Jump to content
Not connected, Your IP: 3.230.1.126
nopcode85

ANSWERED AirVPN on Chromebook (native openvpn settings)

Recommended Posts

With other VPN providers (Zoog and TorGuard I know of) you can use the ChromeOS/Chromebook's built-in openvpn support by importing the provider's certificate and then connecting to the proper server; but AirVPN doesn't seem to expose that kind of information. Is the cert file and the host name available for use with Chromebook and can we download them?

Share this post


Link to post

In the Config generator, check the option to separate keys/certs from .ovpn file.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

That doesn't work. Importing the cert does but there is no where to import the config file. I pulled the server name from the config and tried putting that in, but it never successfully connects even if I select the server cert from the drop down list.

Share this post


Link to post

Success! And here's a complete how-to!

 

Okay, I got it working without "rooting" the device into Developer Mode. It's a set of hoops that AirVPN can actually make simple by generating their own .onc and .p12 files.

Here's the steps that I took that works for me:

First, get the files you need from AirVPN.org:

1): click Client Area, then Config Generator.
2): select Linux for your OS (because ChromeOS is Linux)
3): check your preferred server - only choose one! I recommend either by continent or country because then it looks like it randomly picks one.
4): scroll all the way down and check Advanced Mode, and then check 1194 *NOT* the recommended 443 - I couldn't get that one to work right.
5): check Separate keys/certs from .ovpn file (important)
6): check the two boxes at the end and hit Generate.
7): Download the zip file and unzip it somewhere. You will get 5 files - an ovpn file (which has the name of the server which you need for later), a ca.crt, a ta.key, and a user.crt and user.key.

Now, you need to convert some things. First off, you need to build a .onc file. There is a GitHub project that does just that.
1): visit https://github.com/CharlesErickT/oncgenerator
2): click the Clone or Download button, and download the zip file.
3): unzip the contents of this file somewhere.
4): double-click the index.html file to bring up the converter.
5): in the name of the connection, use the filename from the .ovpn file (ex: AirVPN_FOOBAR)
6): open the .ovpn file in Notepad or whatever and look for a line similar to this: "remote xx.vpn.airdns.org 1194". The part you want is "xx.vpn.airdns.org", but you may also have it as a dotted ip address like 1.2.3.4 - do NOT use the port (yet!)
7): copy the server name or ip to the Hostname/IP field
8): enter the port # (1194 in this case)
9): enter your username
10): open the ca.crt file in Notepad and copy the contents in the Content of your CA.crt box
11): open the ta.key file in Notepad and copy that contents into the TLS auth key box.
12): hit generate and save the .onc file

The .onc file will by default use UDP; I had problems for some reason so I had to edit it.
1): Open the .onc file with Notepad and look for the "Proto": "udp" line. Change the "udp" to "tcp".

Upload your .onc to your Google Drive account or copy it to a thumb drive.
Upload the ca.crt file to your Google Drive account or copy it to a thumb drive.

Now, the magic bit. You will need to make a p12 file from the user.crt and user.key files. For this I used OpenSSL but if you know how to use something else that's fine.
1): open a command window running in the folder where you extracted the files from the AirVPN.zip file
2): run the following command:
openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name YOURUSERNAME -out user.p12
3): openssl will ask you for a password twice. This password will be needed later.
4): copy the generated user.p12 file to either your Google Drive or a thumb drive.


And now finally on the chrome book!

Import the certs.

1): Click your user icon on the bottom-right, and then the gear to open the control panel. Type "certificates" in the search box and select Manage Certificates.
2): on the Your Certificates tab, click Import and Bind, and select the user.p12 file from above. Type in the password you used.
3): click the Authorities tab and click Import. Select the ca.crt file from above and import it. Check "trust this for websites" and hit OK.

Import the .onc file

1): from a new tab type in chrome://net-internals and hit enter
2): click on ChromeOS on the bottom, and then under Import ONC click Choose File. Select the .onc file you generated and hit ok. It will look like it did nothing.

But...

Now open your Network control panel and hey, a new VPN entry! Click it and it will show the name that you gave it before. Click Connect, and enter your password for your AirVPN account, and then check Save Identity and Password, then connect. You should be online! To verify, open Google.com and type in "whats my ip"in the search box and you *should* get a different ip than your ISP's number. You can also go into AirVPN.org on a different machine and select Client Area->Overview and verify that the server you are connected to on your chromebook has the same ip as what it says.

Notes and caveats:

This worked for me. The secrete sauce seems to be the user.p12 file generation. I don't know if you really need to import the ca.crt file or not - it shouldn't matter because it's in the .onc file but whatever. What also worked for me was using the TCP instead of UDP and port 1194 and not 443; however, on my Windows system on the same wifi network I can use Eddie in its default config (udp 443) just fine.

 

Share this post


Link to post

thanks for putting this together. I was with you until the p12 part. I did the steps all leading to that point.

 

How the heck does one "open a command window in the folder where you extracted the files..."??

 

I am not an IT expert by any means. I am trying to do all of this on the fly on my Chromebook which is a little frustrating.

Share this post


Link to post

Success! And here's a complete how-to!

 

 

First of all, thank you.

 

So, I bought a ASUS CHROMEBIT CS10 Stick-Desktop PC (85$ on amazon.com) to test (and improve) your guide.

 

Some feedback from me.

 

The .onc file will by default use UDP; I had problems for some reason so I had to edit it.

1): Open the .onc file with Notepad and look for the "Proto": "udp" line. Change the "udp" to "tcp".

 

In my case, I need also to add the Cipher

"CompLZO": "false",
"Cipher": "AES-256-CBC",
"Port": 1194,
"Proto": "tcp",

otherwise the connection loops in Connected/Disconnected forever, because it tries to use the OpenVPN default BF-CBC (from chrome::/system -> netlog)

It's very strange that your guide works without needing this.

 

openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name YOURUSERNAME -out user.p12

3): openssl will ask you for a password twice. This password will be needed later.

 

The password will not need to be the AirVPN account password. Can be left blank.

You can also use

 

openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name 334f26309ded140bcea1b9e61afa59359cdc58c3 -out user.p12 -passout pass:

to skip directly.

 

2): on the Your Certificates tab, click Import and Bind, and select the user.p12 file from above. Type in the password you used.

 

Correct, highlight "Import and Bind", there are "Import" and "Import and Bind" buttons. I picked "Import" and I lost a lot of time for this :p Yes, my fault.

If a user chooses "Import" only, it doesn't work, "Cannot load certificate using PKCS#11 interface" in chrome://system -> netlog .

 

3): click the Authorities tab and click Import. Select the ca.crt file from above and import it. Check "trust this for websites" and hit OK.

 

I'm not sure but I don't think this is mandatory.

 

Now open your Network control panel and hey, a new VPN entry! Click it and it will show the name that you gave it before. Click Connect, and enter your password for your AirVPN account

 

You don't need to enter the real password. But it's mandatory, so you can write 'xxx'.

 

I don't know if you really need to import the ca.crt file or not - it shouldn't matter because it's in the .onc file but whatever.

 

Me too.

 

What also worked for me was using the TCP instead of UDP and port 1194 and not 443; however, on my Windows system on the same wifi network I can use Eddie in its default config (udp 443) just fine.

 

I have not yet tested other ports.

 

So, I will perform some other test, but I think we can write together a guide that can be considered an "official" guide for AirVPN and ChromeOS.

I will do all the automation that can be done, for example adapting Config Generator to generate directly .onc and p12 files.

Stay tuned and thanks again for your work. Ciao!

NOTE by Staff: the mentioned guide is available here: https://airvpn.org/topic/23846-using-airvpn-with-chromeos-chromebook-chromebit-etc/

Share this post


Link to post

I confirm it's working also on any port or protocols (tcp/udp), and importing the CA certificate  is not necessary.
I captured a lot of screenshots and I will publish a full guide when the Config Generator for ChromeOS is ready, with credits to @nopcode85 of course.

Share this post


Link to post
Guest

Many thanks to nopcode85 for getting this working and to AirVPN for incorprorating into the configurator. I can now use my Chromebook on holiday!

Share this post


Link to post

I confirm it's working also on any port or protocols (tcp/udp), and importing the CA certificate  is not necessary.

I captured a lot of screenshots and I will publish a full guide when the Config Generator for ChromeOS is ready, with credits to @nopcode85 of course.

 

 

this is freaking awesome, i just recently purchase an Chromebook and would love the config to generate the files for easy import and be on airvpn.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...