alwaysunknown 3 Posted ... Settings required are: Server hostname:Service Name:Provider type: (OpenVPN)Server:Username:Password:OTP: Note:Server CA certificate:User certificate: both say loading.please help Quote Share this post Link to post
docsewell 6 Posted ... Bump. I have been using a competitor on my Chromebook, because they support L2TP. I'm kicking around the idea of switching everything over to AirVPN, but this is a bit of a blocker for me. ChromeOS is pretty user friendly, but setting up OpenVPN on it is not. I'd love to get some help on this. Quote Share this post Link to post
Staff 9973 Posted ... Hello!Actually, we did not find a solution to run AirVPN (in general any OpenVPN connection) with ChromeOS. EDIT: IMPORTANT UPDATE https://airvpn.org/topic/9785-using-service-via-chromebook/?do=findComment&comment=20105As far as we understand, the UI doesn't allow tls-auth, so it's impossible to configure OpenVPN through the UI. It also requires certificates conversion and a manual conversion of the .ovpn file in another custom format (!).Another attempt could be tried from a terminal:- Generate AirVPN config with Config Generator.- Open crosh with Ctrl+Alt+T.- Type 'shell'. From here, you can access the preinstalled openvpn:(password is 'facepunch' in Hexxen ChromeOS build that we run under VirtualBox)- cd /home/user//Downloads- sudo openvpn AirVPN_Europe_UDP-443.ovpn- but it fails because of an issue about the TUN driver:We have not yet found a solution.There are dozens of issues reports about ChromeOS and OpenVPN out there.We wrote this topic as an experience, in case someone wants to investigate and share a solution.Kind regards Quote Share this post Link to post
anonym 22 Posted ... Hello, This is off-topic but... Google is/was a PRISM data collection partner. Maybe that's why they didn't implement OpenVPN functionality in the Chrome Book.IMHO, Google is a private intelligence provider. They don't really care about user privacy. Sorry I can't offer any advice on this topic. Best regards, anonym Quote Share this post Link to post
docsewell 6 Posted ... I don't believe it has been proven that Google is or was a "PRISM data collection partner." They certainly were having their data scooped up between data centers, and they have made moves to remedy that. They have also been fighting the NSA on other levels as well to provide more security for their users. Their business model, especially the whole "cloud computing" initiative, makes it imperative that they do what they can to gain and keep their customers' trust. I happen to love my Chromebook. It is small, light, fast, convenient, and it looks great. It is hackable with Linux as well. I can either boot Linux from a USB or run it in a Chrooted jail next to ChromeOS. My primary purpose for using AirVPN is to keep my every day data private from my ISP, Charter Cable, local law enforcement, hackers, courts, etc. I keep much of my data from Google by using StartPage.com and by encrypting my backup data client-side. I try to use a VPN on my phone, but I'm sure it's leaking data all over the place, so I try not to use it for anything sensitive. If I have something that is super-sensitive, I have a Linux laptop that I can use with TAILS. I understand people not trusting or wanting to avoid the big data names. But I think we should keep things in perspective. Take what measures you can, and "compartmentalize" your data in to levels of sensitivity, and take necessary precautions for each. If you think that all of your data is "Top Secret", that's fine. But I think the statement "Maybe that's why they didn't implement OpenVPN functionality in the Chrome Book. IMHO, Google is a private intelligence provider" is not terribly helpful to those who do want to use Google services for the data they have decided to trust them with. Besides, ultimately, if the NSA or FBI WANT you, they are going to GET you. If you can't trust Google with anything, I certainly don't think you should be trusting Charter, AT&T, Verizon, Sprint, Comcast, Warner, etc, etc with any of your data either. Perhaps it's best to get that cabin in the woods with a HAM radio. I have to admit, though, with the news that keeps coming out, I'm keeping that option open myself. docsewell 1 submergency reacted to this Quote Share this post Link to post
anonym 22 Posted ... docsewell, I hope my comments didn't offend you. If they did, I'm sorry. Absolutely, use what works for you That's not what I was aiming for, just saying Google aggregates data and sells it. Snowden listed Google as part of PRISM, that's why I said this. I also use StartPage occasionally but mostly use ixQuick.com for searches.Not to be hypocritical, but I had a GMail and Android tablet for a while. They worked fine.But I'm looking for more privacy-oriented services, and I found AirVPN which has been great.I have no firsthand experience with Chrome OS, I'll admit. It is partially open source I believe. Off topic, does anyone know a good really secure e-mail service? If so, could you post a link? Kind regards, anonym Quote Share this post Link to post
OpenSourcerer 1435 Posted ... Off topic, does anyone know a good really secure e-mail service? If so, could you post a link? Posteo! Berlin-based email service, security and privacy level of AirVPN. I was considering to post it to No-Profit but they currently don't accept donations.1€ a month, POP/IMAP, 2 GB space for mails, with CardDAV/CalDAV support. Works excellently with DAVdroid. But it's german. You can't change that when you register but when you use the webmailer. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 9973 Posted ... I don't believe it has been proven that Google is or was a "PRISM data collection partner." Hello! Brand new information on this very subject can be found here http://america.aljazeera.com/articles/2014/5/6/nsa-chief-google.html (anyway NOTHING that shows that Google was a PRISM data collection partner) Kind regards Quote Share this post Link to post
sornem148 0 Posted ... Not sure how helpful this is, but I found instructions for using open vpn on chromebookwhich I was able to confirm allowed the use of the server's CA cerificate in the vpn settings: You must be signed in, this won't work in Guest Mode: 1. You need to first download the cert file such as ca.vpnprovider.org.crt (i don't think you can copy/paste it)2. Next login and upload the cert to google drive3. Go to chrome://settings/certificates click on authorities tab then click on import4. Go back to your google drive and select ca.vpnprovider.org.crt then click on open5. Leave trust settings unchecked and click ok6. Click done.7. You should now be able to select the open vpn option and see the certificate in the drop down menu. In this example "vpnprovider" should be replaced with the correct cert file name provided by the vpn provider. I noticeda key generator at this site, so if there was an option to generate a key file to download it should work with chrome os. To use open vpn with chromebook, the user would still need to know the hostname/ip address for the servers, aswell as the username and password. There's also a field for service name and OTP, but I believe these are optional.I couldn't find server IP's or instructions on username/password in the config area here. Quote Share this post Link to post
Staff 9973 Posted ... Not sure how helpful this is, but I found instructions for using open vpn on chromebookwhich I was able to confirm allowed the use of the server's CA cerificate in the vpn settings: Hello! The first problem in the User Interface is that TLS Auth is not supported and there's no room for ta.key. So you can't use the UI to configure OpenVPN. Read https://airvpn.org/topic/9785-using-service-via-chromebook/?do=findComment&comment=17289 to see where we got stuck. To use open vpn with chromebook, the user would still need to know the hostname/ip address for the servers, aswell as the username and password. There's also a field for service name and OTP, but I believe these are optional.I couldn't find server IP's or instructions on username/password in the config area here. We do not use username/password for authentication. The authentication phase (only after TLS Auth is passed successfully) is performed through certificates and client key. Kind regards Quote Share this post Link to post
sornem148 0 Posted ... Hello! The first problem in the User Interface is that TLS Auth is not supported and there's no room for ta.key. So you can't use the UI to configure OpenVPN. Read https://airvpn.org/topic/9785-using-service-via-chromebook/?do=findComment&comment=17289 to see where we got stuck. We do not use username/password for authentication. The authentication phase (only after TLS Auth is passed successfully) is performed through certificates and client key. Kind regards My apologies, I didn't realize they haven't resolved this issue from 2012 according to the post:https://code.google.com/p/chromium/issues/detail?id=217624I sent a request to tier 2 support for a status update. It looks like a lot of people are involved in it. I'm looking to add vpn service as one of the necessary "Layers of Security" discussed by security firms asbest practice to defend against the many threats online. The Patco Construction caselaw should be an eyeopener for those who believe if their data is compromised institutions will be required to make them whole. One cannot underestimate the degree to which online exploits can affect a company's operations without experiencingit firsthand. It's no secret billions of dollars are lost every year due to hackers, its just not well publicized. Mostthink the problem is getting worse. Companies should not be (legally) allowed to sell networking products that are not adequately secured. Fines shouldbe steep for those who are non compliant. Quote Share this post Link to post
mlp 10 Posted ... Got OpenVPN to work on chromebook c720 that also has crouton installed. 1) Go to crouton chroot and open terminal2) sudo apt-get install openvpn (installed 2.3.2)3) Generate credentials from airvpn site (linux, UDP, server of your choice) and save .opvn file in ~/Downloads folders4) cd ~/Downloads 5) sudo openvpn --mktun --dev tun0 (should get a message that tun0 has been created)6) sudo openvpn --config NAMEOFYOURFILE.opvn --dev tun0 That will get you up and going. Check to make sure IP has changed to airvpn servers and check for DNS leaks. To end VPN session, hit control C and it will destroy the tunnel and you will be back on clearnet. When started, the VPN works for both the crouton and chromeOS sides. After step 4, if you try to just start openvpn with the .opvn file, you get the same tun0 error message seen by the airvpn staff earlier. Making it a two step process of creating the tunnel, and then starting the VPN seems to work. I have not tried this from scratch with the native chromeOS shell, so can't comment if it will work without crouton. Good luck. 3 Staff, shaggerharris and FillUpSeeMoreHopIn reacted to this Quote Share this post Link to post
fillbadguy 0 Posted ... Got OpenVPN to work on chromebook c720 that also has crouton installed. 1) Go to crouton chroot and open terminal2) sudo apt-get install openvpn (installed 2.3.2)3) Generate credentials from airvpn site (linux, UDP, server of your choice) and save .opvn file in ~/Downloads folders4) cd ~/Downloads 5) sudo openvpn --mktun --dev tun0 (should get a message that tun0 has been created)6) sudo openvpn --config NAMEOFYOURFILE.opvn --dev tun0 That will get you up and going. Check to make sure IP has changed to airvpn servers and check for DNS leaks. To end VPN session, hit control C and it will destroy the tunnel and you will be back on clearnet. When started, the VPN works for both the crouton and chromeOS sides. After step 4, if you try to just start openvpn with the .opvn file, you get the same tun0 error message seen by the airvpn staff earlier. Making it a two step process of creating the tunnel, and then starting the VPN seems to work. I have not tried this from scratch with the native chromeOS shell, so can't comment if it will work without crouton. Good luck.dude, you are AWESOME! For weeks I've been trying to do this... Now I can finally go on reddit while at school! Quote Share this post Link to post
shaggerharris 0 Posted ... Got OpenVPN to work on chromebook c720 that also has crouton installed. 1) Go to crouton chroot and open terminal2) sudo apt-get install openvpn (installed 2.3.2)3) Generate credentials from airvpn site (linux, UDP, server of your choice) and save .opvn file in ~/Downloads folders4) cd ~/Downloads 5) sudo openvpn --mktun --dev tun0 (should get a message that tun0 has been created)6) sudo openvpn --config NAMEOFYOURFILE.opvn --dev tun0 That will get you up and going. Check to make sure IP has changed to airvpn servers and check for DNS leaks. To end VPN session, hit control C and it will destroy the tunnel and you will be back on clearnet. When started, the VPN works for both the crouton and chromeOS sides. After step 4, if you try to just start openvpn with the .opvn file, you get the same tun0 error message seen by the airvpn staff earlier. Making it a two step process of creating the tunnel, and then starting the VPN seems to work. I have not tried this from scratch with the native chromeOS shell, so can't comment if it will work without crouton. Good luck.Great work, it does work for me thanks! Do you create the tunnel in ChromeOS, it seemed to work better for me. How do you keep connected, is there any way to impliment a kill switch? Would love to see some native support though! Quote Share this post Link to post
mlp 10 Posted ... Thanks. I have only tried to set up the tunnel on the crouton side, not the ChromeOS side. Not saying it doesn't work on the ChromeOS side, just haven't tried. Obviously haven't compared the two. Would be interested in seeing data. It stays connected until I kill the openvpn process. For a kill switch - you are really just using openvpn at this point, so standard openvpn kill switch techniques should work. Many examples online, one example here on the airvpn forums (note, I have never used this, just looking around for an example): https://airvpn.org/topic/5586-prevent-leaks-with-linux-firestarter-also-stop-traffic-when-vpn-drops/ Hopefully we will get some native support eventually, but I realize ChromeOS is a small population of users, and this work around is a rather simple one in the world of linux. Am just happy with something that works! 1 shaggerharris reacted to this Quote Share this post Link to post
shaggerharris 0 Posted ... Thanks again mlp, will check out the killswitch and do some more reading of the openvpn manual. Great to hear people sharing their fixes. Quote Share this post Link to post
Ace3342 0 Posted ... I bump this old topic because I am interested in using Air with my Chromebook. Has anyone tried this workaround that has been done by HideMyAss (sorry to make reference to a competitor here, anyway I'll never use HMA..)? ----OpenVPN on ChromeOS Connecting via OpenVPN protocol on ChromeOS is a little bit tricky, because it currently does not accept common certificates and keys.That means you can't connect using the ChromeOS GUI, like you would do with L2TP protocol as explained above.So you'll have to use a small workaround: First you need to get into the console mode. On some ChromeOS systems/devices this requires to enable the developer mode first.How this is done differs from device to device, here's a list with links to instructions: http://www.chromium.org/chromium-os/developer-information-for-chrome-os-devicesGeneral information on how to access console/terminal and other related info can be found at: http://www.chromium.org/chromium-os/poking-around-your-chrome-os-device Now you have 2 options to get into the console mode. Which one you use, does not matter. Option 1: Console mode:To get into the console mode, try eitherCTRL+ALT+F2 orCTRL+ALT+RIGHTARROWYou should now get asked for a username and password.If you didn't change any usernames/passwords of the system before, try:User: chronos Password: facepunchOther possible usernames and passwords: chronos, chroneos, chrome, chromeos, facepunch Option 2: Terminal mode:To create a new terminal mode window, hitCTRL+ALT+TYou should see this:crosh>Here, enter "shell" You're now logged in with a restricted user account.The next step is to get root access.Enter: "sudo su"You should now get asked to select a root password. Make sure to write it down somewhere, in case you forget it!Now is the time to connect to the VPN.You'll need the *.ovpn config files of the serves you'd like to connect to. Get them fromTo connect via OpenVPN-TCP: http://hidemyass.com/vpn-config/TCPTo connect via OpenVPN-UDP: http://hidemyass.com/vpn-config/TCPTCP+UDP config files as .zip archive: http://hidemyass.com/vpn-config/vpn-config.zipYou can of course download them from your normal desktopand put them into a specific folder where you can find them later.To leave the console mode, hit CTRL+ALT+F1 or CTRL+ALT+LEFTARROWto leave the terminal mode, hit ALT+TABTo download a config file from the console/terminal mode, you could enter e.g."wget http://hidemyass.com/vpn-config/UDP/Bulgaria.Sofia.UDP.ovpn"Now the file has been saved into the folder you're currently in. That said, as long as you're in a folder that contains the *.ovpn config files within the console mode,you can simply connect to the VPN by running:"openvpn Bulgaria.Sofia.UDP.ovpn"You'll then get asked for your HMA! Pro VPN username + password (the same that you use to login to the VPN control panel), and the client will connect.Once the client shows you something like"Sun Apr 21 07:45:21 2013 Initialization Sequence Completed",that means you are successfully connected and you can go back to your normal desktop. To leave the console mode, hit CTRL+ALT+F1 or CTRL+ALT+LEFTARROWto leave the terminal mode, hit ALT+TAB To confirm that you are successfully connected, you could e.g. browse to http://ipaddress.comand verify your IP, ISP and location. To disconnect from the VPN, go back to console mode (CTRL+ALT+F2 or CTRL+ALT+RIGHTARROW, for terminal mode just ALT+TAB )and hit CTRL+C.----- Quote Share this post Link to post
Staff 9973 Posted ... @Ace3342 Hello! That's possible because HMA implements a rudimentary OpenVPN authentication (which should not be used if security is required). It would not work with our system due to TLS Auth and double certificates authentication, for DHE for PFS... currently, as far as we know the only way reported as working to connect a ChromeOS device to our service is https://airvpn.org/topic/9785-using-service-via-chromebook/?do=findComment&comment=20105 (crouton needed). Kind regards Quote Share this post Link to post
Ace3342 0 Posted ... Might be this new ARC development be of help? http://arstechnica.com/gadgets/2015/04/googles-arc-opens-up-to-developers-runs-android-apps-on-most-desktop-oses/#p3 Now Google has released the adorably-named ARC Welder, a Chrome app which will convert any Android app into an ARC-powered Chrome app. It's mainly for developers to package up an APK and submit it to the Chrome Web Store, but anyone can package and launch an APK from the app directly. I am thinking about running OpenVPN for Android app in Chrome OS. So far I tried with twerk from the apk, but no success. Quote Share this post Link to post
tsitiridis 0 Posted ... Hi, Chrome OS now supports OpenVPN. Can you please upload the settings for it? Thank you Quote Share this post Link to post
diddiyo 1 Posted ... just got a chromebook. bump for openvpn / chromeos support please, thanks Quote Share this post Link to post
Ace3342 0 Posted ... A new guide is out. I did not check it myself, though. https://dev.chromium.org/chromium-os/how-tos-and-troubleshooting/openvpn-manual-setup Quote Share this post Link to post
duffydack 4 Posted ... Still no ovpn support in chromeos (gui) I still have my bash alias though which works fine.alias vpn='cd && sudo openvpn --mktun --dev tun0 && sudo openvpn --config Downloads/airvpn.ovpn --dev tun0'I tried to make an ONC file with the certs and keys all as seperate files but just can't get it to work. Be nice is airvpn staff could create one ? Quote Share this post Link to post