Using service via ChromeBook

[alwaysunknown 3]

Settings required are:

 

Server hostname:

Service Name:

Provider type: (OpenVPN)

Server:

Username:

Password:

OTP:

 

 

Note:

Server CA certificate:

User certificate:

 

both say loading.

please help

[docsewell 6]

Bump.  I have been using a competitor on my Chromebook, because they support L2TP.  I'm kicking around the idea of switching everything over to AirVPN, but this is a bit of a blocker for me.  ChromeOS is pretty user friendly, but setting up OpenVPN on it is not.  I'd love to get some help on this.

[Staff 9972]

Hello!

Actually, we did not find a solution to run AirVPN (in general any OpenVPN connection) with ChromeOS.

 

EDIT: IMPORTANT UPDATE https://airvpn.org/topic/9785-using-service-via-chromebook/?do=findComment&comment=20105

As far as we understand, the UI doesn't allow tls-auth, so it's impossible to configure OpenVPN through the UI. It also requires certificates conversion and a manual conversion of the .ovpn file in another custom format (!).

Another attempt could be tried from a terminal:

- Generate AirVPN config with Config Generator.
- Open crosh with Ctrl+Alt+T.
- Type 'shell'. From here, you can access the preinstalled openvpn:
(password is 'facepunch' in Hexxen ChromeOS build that we run under VirtualBox)
- cd /home/user//Downloads
- sudo openvpn AirVPN_Europe_UDP-443.ovpn



- but it fails because of an issue about the TUN driver:



We have not yet found a solution.
There are dozens of issues reports about ChromeOS and OpenVPN out there.


We wrote this topic as an experience, in case someone wants to investigate and share a solution.

Kind regards

[anonym 22]

Hello,

 

This is off-topic but...

 

Google is/was a PRISM data collection partner. Maybe that's why they didn't implement OpenVPN functionality in the Chrome Book.

IMHO, Google is a private intelligence provider. They don't really care about user privacy.

 

Sorry I can't offer any advice on this topic.

 

Best regards,

 

anonym

[docsewell 6]

I don't believe it has been proven that Google is or was a "PRISM data collection partner."  They certainly were having their data scooped up between data centers, and they have made moves to remedy that.  They have also been fighting the NSA on other levels as well to provide more security for their users.  Their business model, especially the whole "cloud computing" initiative, makes it imperative that they do what they can to gain and keep their customers' trust.

 

I happen to love my Chromebook.  It is small, light, fast, convenient, and it looks great.  It is hackable with Linux as well.  I can either boot Linux from a USB or run it in a Chrooted jail next to ChromeOS.

 

My primary purpose for using AirVPN is to keep my every day data private from my ISP, Charter Cable, local law enforcement, hackers, courts, etc.  I keep much of my data from Google by using StartPage.com and by encrypting my backup data client-side.  I try to use a VPN on my phone, but I'm sure it's leaking data all over the place, so I try not to use it for anything sensitive.  If I have something that is super-sensitive, I have a Linux laptop that I can use with TAILS.

 

I understand people not trusting or wanting to avoid the big data names.  But I think we should keep things in perspective.  Take what measures you can, and "compartmentalize" your data in to levels of sensitivity, and take necessary precautions for each.  If you think that all of your data is "Top Secret", that's fine.  But I think the statement "Maybe that's why they didn't implement OpenVPN functionality in the Chrome Book. IMHO, Google is a private intelligence provider" is not terribly helpful to those who do want to use Google services for the data they have decided to trust them with.

 

Besides, ultimately, if the NSA or FBI WANT you, they are going to GET you.  If you can't trust Google with anything, I certainly don't think you should be trusting Charter, AT&T, Verizon, Sprint, Comcast, Warner, etc, etc with any of your data either.  Perhaps it's best to get that cabin in the woods with a HAM radio.  I have to admit, though, with the news that keeps coming out, I'm keeping that option open myself.

 

 

docsewell

[anonym 22]

docsewell,

 

I hope my comments didn't offend you. If they did, I'm sorry. Absolutely, use what works for you

That's not what I was aiming for, just saying Google aggregates data and sells it.

 

Snowden listed Google as part of PRISM, that's why I said this. I also use StartPage occasionally but mostly use ixQuick.com for searches.

Not to be hypocritical, but I had a GMail and Android tablet for a while. They worked fine.

But I'm looking for more privacy-oriented services, and I found AirVPN which has been great.

I have no firsthand experience with Chrome OS, I'll admit. It is partially open source I believe.

 

Off topic, does anyone know a good really secure e-mail service? If so, could you post a link?

 

Kind regards,

 

anonym

[OpenSourcerer 1435]

Off topic, does anyone know a good really secure e-mail service? If so, could you post a link?

 

Posteo! Berlin-based email service, security and privacy level of AirVPN. I was considering to post it to No-Profit but they currently don't accept donations.

1€ a month, POP/IMAP, 2 GB space for mails, with CardDAV/CalDAV support. Works excellently with DAVdroid.

 

But it's german. You can't change that when you register but when you use the webmailer.

[Staff 9972]

I don't believe it has been proven that Google is or was a "PRISM data collection partner."  

 

 

Hello!

 

Brand new information on this very subject can be found here http://america.aljazeera.com/articles/2014/5/6/nsa-chief-google.html

 

(anyway NOTHING that shows that Google was a PRISM data collection partner)

 

Kind regards

[sornem148 0]

Not sure how helpful this is, but I found instructions for using open vpn on chromebook

which I was able to confirm allowed the use of the server's CA cerificate in the vpn settings:

 

You must be signed in, this won't work in Guest Mode:

 

 

1. You need to first download the cert file such as ca.vpnprovider.org.crt  (i don't think you can copy/paste it)
2. Next login and upload the cert to google drive
3. Go to chrome://settings/certificates  click on authorities tab then click on import

4. Go back to your google drive and select ca.vpnprovider.org.crt then click on open

5. Leave trust settings unchecked and click ok

6. Click done.

7. You should now be able to select the open vpn option and see the certificate in the drop down menu.

 

In this example "vpnprovider" should be replaced with the correct cert file name provided by the vpn provider. I noticed

a key generator at this site, so if there was an option to generate a key file to download it should work with chrome os. 

 

To use open vpn with chromebook, the user would still need to know the hostname/ip address for the servers, as

well as the username and password. There's also a field for service name and OTP, but I believe these are optional.

I couldn't find server IP's or instructions on username/password in the config area here. 

 

 

[Staff 9972]

Not sure how helpful this is, but I found instructions for using open vpn on chromebook

which I was able to confirm allowed the use of the server's CA cerificate in the vpn settings:

 

Hello!

 

The first problem in the User Interface is that TLS Auth is not supported and there's no room for ta.key. So you can't use the UI to configure OpenVPN. Read https://airvpn.org/topic/9785-using-service-via-chromebook/?do=findComment&comment=17289 to see where we got stuck.

 

 

 

To use open vpn with chromebook, the user would still need to know the hostname/ip address for the servers, as

well as the username and password. There's also a field for service name and OTP, but I believe these are optional.

I couldn't find server IP's or instructions on username/password in the config area here. 

 

We do not use username/password for authentication. The authentication phase (only after TLS Auth is passed successfully) is performed through certificates and client key.

 

Kind regards

[sornem148 0]

Hello!

 

The first problem in the User Interface is that TLS Auth is not supported and there's no room for ta.key. So you can't use the UI to configure OpenVPN. Read https://airvpn.org/topic/9785-using-service-via-chromebook/?do=findComment&comment=17289 to see where we got stuck.

 

 

We do not use username/password for authentication. The authentication phase (only after TLS Auth is passed successfully) is performed through certificates and client key.

 

Kind regards

 

 

My apologies, I didn't realize they haven't resolved this issue from 2012 according to the post:

https://code.google.com/p/chromium/issues/detail?id=217624

I sent a request to tier 2 support for a status update. It looks like a lot of people are involved in it.

 

I'm looking to add vpn service as one of the necessary "Layers of Security" discussed by security firms as

best practice to defend against the many threats online. The Patco Construction caselaw should be an eye

opener for those who believe if their data is compromised institutions will be required to make them whole.

 

One cannot underestimate the degree to which online exploits can affect a company's operations without experiencing

it firsthand. It's no secret billions of dollars are lost every year due to hackers, its just not well publicized. Most

think the problem is getting worse.

 

Companies should not be (legally) allowed to sell networking products that are not adequately secured. Fines should

be steep for those who are non compliant.

[mlp 10]

Got OpenVPN to work on chromebook c720 that also has crouton installed.  

 

1)  Go to crouton chroot and open terminal

2)  sudo apt-get install openvpn (installed 2.3.2)

3)  Generate credentials from airvpn site (linux, UDP, server of your choice) and save .opvn file in ~/Downloads folders

4) cd ~/Downloads 

5) sudo openvpn --mktun --dev tun0  (should get a message that tun0 has been created)

6)  sudo openvpn --config  NAMEOFYOURFILE.opvn --dev tun0

 

That will get you up and going.  Check to make sure IP has changed to airvpn servers and check for DNS leaks.  To end VPN session, hit control C and it will destroy the tunnel and you will be back on clearnet.  When started, the VPN works for both the crouton and chromeOS sides.

 

After step 4, if you try to just start openvpn with the .opvn file, you get the same tun0 error message seen by the airvpn staff earlier.  Making it a two step process of creating the tunnel, and then starting the VPN seems to work.

 

I have not tried this from scratch with the native chromeOS shell, so can't comment if it will work without crouton.

 

Good luck.

[fillbadguy 0]

Got OpenVPN to work on chromebook c720 that also has crouton installed.  

 

1)  Go to crouton chroot and open terminal

2)  sudo apt-get install openvpn (installed 2.3.2)

3)  Generate credentials from airvpn site (linux, UDP, server of your choice) and save .opvn file in ~/Downloads folders

4) cd ~/Downloads 

5) sudo openvpn --mktun --dev tun0  (should get a message that tun0 has been created)

6)  sudo openvpn --config  NAMEOFYOURFILE.opvn --dev tun0

 

That will get you up and going.  Check to make sure IP has changed to airvpn servers and check for DNS leaks.  To end VPN session, hit control C and it will destroy the tunnel and you will be back on clearnet.  When started, the VPN works for both the crouton and chromeOS sides.

 

After step 4, if you try to just start openvpn with the .opvn file, you get the same tun0 error message seen by the airvpn staff earlier.  Making it a two step process of creating the tunnel, and then starting the VPN seems to work.

 

I have not tried this from scratch with the native chromeOS shell, so can't comment if it will work without crouton.

 

Good luck.

dude, you are AWESOME!

 

For weeks I've been trying to do this...

 

Now I can finally go on reddit while at school!

[shaggerharris 0]

Got OpenVPN to work on chromebook c720 that also has crouton installed.  

 

1)  Go to crouton chroot and open terminal

2)  sudo apt-get install openvpn (installed 2.3.2)

3)  Generate credentials from airvpn site (linux, UDP, server of your choice) and save .opvn file in ~/Downloads folders

4) cd ~/Downloads 

5) sudo openvpn --mktun --dev tun0  (should get a message that tun0 has been created)

6)  sudo openvpn --config  NAMEOFYOURFILE.opvn --dev tun0

 

That will get you up and going.  Check to make sure IP has changed to airvpn servers and check for DNS leaks.  To end VPN session, hit control C and it will destroy the tunnel and you will be back on clearnet.  When started, the VPN works for both the crouton and chromeOS sides.

 

After step 4, if you try to just start openvpn with the .opvn file, you get the same tun0 error message seen by the airvpn staff earlier.  Making it a two step process of creating the tunnel, and then starting the VPN seems to work.

 

I have not tried this from scratch with the native chromeOS shell, so can't comment if it will work without crouton.

 

Good luck.

Great work, it does work for me thanks!

 

Do you create the tunnel in ChromeOS, it seemed to work better for me.

 

How do you keep connected, is there any way to impliment a kill switch?

 

Would love to see some native support though!

[mlp 10]

Thanks.  I have only tried to set up the tunnel on the crouton side, not the ChromeOS side.  Not saying it doesn't work on the ChromeOS side, just haven't tried.  Obviously haven't compared the two.  Would be interested in seeing data.

 

It stays connected until I kill the openvpn process.

 

For a kill switch - you are really just using openvpn at this point, so standard openvpn kill switch techniques should work.  Many examples online, one example here on the airvpn forums (note, I have never used this, just looking around for an example):

 

https://airvpn.org/topic/5586-prevent-leaks-with-linux-firestarter-also-stop-traffic-when-vpn-drops/

 

Hopefully we will get some native support eventually, but I realize ChromeOS is a small population of users, and this work around is a rather simple one in the world of linux.  Am just happy with something that works!

[shaggerharris 0]

Thanks again mlp, will check out the killswitch and do some more reading of the openvpn manual. Great to hear people sharing their fixes.

[Ace3342 0]

I bump this old topic because I am interested in using Air with my Chromebook.

 

Has anyone tried this workaround that has been done by HideMyAss (sorry to make reference to a competitor here, anyway I'll never use HMA..)?

 

----

OpenVPN on ChromeOS

 

Connecting via OpenVPN protocol on ChromeOS is a little bit tricky, because it currently does not accept common certificates and keys.
That means you can't connect using the ChromeOS GUI, like you would do with L2TP protocol as explained above.

So you'll have to use a small workaround:

 

First you need to get into the console mode. On some ChromeOS systems/devices this requires to enable the developer mode first.
How this is done differs from device to device, here's a list with links to instructions: http://www.chromium.org/chromium-os/developer-information-for-chrome-os-devices
General information on how to access console/terminal and other related info can be found at: http://www.chromium.org/chromium-os/poking-around-your-chrome-os-device

 

Now you have 2 options to get into the console mode. Which one you use, does not matter.

 

Option 1: Console mode:

To get into the console mode, try either

• CTRL+ALT+F2 or
• CTRL+ALT+RIGHTARROW

You should now get asked for a username and password.

If you didn't change any usernames/passwords of the system before, try:

• User: chronos   Password: facepunch
• Other possible usernames and passwords: chronos, chroneos, chrome, chromeos, facepunch

 

 

Option 2: Terminal mode:

To create a new terminal mode window, hit

• CTRL+ALT+T

You should see this:

crosh>

Here, enter "shell"

 

 

 

You're now logged in with a restricted user account.
The next step is to get root access.

Enter: "sudo su"

You should now get asked to select a root password. Make sure to write it down somewhere, in case you forget it!

Now is the time to connect to the VPN.

You'll need the *.ovpn config files of the serves you'd like to connect to. Get them from

• To connect via OpenVPN-TCP: http://hidemyass.com/vpn-config/TCP
• To connect via OpenVPN-UDP: http://hidemyass.com/vpn-config/TCP
• TCP+UDP config files as .zip archive: http://hidemyass.com/vpn-config/vpn-config.zip

You can of course download them from your normal desktop
and put them into a specific folder where you can find them later.

To leave the console mode, hit CTRL+ALT+F1 or CTRL+ALT+LEFTARROW
to leave the terminal mode, hit ALT+TAB

To download a config file from the console/terminal mode, you could enter e.g.

"wget http://hidemyass.com/vpn-config/UDP/Bulgaria.Sofia.UDP.ovpn"

Now the file has been saved into the folder you're currently in.

 

That said, as long as you're in a folder that contains the *.ovpn config files within the console mode,
you can simply connect to the VPN by running:

"openvpn Bulgaria.Sofia.UDP.ovpn"

You'll then get asked for your HMA! Pro VPN username + password (the same that you use to login to the VPN control panel), and the client will connect.

Once the client shows you something like

"Sun Apr 21 07:45:21 2013  Initialization Sequence Completed",

that means you are successfully connected and you can go back to your normal desktop.

 

To leave the console mode, hit CTRL+ALT+F1 or CTRL+ALT+LEFTARROW
to leave the terminal mode, hit ALT+TAB

 

To confirm that you are successfully connected, you could e.g. browse to http://ipaddress.com
and verify your IP, ISP and location.

 

To disconnect from the VPN, go back to console mode (CTRL+ALT+F2 or CTRL+ALT+RIGHTARROW, for terminal mode just ALT+TAB )

and hit CTRL+C.

-----

[Staff 9972]

@Ace3342

 

Hello!

 

That's possible because HMA implements a rudimentary OpenVPN authentication (which should not be used if security is required). It would not work with our system due to TLS Auth and double certificates authentication, for DHE for PFS... currently, as far as we know the only way reported as working to connect a ChromeOS device to our service is https://airvpn.org/topic/9785-using-service-via-chromebook/?do=findComment&comment=20105 (crouton needed).

 

Kind regards

[Ace3342 0]

Might be this new ARC development be of help?

 

http://arstechnica.com/gadgets/2015/04/googles-arc-opens-up-to-developers-runs-android-apps-on-most-desktop-oses/#p3

 

Now Google has released the adorably-named ARC Welder, a Chrome app which will convert any Android app into an ARC-powered Chrome app. It's mainly for developers to package up an APK and submit it to the Chrome Web Store, but anyone can package and launch an APK from the app directly.

 

I am thinking about running OpenVPN for Android app in Chrome OS. So far I tried with twerk from the apk, but no success.

[tsitiridis 0]

Hi,

 

Chrome OS now supports OpenVPN. Can you please upload the settings for it?

 

Thank you

[diddiyo 1]

just got a chromebook. bump for openvpn / chromeos support please, thanks

[tonyaldo 1]

Bumpity bump bump

[diddiyo 1]

weekly bump?

[Ace3342 0]

A new guide is out. I did not check it myself, though.

 

https://dev.chromium.org/chromium-os/how-tos-and-troubleshooting/openvpn-manual-setup

[duffydack 4]

Still no ovpn support in chromeos (gui)  I still have my bash alias though which works fine.

alias vpn='cd && sudo openvpn --mktun --dev tun0 && sudo openvpn --config Downloads/airvpn.ovpn --dev tun0'

I tried to make an ONC file with the certs and keys all as seperate files but just can't get it to work.  Be nice is airvpn staff could create one ?