[ Update: take a look at this write up as well ]
ChromeOS has a minimalistic design does a fairly good job at hiding the complex internals of the operating system. But deep inside it still runs linux and has a full blown openvpn client. In this post I’ll show you how to use “ONC” (Open Network Configuration) format to configure OpenVPN client inside ChromeOS. This file is very similar to an .ovpn file.
The core scripts which did the cert conversion and created the sample ONC file was contributed by Ralph by reading the ONC documentations by himself. If there is a bleeding-edge user of chromebook.. he is the best example I can think off.
These scripts are now published on github and here is a step by step guide of how to use it.
Step 1: Launch a new amazon instance ( Based on Amazon Linux AMI )
- Pick defaults for everything ( Use t1.micro for the cheapest instance )
- If you don’t already have a keypair, create one yourself and upload your public key to amazon
Step 2: Update security group you used. Allow UDP:1194 incoming.
- Open 1194 UDP incoming
- Open 22 TCP incoming
Step 3: Find the IP address of the new instance.
- Find the “Public DNS” address. This is the address we will SSH to.
Step 4: SSH into the server
- If you only have a chromebook, use this extension to initiate ssh
- Upload both private and public key to this extension.
- Fill in the hostname and username (ec2-user)
Step 5: Run the quick setup script
curl https://raw.github.com/royans/ec2_chromeos_openvpn/master/quicksetup.sh > quicksetup.sh;
chmod +x quicksetup.sh;
sudo ./quicksetup.sh email@example.com
- These three lines downloads the script and launches the setup script.
- Remember to put in your email address instead of the one listed here
- This step may take two to three minutes before it prompts you for anything
Step 6: Select default values
- When it does prompt you, just choose the defaults
- If it asks you y/n questions… just select ‘y’
- It will ask you for password a few times… just press enter (which sets no password on the keys)
- Remember this is proof of concept and that you should customize it before you can use it for real stuff
Step 7: Wait for the email. Download the ONC file attached.
Step 8: Upload ONC file into chromebook
- Make sure it says “ONC file successfully parsed” after the import.
- [Advanced users: /var/logs/ui/ui.LATEST will have parse errors if you want to investigate a failed import]
Step 9: Try to connect to the openvpn server
- Just click on “Connect”
Step 10: Connected
- At this point you should see a solid (should not be blinking) VPN signal on the wifi icon.
Step 11: Verify if its traffic is being routed through amazon
- Visit https://toolbox.googleapps.com/apps/browserinfo/ and it should report your IP to be the same as the one you did SSH into.