Chromebook, Chromebook apps, Chromebook VPN

ChromeBook OpenVPN in [2018] {Working}

In this post we will discuss how to configure Open VPN for ChromeOS.  OpenVPN Chromebook is not currently reachable by…

In this post we will discuss how to configure Open VPN for ChromeOS.  OpenVPN Chromebook is not currently reachable by the User Interface but hopefully in the future it will be available.  The following are the features supported by openvpn chromebooks.

  • Certificate Based VPN
  • LZO Compression
  • TLS authentication.

The following instructions consists of creating a self signed certificate authority and also creates self signed certificates for the server and client.  The certificates are imported into ChromeOS TPM (A secure Hard Ware on Chromebook) and then an ONC config is created with full VPN option set required, and this is imported into Chromebook.

 

Please Make sure that you have these with you:

  • An Open VPN server.  It should be running linux.  This should be reachable from the public internet or atleast should have a DNS record that points to it.
  • A ChromeBook
  • A Second laptop that is running linux.

Setting up a VPN server:

  • Use a 2048 bit keys.
  • Keep the ca.key file someplace safe.
  • While Creating The Server Cetrificate, use the external host name for your server.
  • Use the build key script for Client while creating Client Certificate.
  • Upload the ca.crt, client.crt/client.key, pkcs12, ta.key to google drive.
  • The port 1194 is mostly used for openvpn.  Using port 443 instead will prevent setting https server on the same machine.

The following are the server.conf file contents:

port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “redirect-gateway def1”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
keepalive 10 120
tls-auth ta.key 0 # Change this “0” to “1” on the client
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

Setting up Home Network for VPN:

  • In the home router, forward the VPN port to the IP address of the VPN Server.
  • Allow IP forwarding and set IP tables accordingly.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT

Files Needed for the Client:

  • ca.crt – the certificate authority’s public key certificate.
  • client-cert.p12 – the client’s public/private key
  • ta.key – the tls authentication key

Importing Certifcates into ChromeOS:

  • Browser the URL:

chrome://settings/certificates

  • In the page that opens, select the Authoritites tab.
  • The click on Import.  Then browser to CA.crt and click on Open.
  • Trust this certificates for identifying websites” should be checked.
  • You should see the Certificates Authority listed in the Authority Tab
  • Import the pkcs12 certificates.  In your certificates, use import and bind to device

You can remove the certifictes by using the delete options.

ChromeOS VPN ONC block:

ONC stands for Open Network Configuration.  These are JSON objects.  You can inject ONC using an internal URL.

  • You will need two GUIDs
  • Use online GUID generator for generating two GUID.
  • GUID#1: It is a random string identifier, you can get it from online generator.
  • GUID#2: It is the VPN name.  Choose one you like.
  • CA-CERT: This contains the contents of CA.crt.  It does not have the  header lines.
  • HOSTNAME: This is the hostname of the VPN server.
  • USERNAME: It is the username in the server.
  • TLS_AUTH_KEY: This is the TLS authentication key.  Remove the Comments lines, but include the header and footer lines.   Header: —–BEGIN OpenVPN Static Key V1—– . Footer: —–END OpenVPN Static Key V1—–.  We need to replace all the new line with ‘\n’

{

“Type”:”UnencryptedConfiguration”,

“Certificates”: [ {

“GUID”: “{<GUID#1>}”,

“Type”: “Authority”,

“X509”: “<CA_CERT>”

} ],

“NetworkConfigurations”: [ {

“GUID”: “{<GUID#2>}”,

“Name”: “<VPN_NAME>”,

“Type”: “VPN”,

“VPN”: {

“Type”: “OpenVPN”,

“Host”: “<HOSTHAME>”,

“OpenVPN”: {

“ServerCARef”: “{<GUID#1>}”,

“AuthRetry”: “interact”,

“ClientCertType”: “Pattern”,

“ClientCertPattern”: {

“IssuerCARef”: [ “{<GUID#1>}” ]

},

“CompLZO”: “true”,

“Port”: 1194,

“Proto”: “udp”,

“RemoteCertTLS”:”server”,

“RemoteCertEKU”: “TLS Web Server Authentication”,

“SaveCredentials”: false,

“ServerPollTimeout”: 10,

“Username”: “<USERNAME>”,

“KeyDirection”:”1″,

“TLSAuthContents”:”<TLS_AUTH_KEY>”

}

}

} ]

}

  • After Editing the file, save it as filename.onc and upload it to Google Drive.
  • Use the following URL to upload the .onc file

chrome://net-internals/#chromeos

Conclusion:

There you go, now you know the basics of getting openvpn chromebooks.  Follow the instructions carefully as it is very easy to make mistakes.  For a detailed post on how to use openvpn chromebook please let us know in the comments below.

Chromebook openvpn
  • Explanation of the Article
  • Clear Visual Representation
  • Working methods of the Article
  • Article Reliability
  • Content Quality
  • Quality of the Article
4.5

Summary

This has been a very useful article. Chromebook openvpn

Comments Rating 0 (0 reviews)

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending