a tap0 echo -n nameserver | resolvconf -d em0 The point is that you'll use the resolvconf command to add a nameserver to your tap device and remove the default nameserver from your ethernet device Then when you are done you remove the nameserver from your tap device and add your original nameserver back to your ethernet device Finally you'll restart your local_unbound service. your vpn provider is likely using DHCP to assign you a nameserver. The default openvpn scripts pick that info up from openvpn as well as your interface. I had to modify my scripts to make them work. Happy VPN!!!!!!