Chromebook OpenVPN

I recently got a new job and had the pleasure/torture of being assigned a Chromebook and needing to get it onto the VPN. This is easy on a Mac, which everybody else has, but since the ChromeOS is so lightweight, it was more challenging. I eventually got it to work though, so here are my directions!

If you don’t already, you’ll need some text editor (not Google Docs) and I had good luck with Caret and you’ll need some sort of sftp system and a shell.  I also recommend using developer mode for the Chromebook, as it makes for a lot less hassle long term.  You can also dual boot into linux, but I don’t do that as ChromeOS in developer mode has been enough for me to be pretty happy!

Network

First, have a read on Errietta’s blog and get an idea on how this will work.  I tried her directions and they weren’t entirely sufficient, but I got 90% there.
First go into your OpenVPN directory and build a key:
./build-key client1my

which will build a key and a certificate (.key and .crt) but they will be generated in the directory that the file vars specifies. I had to run:

openssl pkcs12 -export -in client1.crt -inkey client1.key -certfile ca.crt -name MyClient -out client.p12

Go into your openvpn/ccd directory and copy the most recent file . Don’t forget to increment both IPs in the file by 1 (so you don’t have conflicts later on!)

You should now have a client.p12 file.  Share this with the Chromebook in Google Docs.

 

On the Chromebook

Navigate to chrome://settings/certificates (in the browser) and in the Authorities tab, click ‘Import’ and select the ca.crt file (in the ‘shared with you’ section of Google Docs!)  You will be asked if you want to trust the ca, click on ‘trust this certificate for identifying websites’ and leave the rest blank.

Now navigate to chrome://settings/certificates and click on “your certificates” and then “import and bind to device” (NOTE: NOT JUST IMPORT, IT MUST BE IMPORT AND BIND TO DEVICE) and select the .p12 file from earlier.  You should see your (hardware-backed) by the certificate name.

ONC File

First, make your .onc file, as can be seen here: https://github.com/syedaali/configs/blob/master/openvpn-sample.onc and you will need to upload it.  In a browser tab, open chrome://net-internals and along the left side of the page, click on “ChromeOS” then click on the “choose file” button in the line “Import ONC File”

DO NOT PANIC IF NOTHING HAPPENS!  (I panicked and it was unnecessary!)

After a few short moments, the name you gave your network name should appear in the OpenVPN/L2TP screen (click on the wifi icon near your profile icon in the lower right corner of the Chromebook screen, click on VPN, and the file with your name on it should appear there!)

Fill in your password and leave OTC and group name blank.

 

Congrats, you’re all done!