08 Jun 2025

Proton VPN on OpenBSD

Use Proton VPN on OpenBSD

Me

489 Words 2 Minutes, 13 Seconds

08 Jun 2025

Using Proton VPN on OpenBSD

Proton VPN is available for several operating systems, but OpenBSD isn't supported. By updating the configuration it is possible to use Proton VPN on OpenBSD.

Tested on OpenBSD 7.6.

Web browsing only

Proton VPN offers a browser extension, available for Firefox and Chromium. With this extension it's possible to browse the Web using the VPN.

Just install the extension, login, and select the server.

Complete VPN experience

Downloading the OpenVPN files

On the Proton VPN Web application, the OpenVPN (.ovpn) file(s) are available for several operating systems. Download the ones for GNU / Linux.

Issue with the configuration files

The OpenVPN files provided by Proton depend on the `openvpn-update-resolv-conf` script, which isn't compatible with OpenBSD.

The script reads the "dhcp-option" sent by the VPN server, like the nameserver to use. It's not mandatory, so the lines calling the openvpn-update-resolv-conf script could be removed, but it's usually better to use the nameserver given by the VPN server.

Modified version of openvpn-update-resolv-conf

The following script is a modified version of openvpn-update-resolv-conf, which sets the nameserver from the options given by the VPN server.

Don't forget to change the value of the variables "iface" and "nserver" before saving it.

Note: it has been tested with `resolvd` enabled.

  #!/usr/bin/env bash
  #
  # Parses DHCP options from openvpn to update resolv.conf
  # To use set as 'up' and 'down' script in your openvpn *.conf:
  # up /etc/openvpn/update-resolv-conf
  # down /etc/openvpn/update-resolv-conf
  #
  # Used snippets of resolvconf script by Thomas Hood <jdthood@yahoo.co.uk>
  # and Chris Hanson
  # Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL.
  # 07/2013 colin@daedrum.net Fixed intet name
  # 05/2006 chlauber@bnc.ch
  #
  # Example envs set from openvpn:
  # foreign_option_1='dhcp-option DNS 193.43.27.132'
  # foreign_option_2='dhcp-option DNS 193.43.27.133'
  # foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
  # foreign_option_4='dhcp-option DOMAIN-SEARCH bnc.local'

  # The network interface used to access the Internet.
  # Needed to configure the nameserver.
  iface='CHANGE-ME' # e.g.: iwm0
  # The nameserver to set when disconnecting from the VPN.
  nserver='CHANGE-ME' # e.g.: 9.9.9.9

  case $script_type in

  up)
	for optionname in ${!foreign_option_*} ; do
	  option="${!optionname}"
	  echo $option
	  part1=$(echo "$option" | cut -d " " -f 1)
	  if [ "$part1" == "dhcp-option" ] ; then
		part2=$(echo "$option" | cut -d " " -f 2)
		part3=$(echo "$option" | cut -d " " -f 3)
		if [ "$part2" == "DNS" ] ; then
			/sbin/route nameserver $iface $part3
		fi
	  fi
	done

	;;
  down)
	  /sbin/route nameserver $iface $nserver
	;;
  esac

  # Workaround / jm@epiclabs.io
  # force exit with no errors. Due to an apparent conflict with the Network Manager
  # $RESOLVCONF sometimes exits with error code 6 even though it has performed the
  # action correctly and OpenVPN shuts down.
  exit 0

Use the modified script

The OpenVPN configuration files run the script from the `/etc/openvpn/` directory, which doesn't exist in OpenBSD.

Edit the lines calling the script to replace the invalid path with the one of the modified script.