just to share /etc/openvpn folder:
$ ls -l /etc/openvpn
total 56
drwxr-xr-x 2 root root 4096 May 14 2021 client
-rwxr-xr-x 1 root root 2812 Apr 27 12:07 connman-update-resolv
-rw-r–r-- 1 osmc osmc 6453 Apr 25 20:35 evpn_ch_2.conf
-rw-r–r-- 1 osmc osmc 6443 Apr 25 14:12 evpn_de_n.conf
-rw-r–r-- 1 osmc osmc 6492 Apr 27 11:58 evpn_it_cs.conf
lrwxrwxrwx 1 root root 15 Apr 25 20:36 evpn_myproxy.conf → evpn_it_cs.conf
-r-------- 1 osmc osmc 50 Dec 31 2019 login.conf
drwxr-xr-x 2 root root 4096 May 14 2021 server
lrwxrwxrwx 1 root root 21 Apr 27 12:20 update-resolv-conf → connman-update-resolv
-rwxr-xr-x 1 root root 1468 May 14 2021 update-resolv-conf.orig
-rwxr-xr-x 1 osmc osmc 2324 Apr 26 14:22 update-resolv-conf.sh
$

Three resolv-conf files are availble selected with a link named: update-resolv-conf to keep it standard.
Your file: connman-update-resolv being used here.

export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin are duplicated. Remove the line?

IFACE=$(connmanctl services | awk ‘/*AR Wired/ {print $NF}’) to avoid an Error
should contain *AO instead *AR, right ?

In the configuration file I commented : #down-pre .

After stopping openvpn with: systemctl stop openvpn@evpn_myproxy would be possile proceeding:
# systemctl enable openvpn@evpn_myproxy, Reboot and see if the connection is up?

BR, Aldo

Hi,

No this is required as OpenVPN runs scripts in a restricted environment, where PATH may be minimal or missing important dirs like /usr/sbin. Tools like:

• connmanctl
• cp
• sed

No this is correct in the script, see:-

# connmanctl services   
*AR Wired                ethernet_94cc04600274_cable

I’ll update post above, as sudo systemctl edit openvpn@evpn_myproxy should have been sudo systemctl start openvpn@evpn_myproxy. But to test this is working the connection needs to be up when rebooting. Running sudo systemctl stop openvpn@evpn_myproxy has been working as expected as the non vpn dns severs are restored to resolv.conf, but this wasn’t working on shutdown or reboot.

script-security 2                                               
up /etc/openvpn/update-resolv-conf 
down /etc/openvpn/update-resolv-conf

Regards Tom.

I get a different output:

connmanctl services

*AO Wired ethernet_94cc04600f9c_cable
f#

I see.

Started vpn with new update file:

systemctl start openvpn@evpn_myproxy

$ curl ifconfig.me; echo
2.57.170.84
$
$ systemctl status openvpn@evpn_myproxy

• openvpn@evpn_myproxy.service - OpenVPN connection to evpn_myproxy
  Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled-runtime; vendor preset: enabled)
  Active: active (running) since Mon 2026-04-27 16:54:47 CEST; 2min 56s ago
  Docs: man:openvpn(8)
  https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
  https://community.openvpn.net/openvpn/wiki/HOWTO
  Main PID: 31997 (openvpn)
  Status: “Initialization Sequence Completed”
  Tasks: 1 (limit: 3660)
  Memory: 1.4M
  CGroup: /system.slice/system-openvpn.slice/openvpn@evpn_myproxy.service
  `-31997 /usr/sbin/openvpn --daemon ovpn-evpn_myproxy --status /run/openvpn/evpn_myproxy.status 10 --cd /etc/openvpn --config /etc/openvpn/evpn_myproxy.conf --writepid /run/openvpn/evpn_myproxy.pid

Apr 27 16:54:48 osmc ovpn-evpn_myproxy[31997]: net_iface_mtu_set: mtu 1500 for tun0
Apr 27 16:54:48 osmc ovpn-evpn_myproxy[31997]: net_iface_up: set tun0 up
Apr 27 16:54:48 osmc ovpn-evpn_myproxy[31997]: net_addr_v4_add: 10.82.0.3/16 dev tun0
Apr 27 16:54:48 osmc ovpn-evpn_myproxy[31997]: /etc/openvpn/update-resolv-conf tun0 1500 1629 10.82.0.3 255.255.0.0 init
Apr 27 16:54:48 osmc openvpn[32019]: Error ‘config’: Invalid argument
Apr 27 16:54:48 osmc openvpn[31999]: no domain pushed from VPN
Apr 27 16:54:50 osmc ovpn-evpn_myproxy[31997]: net_route_v4_add: 213.21.226.195/32 via 192.168.1.1 dev [NULL] table 0 metric -1
Apr 27 16:54:50 osmc ovpn-evpn_myproxy[31997]: net_route_v4_add: 0.0.0.0/1 via 10.82.0.1 dev [NULL] table 0 metric -1
Apr 27 16:54:50 osmc ovpn-evpn_myproxy[31997]: net_route_v4_add: 128.0.0.0/1 via 10.82.0.1 dev [NULL] table 0 metric -1
Apr 27 16:54:50 osmc ovpn-evpn_myproxy[31997]: Initialization Sequence Completed
$

Apr 27 16:54:48 osmc openvpn[32019]: Error ‘config’: Invalid argument

I changed *AR with *AO, error disappeared.

Apr 27 16:54:48 osmc openvpn[31999]: no domain pushed from VPN
what might be the cause for this ?

Upon stop DNS returned to lacal.

systemctl stop openvpn@evpn_myproxy

$ curl ifconfig.me; echo
84.155.209.131
$

Start / Stop is working with the connman-update-resolv file.

BR, Aldo

Hi,

But does it work with a reboot?

Ok thanks for pointing this out, I’ll get it fixed. This is fixed, please use the latest version of connman-update-resolv

You can ignore this, one of of the dchp-options may push (unlikely) is domain, in your case it doesn’t.

Regards Tom.

systemctl stop openvpn@evpn_myproxy

$ cat /etc/resolv.conf | grep nameserver | awk ‘{print $2}’
192.168.1.1
$
$ curl ifconfig.me; echo
84.155.209.131
$

Reboot

$ cat /etc/resolv.conf | grep nameserver | awk ‘{print $2}’
10.15.0.1

I had to reset back the DNS server manually.
In a previous try I found this file, which I deleted:

rm /etc/resolv.confn

I supposed, rebooting with no vpn active, wouldn’t change /etc/resolv.conf and not add any resolv files.

BR, Aldo

Hi,

Did you follow all the steps above?

Including:-

Regards Tom.

nope, I don’t like Emacs
Well, with some research, I could paste the lines.

No succes however.

After Reboot:

$ cat /etc/systemd/system/openvpn@evpn_myproxy.service.d/override.conf; echo
[Service]
ExecStartPre=-/bin/cp /etc/resolv.conf.connman-backup /etc/resolv.conf
$
$ cat /etc/resolv.conf | grep nameserver | awk ‘{print $2}’
10.15.0.1
$

Resetting back the dns server address was necessary again.

sed -in ‘s/10.15.0.1/192.168.1.1/’ /etc/resolv.conf

$ curl ifconfig.me; echo
84.155.209.131
$

BR, Aldo

Hi,

The default on osmc is nano.
Please

post the output of of systemctl status openvpn@evpn_myproxy.service

Ignore that, i can see it in the above post.

I may need to update the above instructions. But please try the following:-

sudo systemctl stop openvpn@evpn_myproxy

confirm /etc/resolv.conf is the none vpn dns servers (looks like its should be 192.168.1.1)
Then:-

sudo rm /etc/resolv.conf.connman-backup
sudo systemctl start openvpn@evpn_myproxy

Confirm the contents of /etc/resolv.conf (should be the vpn providers ones)
Confirm the contents of /etc/resolv.conf.connman-backup (should be 192.168.1.1).

If that is correct, then reboot.

Regards Tom.

The default on osmc is nano.
Anyway, systemctl edit brings emacs, perhaps a default editor setting is missing.

sudo systemctl stop openvpn@evpn_myproxy
is already stopped.

sudo rm /etc/resolv.conf.connman-backup
File was not created.

sudo systemctl start openvpn@evpn_myproxy
$ cat /etc/resolv.conf | grep nameserver | awk ‘{print $2}’
192.168.1.1
$
$ cat /etc/resolv.conf.connman-backup | grep nameserver | awk ‘{print $2}’
192.168.1.1
$

Confirm the contents of /etc/resolv.conf (should be the vpn providers ones)
Confirm the contents of /etc/resolv.conf.connman-backup (should be 192.168.1.1).
/etc/resolv.conf wasn’t changed.
/etc/resolv.conf.connman-backup created, contains the direct dns address.

BR, Aldo

$ l /etc/res*
-rw-r–r-- 1 root root 500 Jan 2 2021 /etc/resolvconf.conf
-rw-r–r-- 1 root root 55 Apr 27 19:47 /etc/resolv.confn
-rw-r–r-- 1 root root 57 Apr 27 19:57 /etc/resolv.conf.connman-backup
-rw-r–r-- 1 root root 57 Apr 27 19:57 /etc/resolv.conf
$
$ cat /etc/resolv.confn | grep nameserver | awk ‘{print $2}’
10.15.0.1
$

It seems, with reboot, 10 m earlier, /etc/resolv.confn was created with the vpn dns addrss.
/etc/resolv.conf seems to have been rewritten, but with the direct dns.

BR, Aldo

Hi,

So with the vpn up, its still showing your local dns servers rather than the VPN one.

Where does /etc/resolv.confn come from? This isn’t is part of the script I’ve provided.

You seem to have a very mixed setup here.

Regards Tom.

So with the vpn up, its still showing your local dns servers rather than the VPN one.
Right, however, checking with osmc the vpn dns is shown and the vpn connection ist established.

Where does /etc/resolv.confn come from? This isn’t is part of the script I’ve provided..
Don’t know. It’s created on startup anyway. It might be an error, additional n somwhere.
The Address written in the file is indeed the vpn dns. Perhaps it’s intended to be written
in the right file, instead a new one with a wrong name is created?

Btw, I checked the default editor: it is nano, just looking similar to Emacs.
I’m used to vi end NEdit on Unix, never using all others: pico, nano and emacs,fused.

Just issued systemctl stop, None of the resolv files has been touched,
However Kodi works normally with internet. The network setup still showing the vpn dns though.
Where does osmc get the dns from?

BR, Aldo

HI,

I’ve rewritten to the script to use connman to determine the the non vpn dns servers. The script can be reviewed here

I suggest you start with a clean environment, so remove all update-resolv-conf (including symlink to connman-update-resolv), and actually use the following in your conf file so its less confusing:-

script-security 2                                               
up /etc/openvpn/connman-update-resolv 
down /etc/openvpn/connman-update-resolv

Also remove /etc/resolv.confn, I don’t know where that came from.

Please follow the below:-

# clean up
sudo rm /etc/openvpn/connman-update-resolv 
sudo rm /etc/resolv.conf.connman-backup

# download new script and set permissions

cd /etc/openvpn
sudo wget https://raw.githubusercontent.com/tomdoyle87/bash-scripts/main/connman-update-resolv
sudo chmod u+x connman-update-resolv

# make sure your vpn configuration file contains
script-security 2                                               
up /etc/openvpn/connman-update-resolv 
down /etc/openvpn/connman-update-resolv

# Systemd override should now contain:-

[Service]
ExecStartPre=/bin/sh -c "IFACE=$(connmanctl services | sed -n \"s/^\\*.* \\([^ ]*\\)$/\\1/p\"); if [ -n \"$IFACE\" ] && [ -f /etc/openvpn/pre-vpn-dns ]; then PRE_VPN_DNS=$(cat /etc/openvpn/pre-vpn-dns); connmanctl config \"$IFACE\" --nameservers $PRE_VPN_DNS; fi"

# Now make sure systemd can see the override by issuing:-

`sudo systemctl daemon-reload` 

# Now we do some sense checking before we reboot
sudo systemctl stop openvpn@evpn_myproxy

Lets make sure connman has the correct dns servers, you can do this with:-

IFACE=$(connmanctl services | awk ‘/^\*/ {print $NF; exit}’)
connmanctl services “$IFACE”
| sed -n ‘s/.*Nameservers.Configuration = \[(.*)\].\*/\\1/p’
| tr -d ‘,’
| xargs

If they are wrong ones, set it with connman so for example:-

connmanctl config "$IFACE" --nameservers 192.168.1.1

Lets start the service:-

sudo systemctl start openvpn@evpn_myproxy

Check the vpn is up and working. If it isn't stop the service and start openvpn with config manually and check for errors. Check /etc/resolv.conf.connman-backup exists and contains the pre-vpn dns servers, any issues with this check the status for errors:-

 systemctl status openvpn@evpn_myproxy

I'd do a few stops, starts and restarts of the service and make sure everything is working as expected. 

Now lets let if it survives a reboot. I'd try with both the vpn up and down. Make sure the service is enabled before restarting. 

Same caveat as before though, if you ever change the dns servers the vero uses when not connected to vpn, either via MyOSMC or manually (use connmanctl config), you need to remove /etc/resolv.conf.connman-backup so:-

sudo rm /etc/resolv.conf.connman-backup

Then restart the openvpn@ service (don’t reboot before this), so a /etc/resolv.conf.connman-backup can be generated.

Regards Tom.

repeated start / stop successfully,
resolv.conf and resolv.conf.connman-backup always with correct content.
/etc/resolv.confn is no longer appearing.
Reboot with vpn Active and Inactive: Restart, in both cases with vpn Inactive and correct dns.

Manually Start / Stop via sytemctl should be working now.

Appreciate your work.

BR, Aldo

Hi,

So on startup you now have your lan dns (I think in your case 192.168.1.1) , but the VPN still doesn’t connect.

Is the service enabled?

What’s the the output of, on startup with the failed connection:

systemctl status openvpn@evpn_myproxy

Also checking journalctl for errors my give some insight, for you could:-

journalctl | grep vpn |less

Regards Tom.

after Restart, the device is correctly connected to internet with local dns: 192.168.1.1.
I didn’t try enable for now.

BR, Aldo

enable / disable seems to work correctly.
Upon disable and Reboot the device return to local dns and Kodi works with internet.

enable / disable procedure:

Stopped Service

systemctl stop openvpn@evpn_myproxy

Reboot

$ systemctl status openvpn@evpn_myproxy

• openvpn@evpn_myproxy.service - OpenVPN connection to evpn_myproxy
  Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/openvpn@evpn_myproxy.service.d
  -override.conf Active: active (running) since Wed 2026-04-29 14:21:31 CEST; 1min 45s ago Docs: man:openvpn(8) https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage https://community.openvpn.net/openvpn/wiki/HOWTO Process: 2535 ExecStartPre=/bin/sh -c IFACE=$(connmanctl services | sed -n "s/^\*.* \([^ ]*\)$/\1/p"); if [ -n "$IFACE" ] && [ -f /etc/openvpn/pre-vpn-dns ]; then PRE_VPN_DNS=$(cat /etc/openvpn/pre-vpn-dns)> Main PID: 2667 (openvpn) Status: "Initialization Sequence Completed" Tasks: 1 (limit: 3660) Memory: 3.3M CGroup: /system.slice/system-openvpn.slice/openvpn@evpn_myproxy.service -2667 /usr/sbin/openvpn --daemon ovpn-evpn_myproxy --status /run/openvpn/evpn_myproxy.status 10 --cd /etc/openvpn --config /etc/openvpn/evpn_myproxy.conf --writepid /run/openvpn/evpn_myproxy.pid

Apr 29 14:21:39 osmc ovpn-evpn_myproxy[2667]: ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=94:cc:04:60:0f:9c
Apr 29 14:21:39 osmc ovpn-evpn_myproxy[2667]: TUN/TAP device tun0 opened
Apr 29 14:21:39 osmc ovpn-evpn_myproxy[2667]: net_iface_mtu_set: mtu 1500 for tun0
Apr 29 14:21:39 osmc ovpn-evpn_myproxy[2667]: net_iface_up: set tun0 up
Apr 29 14:21:39 osmc ovpn-evpn_myproxy[2667]: net_addr_v4_add: 10.143.0.6/16 dev tun0
Apr 29 14:21:39 osmc ovpn-evpn_myproxy[2667]: /etc/openvpn/update-resolv-conf tun0 1500 1629 10.143.0.6 255.255.0.0 init
Apr 29 14:21:41 osmc ovpn-evpn_myproxy[2667]: net_route_v4_add: 141.11.36.160/32 via 192.168.1.1 dev [NULL] table 0 metric -1
Apr 29 14:21:41 osmc ovpn-evpn_myproxy[2667]: net_route_v4_add: 0.0.0.0/1 via 10.143.0.1 dev [NULL] table 0 metric -1
Apr 29 14:21:41 osmc ovpn-evpn_myproxy[2667]: net_route_v4_add: 128.0.0.0/1 via 10.143.0.1 dev [NULL] table 0 metric -1
Apr 29 14:21:41 osmc ovpn-evpn_myproxy[2667]: Initialization Sequence Completed
$

$ connmanctl services
*AO Wired ethernet_94cc04600f9c_cable
$ connmanctl services ethernet_94cc04600f9c_cable
/net/connman/service/ethernet_94cc04600f9c_cable
Type = ethernet
Security = [ ]
State = online
Favorite = True
Immutable = False
AutoConnect = True
Name = Wired
Ethernet = [ Method=auto, Interface=eth0, Address=94:CC:04:60:0F:9C, MTU=1500 ]
IPv4 = [ Method=manual, Address=192.168.1.25, Netmask=255.255.255.0, Gateway=192.168.1.1 ]
IPv4.Configuration = [ Method=manual, Address=192.168.1.25, Netmask=255.255.255.0, Gateway=192.168.1.1 ]
IPv6 = [ ]
IPv6.Configuration = [ Method=off ]
Nameservers = [ 10.143.0.1 ]
Nameservers.Configuration = [ 10.143.0.1 ]
Timeservers = [ ]
Timeservers.Configuration = [ ]
Domains = [ ]
Domains.Configuration = [ ]
Proxy = [ Method=direct ]
Proxy.Configuration = [ ]
mDNS = False
mDNS.Configuration = False
Provider = [ ]
$

Disabled Service

systemctl disable openvpn@evpn_myproxy

Reboot
$ systemctl status openvpn@evpn_myproxy

• openvpn@evpn_myproxy.service - OpenVPN connection to evpn_myproxy
  Loaded: loaded (/lib/systemd/system/openvpn@.service; enabled-runtime; vendor preset: enabled)
  Drop-In: /etc/systemd/system/openvpn@evpn_myproxy.service.d
  `-override.conf
  Active: inactive (dead)
  Docs: man:openvpn(8)
  https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
  https://community.openvpn.net/openvpn/wiki/HOWTO
  $
  $ connmanctl services
  *AO Wired ethernet_94cc04600f9c_cable
  $ connmanctl services ethernet_94cc04600f9c_cable
  /net/connman/service/ethernet_94cc04600f9c_cable
  Type = ethernet
  Security = [ ]
  State = online
  Favorite = True
  Immutable = False
  AutoConnect = True
  Name = Wired
  Ethernet = [ Method=auto, Interface=eth0, Address=94:CC:04:60:0F:9C, MTU=1500 ]
  IPv4 = [ Method=manual, Address=192.168.1.25, Netmask=255.255.255.0, Gateway=192.168.1.1 ]
  IPv4.Configuration = [ Method=manual, Address=192.168.1.25, Netmask=255.255.255.0, Gateway=192.168.1.1 ]
  IPv6 = [ ]
  IPv6.Configuration = [ Method=off ]
  Nameservers = [ 192.168.1.1 ]
  Nameservers.Configuration = [ 192.168.1.1 ]
  Timeservers = [ ]
  Timeservers.Configuration = [ ]
  Domains = [ ]
  Domains.Configuration = [ ]
  Proxy = [ Method=direct ]
  Proxy.Configuration = [ ]
  mDNS = False
  mDNS.Configuration = False
  Provider = [ ]
  $

/etc/systemd/system/openvpn@evpn_myproxy.service.d/override.conf
is this file necessary?
Can you elaborate a bit about the purpose of it?
tia, Aldo

Hi,

Its a fallback if the down script doesn’t restore the correct DNS on shutdown.

So you may have scenerio during a shutdown or a reboot, that openvpn attempts to restore the prevpn dns, but it is unable to complete due to the connman service already being down.

So the the override restores the pre-vpn dns from /etc/resolv.conf.connman-backup on startup before bringing up the vpn connection.

By all means if you finding the down script is now running correctly on shutdown and reboot, then remove the override.

Regards Tom.

thanks Tom.
Removed. enable, reboot / disable, reboot working correctly.

rm /etc/systemd/system/openvpn@evpn_myproxy.service.d/override.conf

BR, Aldo