diff --git a/bin/executable_metvpn.tmpl b/bin/executable_metvpn.tmpl
new file mode 100644
index 0000000..e4e489f
--- /dev/null
+++ b/bin/executable_metvpn.tmpl
@@ -0,0 +1,19 @@
+#!{{ .chezmoi.pathSeparator }}bin{{ .chezmoi.pathSeparator }}zsh
+
+if (( UID != 0 ))
+then
+    exec sudo "$(realpath "$0")" "$@"
+fi
+
+openvpn --config <(sudo -u {{ .chezmoi.user }} {{ .chezmoi.config.gopass.command }} show metrans{{ .chezmoi.pathSeparator }}vpn tcp.ovpn) --askpass <(sudo -u {{ .chezmoi.user }} {{ .chezmoi.config.gopass.command }} show metrans{{ .chezmoi.pathSeparator }}vpn) &
+ovpn=$?
+set -v
+until ip l show dev metrans &>{{ .chezmoi.pathSeparator }}dev{{ .chezmoi.pathSeparator }}null
+do
+    sleep 0.5
+done
+resolvectl dns metrans 192.168.1.61 192.168.1.62
+resolvectl domain metrans '~metrans.local' '~corp.metrans.cz'
+
+wait
+kill "$ovpn"