Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 12106 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ChromeOS SSL VPN

MattCROWDER

I am attempting to connect my Chromebook to the SSL VPN, but I cannot locate the onc file and necessary certificates.

How do I generate the items necessary to use ChromeOS to connect to the VPN?

Thank you for your help.



This thread was automatically locked due to age.
  • 0

    Hi, Matt, and welcome to the UTM Community!


    Did you try Scott Klassen's suggestion? https://community.sophos.com/products/unified-threat-management/f/58/p/55561/203776#203776

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks, Bob!

    I found Scott Klassen's suggestion after I posted my question, but I have not had an opportunity to work through the solution.  

    If I may make a recommendation, I would like to see the ability to provide the .onc file along with the .ovpn file to the end users.

  • 0 in reply to MattCROWDER

    Matt, I think you'll find a similar suggestion on the official site for requesting new Features.  You will want to vote for and comment on the existing suggestion.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Yup - using it now on my chromebook.  The http://blog.dwolla.com/openvpn-on-chromeos-a-step-by-step-guide/  mostly works fine.  You'll need to use a full-blown openssl (e.g. Linux box) to create the .p12 file... don't use your chromebook.

    Here is a sample .ONC file - important line I just added (and is not in the sample).... the ""IgnoreDefaultRoute": true" is new.  Otherwise, you'd end up with 2 default routes, and coudln't have a split tunnel. 

    ###################

    {
    "Type": "UnencryptedConfiguration",
    "NetworkConfigurations": [
    {
    "GUID": "{vpn4us201602231651}",
    "Name": "ExampleUsingTCP",
    "Type": "VPN",
    "VPN": {
    "Type": "OpenVPN",
    "Host": "XX.XX.XX.XX",
    "OpenVPN":
    {
    "Auth": "SHA1",
    "ClientCertType": "Ref",
    "CompLZO": "true",
    "Cipher": "AES-128-CBC",
    "Port": 1194,
    "Proto": "tcp",
    "SaveCredentials": true,
    "ServerCARef": "{cacert}",
    "ClientCertRef": "{clientcert}",
    "IgnoreDefaultRoute": true,
    "Verb": "3",
    "RemoteCertTLS": "none",
    "ServerPollTimeout": 360
    }
    }
    }
    ],
    "Certificates": [
    {
    "GUID": "{cacert}",
    "Type": "Authority",
    "X509": "-----BEGIN CERTIFICATE-----

    (snip)

    -----END CERTIFICATE-----"
    },
    {
    "GUID": "{clientcert}",
    "Type": "Client",
    "X509": "-----BEGIN CERTIFICATE-----

    (snip)

    -----END CERTIFICATE-----"
    }
    ]
    }

Unfiltered HTML