Tuesday, March 14, 2017

Advanced OpenVPN on ChromeOS

I recently picked up a Samsung Chromebook Plus. One of the first things I did was try to set up an OpenVPN connection to my pfSense server. There's a very, very basic GUI for managing VPN connections under settings, but if you do anything the GUI doesn't support (i.e. TLS authentication) you're out of luck.

It turns out, however, that under the hood, ChromeOS has a standard OpenVPN install. The only way to configured it, however, is via importing an ONC file. ONC is a standard that Google (I think) created to manage all aspects of network configuration in ChromeOS from wifi to vpn to cell networks.

ONC documentation: https://docs.google.com/viewer?a=v&pid=sites&srcid=Y2hyb21pdW0ub3JnfGRldnxneDo2MzVhNTRlZTZmZTc4MGRj
OpenVPN ONC tutorial: https://docs.google.com/document/u/1/d/18TU22gueH5OKYHZVJ5nXuqHnk2GN6nDvfu2Hbrb4YLE/pub

Unfortunately there's nothing out there that will let you generate an advanced onc file for OpenVPN. I stumbled across a git project that made a very limited attempt at this: https://github.com/CharlesErickT/oncgenerator

The downside to this is that it doesn't support any of the additional options the standard supports and in my situation in particular it doesn't support client certificates. So, I forked it and implemented most, if not all, of the OpenVPN section of the onc format: https://github.com/R3vXX/oncgenerator

If you download the git repo, open the page in your browser of choice and generate an onc file, you can import it via the methods described in the above Google OpenVPN tutorial.