Jump to content


Photo
- - - - -

AirVPN on Chromebook (native openvpn settings)


Best Answer Clodo, 13 September 2017 - 12:08 PM

Success! And here's a complete how-to!

 

 

First of all, thank you.

So, I bought a ASUS CHROMEBIT CS10 Stick-Desktop PC (85$ on amazon.com) to test (and improve) your guide.

Some feedback from me.

 

The .onc file will by default use UDP; I had problems for some reason so I had to edit it.
1): Open the .onc file with Notepad and look for the "Proto": "udp" line. Change the "udp" to "tcp".

 

In my case, I need also to add the Cipher

"CompLZO": "false",
"Cipher": "AES-256-CBC",
"Port": 1194,
"Proto": "tcp",

otherwise the connection loops in Connected/Disconnected forever, because it tries to use the OpenVPN default BF-CBC (from chrome::/system -> netlog)
It's very strange that your guide works without needing this.

 

openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name YOURUSERNAME -out user.p12
3): openssl will ask you for a password twice. This password will be needed later.

 

The password will not need to be the AirVPN account password. Can be left blank.
You can also use

 

openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name 334f26309ded140bcea1b9e61afa59359cdc58c3 -out user.p12 -passout pass:

to skip directly.

 

2): on the Your Certificates tab, click Import and Bind, and select the user.p12 file from above. Type in the password you used.

 

Correct, highlight "Import and Bind", there are "Import" and "Import and Bind" buttons. I picked "Import" and I lost a lot of time for this :P Yes, my fault.
If a user chooses "Import" only, it doesn't work, "Cannot load certificate using PKCS#11 interface" in chrome://system -> netlog .

 

3): click the Authorities tab and click Import. Select the ca.crt file from above and import it. Check "trust this for websites" and hit OK.

 

I'm not sure but I don't think this is mandatory.

 

Now open your Network control panel and hey, a new VPN entry! Click it and it will show the name that you gave it before. Click Connect, and enter your password for your AirVPN account

 

You don't need to enter the real password. But it's mandatory, so you can write 'xxx'.

 

I don't know if you really need to import the ca.crt file or not - it shouldn't matter because it's in the .onc file but whatever.

 

Me too.

 

What also worked for me was using the TCP instead of UDP and port 1194 and not 443; however, on my Windows system on the same wifi network I can use Eddie in its default config (udp 443) just fine.

 

I have not yet tested other ports.

So, I will perform some other test, but I think we can write together a guide that can be considered an "official" guide for AirVPN and ChromeOS.
I will do all the automation that can be done, for example adapting Config Generator to generate directly .onc and p12 files.
Stay tuned and thanks again for your work. Ciao!

NOTE by Staff: the mentioned guide is available here: https://airvpn.org/topic/23846-using-airvpn-with-chromeos-chromebook-chromebit-etc/

Go to the full post


  • Please log in to reply
8 replies to this topic

#1 nopcode85

nopcode85

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 15 August 2017 - 01:03 AM

With other VPN providers (Zoog and TorGuard I know of) you can use the ChromeOS/Chromebook's built-in openvpn support by importing the provider's certificate and then connecting to the proper server; but AirVPN doesn't seem to expose that kind of information. Is the cert file and the host name available for use with Chromebook and can we download them?



#2 giganerd

giganerd

    I shall have no title

  • Members
  • PipPipPip
  • 2478 posts
  • LocationGermany

Posted 15 August 2017 - 07:28 AM

In the Config generator, check the option to separate keys/certs from .ovpn file.


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs is the proper way to heaven.
Same issues are rare! Search for solutions and if not successful open your own threads.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

 


#3 nopcode85

nopcode85

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 15 August 2017 - 08:44 PM

That doesn't work. Importing the cert does but there is no where to import the config file. I pulled the server name from the config and tried putting that in, but it never successfully connects even if I select the server cert from the drop down list.



#4 nopcode85

nopcode85

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 18 August 2017 - 03:08 AM

Success! And here's a complete how-to!

 

Okay, I got it working without "rooting" the device into Developer Mode. It's a set of hoops that AirVPN can actually make simple by generating their own .onc and .p12 files.

Here's the steps that I took that works for me:

First, get the files you need from AirVPN.org:

1): click Client Area, then Config Generator.
2): select Linux for your OS (because ChromeOS is Linux)
3): check your preferred server - only choose one! I recommend either by continent or country because then it looks like it randomly picks one.
4): scroll all the way down and check Advanced Mode, and then check 1194 *NOT* the recommended 443 - I couldn't get that one to work right.
5): check Separate keys/certs from .ovpn file (important)
6): check the two boxes at the end and hit Generate.
7): Download the zip file and unzip it somewhere. You will get 5 files - an ovpn file (which has the name of the server which you need for later), a ca.crt, a ta.key, and a user.crt and user.key.

Now, you need to convert some things. First off, you need to build a .onc file. There is a GitHub project that does just that.
1): visit https://github.com/CharlesErickT/oncgenerator
2): click the Clone or Download button, and download the zip file.
3): unzip the contents of this file somewhere.
4): double-click the index.html file to bring up the converter.
5): in the name of the connection, use the filename from the .ovpn file (ex: AirVPN_FOOBAR)
6): open the .ovpn file in Notepad or whatever and look for a line similar to this: "remote xx.vpn.airdns.org 1194". The part you want is "xx.vpn.airdns.org", but you may also have it as a dotted ip address like 1.2.3.4 - do NOT use the port (yet!)
7): copy the server name or ip to the Hostname/IP field
8): enter the port # (1194 in this case)
9): enter your username
10): open the ca.crt file in Notepad and copy the contents in the Content of your CA.crt box
11): open the ta.key file in Notepad and copy that contents into the TLS auth key box.
12): hit generate and save the .onc file

The .onc file will by default use UDP; I had problems for some reason so I had to edit it.
1): Open the .onc file with Notepad and look for the "Proto": "udp" line. Change the "udp" to "tcp".

Upload your .onc to your Google Drive account or copy it to a thumb drive.
Upload the ca.crt file to your Google Drive account or copy it to a thumb drive.

Now, the magic bit. You will need to make a p12 file from the user.crt and user.key files. For this I used OpenSSL but if you know how to use something else that's fine.
1): open a command window running in the folder where you extracted the files from the AirVPN.zip file
2): run the following command:
openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name YOURUSERNAME -out user.p12
3): openssl will ask you for a password twice. This password will be needed later.
4): copy the generated user.p12 file to either your Google Drive or a thumb drive.


And now finally on the chrome book!

Import the certs.

1): Click your user icon on the bottom-right, and then the gear to open the control panel. Type "certificates" in the search box and select Manage Certificates.
2): on the Your Certificates tab, click Import and Bind, and select the user.p12 file from above. Type in the password you used.
3): click the Authorities tab and click Import. Select the ca.crt file from above and import it. Check "trust this for websites" and hit OK.

Import the .onc file

1): from a new tab type in chrome://net-internals and hit enter
2): click on ChromeOS on the bottom, and then under Import ONC click Choose File. Select the .onc file you generated and hit ok. It will look like it did nothing.

But...

Now open your Network control panel and hey, a new VPN entry! Click it and it will show the name that you gave it before. Click Connect, and enter your password for your AirVPN account, and then check Save Identity and Password, then connect. You should be online! To verify, open Google.com and type in "whats my ip"in the search box and you *should* get a different ip than your ISP's number. You can also go into AirVPN.org on a different machine and select Client Area->Overview and verify that the server you are connected to on your chromebook has the same ip as what it says.

Notes and caveats:

This worked for me. The secrete sauce seems to be the user.p12 file generation. I don't know if you really need to import the ca.crt file or not - it shouldn't matter because it's in the .onc file but whatever. What also worked for me was using the TCP instead of UDP and port 1194 and not 443; however, on my Windows system on the same wifi network I can use Eddie in its default config (udp 443) just fine.

 



#5 raksiam

raksiam

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 09 September 2017 - 09:59 PM

thanks for putting this together. I was with you until the p12 part. I did the steps all leading to that point.

 

How the heck does one "open a command window in the folder where you extracted the files..."??

 

I am not an IT expert by any means. I am trying to do all of this on the fly on my Chromebook which is a little frustrating.



#6 Clodo

Clodo

    AirVPN Team

  • Staff
  • PipPipPip
  • 285 posts
  • LocationItaly

Posted 13 September 2017 - 12:08 PM   Best Answer

Success! And here's a complete how-to!

 

 

First of all, thank you.

So, I bought a ASUS CHROMEBIT CS10 Stick-Desktop PC (85$ on amazon.com) to test (and improve) your guide.

Some feedback from me.

 

The .onc file will by default use UDP; I had problems for some reason so I had to edit it.
1): Open the .onc file with Notepad and look for the "Proto": "udp" line. Change the "udp" to "tcp".

 

In my case, I need also to add the Cipher

"CompLZO": "false",
"Cipher": "AES-256-CBC",
"Port": 1194,
"Proto": "tcp",

otherwise the connection loops in Connected/Disconnected forever, because it tries to use the OpenVPN default BF-CBC (from chrome::/system -> netlog)
It's very strange that your guide works without needing this.

 

openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name YOURUSERNAME -out user.p12
3): openssl will ask you for a password twice. This password will be needed later.

 

The password will not need to be the AirVPN account password. Can be left blank.
You can also use

 

openssl pkcs12 -export -in user.crt -inkey user.key -certfile ca.crt -name 334f26309ded140bcea1b9e61afa59359cdc58c3 -out user.p12 -passout pass:

to skip directly.

 

2): on the Your Certificates tab, click Import and Bind, and select the user.p12 file from above. Type in the password you used.

 

Correct, highlight "Import and Bind", there are "Import" and "Import and Bind" buttons. I picked "Import" and I lost a lot of time for this :P Yes, my fault.
If a user chooses "Import" only, it doesn't work, "Cannot load certificate using PKCS#11 interface" in chrome://system -> netlog .

 

3): click the Authorities tab and click Import. Select the ca.crt file from above and import it. Check "trust this for websites" and hit OK.

 

I'm not sure but I don't think this is mandatory.

 

Now open your Network control panel and hey, a new VPN entry! Click it and it will show the name that you gave it before. Click Connect, and enter your password for your AirVPN account

 

You don't need to enter the real password. But it's mandatory, so you can write 'xxx'.

 

I don't know if you really need to import the ca.crt file or not - it shouldn't matter because it's in the .onc file but whatever.

 

Me too.

 

What also worked for me was using the TCP instead of UDP and port 1194 and not 443; however, on my Windows system on the same wifi network I can use Eddie in its default config (udp 443) just fine.

 

I have not yet tested other ports.

So, I will perform some other test, but I think we can write together a guide that can be considered an "official" guide for AirVPN and ChromeOS.
I will do all the automation that can be done, for example adapting Config Generator to generate directly .onc and p12 files.
Stay tuned and thanks again for your work. Ciao!

NOTE by Staff: the mentioned guide is available here: https://airvpn.org/topic/23846-using-airvpn-with-chromeos-chromebook-chromebit-etc/



#7 Clodo

Clodo

    AirVPN Team

  • Staff
  • PipPipPip
  • 285 posts
  • LocationItaly

Posted 13 September 2017 - 02:33 PM

I confirm it's working also on any port or protocols (tcp/udp), and importing the CA certificate  is not necessary.
I captured a lot of screenshots and I will publish a full guide when the Config Generator for ChromeOS is ready, with credits to @nopcode85 of course.



#8 Breakfast

Breakfast

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 07 December 2017 - 07:23 PM

Many thanks to nopcode85 for getting this working and to AirVPN for incorprorating into the configurator. I can now use my Chromebook on holiday!



#9 flat4

flat4

    Advanced Member

  • Members
  • PipPipPip
  • 390 posts

Posted 08 December 2017 - 09:48 PM

I confirm it's working also on any port or protocols (tcp/udp), and importing the CA certificate  is not necessary.
I captured a lot of screenshots and I will publish a full guide when the Config Generator for ChromeOS is ready, with credits to @nopcode85 of course.

 

 

this is freaking awesome, i just recently purchase an Chromebook and would love the config to generate the files for easy import and be on airvpn.







Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 15053 - BW: 55990 Mbit/sYour IP: 54.224.2.123Guest Access.