diff --git a/files/etc/openvpn/mullvad.conf b/files/etc/openvpn/mullvad.conf
index a438799..a7b0003 100644
--- a/files/etc/openvpn/mullvad.conf
+++ b/files/etc/openvpn/mullvad.conf
@@ -37,6 +37,7 @@ script-security 2
 # Parses DHCP options from openvpn to update resolv.conf
 route-noexec
 up    /etc/openvpn/mullvad/mullvad-up
+down  /etc/openvpn/update-dnsmasq-forward
 
 ping 10
 
diff --git a/files/etc/openvpn/update-dnsmasq-forward b/files/etc/openvpn/update-dnsmasq-forward
new file mode 100755
index 0000000..eb57a81
--- /dev/null
+++ b/files/etc/openvpn/update-dnsmasq-forward
@@ -0,0 +1,56 @@
+#!/bin/bash
+# 
+# Parses DHCP options from openvpn to update resolv.conf
+# To use set as 'up' and 'down' script in your openvpn *.conf:
+# up /etc/openvpn/update-resolv-conf
+# down /etc/openvpn/update-resolv-conf
+#
+# Used snippets of resolvconf script by Thomas Hood and Chris Hanson.
+# Licensed under the GNU GPL.  See /usr/share/common-licenses/GPL. 
+# 
+# Example envs set from openvpn:
+#
+#     foreign_option_1='dhcp-option DNS 193.43.27.132'
+#     foreign_option_2='dhcp-option DNS 193.43.27.133'
+#     foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
+#
+
+[ "$script_type" ] || exit 0
+[ "$dev" ] || exit 0
+
+split_into_parts()
+{
+	part1="$1"
+	part2="$2"
+	part3="$3"
+}
+
+case "$script_type" in
+  up)
+	NMSRVRS=""
+	SRCHS=""
+	for optionvarname in ${!foreign_option_*} ; do
+		option="${!optionvarname}"
+		echo "$option"
+		split_into_parts $option
+		if [ "$part1" = "dhcp-option" ] ; then
+			if [ "$part2" = "DNS" ] ; then
+				NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3"
+			elif [ "$part2" = "DOMAIN" ] ; then
+				SRCHS="${SRCHS:+$SRCHS }$part3"
+			fi
+		fi
+	done
+	R=""
+	for NS in $NMSRVRS ; do
+        	R="${R}server=$NS@$dev\n"
+	done
+	echo -en "$R" > /etc/dnsmasq.d/forward
+	/usr/sbin/service dnsmasq restart
+	;;
+  down)
+	echo -n "" > /etc/dnsmasq.d/forward
+	/usr/sbin/service dnsmasq restart
+	;;
+esac
+
diff --git a/manifests/init.pp b/manifests/init.pp
index 30cdf6e..b69bbf5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -391,7 +391,7 @@ class ff_gw::vpn($ca_crt, $usr_crt, $usr_key, $openvpn_version = '2.3.2-7~bpo70+
       content => '#!/bin/sh
 ip route replace 0.0.0.0/1 via $5 table 42
 ip route replace 128.0.0.0/1 via $5 table 42
-/usr/sbin/service dnsmasq restart
+/etc/openvpn/update-dnsmasq-forward
 exit 0';
     "/etc/openvpn/${vpnname}.conf":
       ensure => file,