Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 4 subscribers
  • Views 12107 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ChromeOS SSL VPN

MattCROWDER

I am attempting to connect my Chromebook to the SSL VPN, but I cannot locate the onc file and necessary certificates.

How do I generate the items necessary to use ChromeOS to connect to the VPN?

Thank you for your help.



This thread was automatically locked due to age.
Parents
  • 0

    Yup - using it now on my chromebook.  The http://blog.dwolla.com/openvpn-on-chromeos-a-step-by-step-guide/  mostly works fine.  You'll need to use a full-blown openssl (e.g. Linux box) to create the .p12 file... don't use your chromebook.

    Here is a sample .ONC file - important line I just added (and is not in the sample).... the ""IgnoreDefaultRoute": true" is new.  Otherwise, you'd end up with 2 default routes, and coudln't have a split tunnel. 

    ###################

    {
    "Type": "UnencryptedConfiguration",
    "NetworkConfigurations": [
    {
    "GUID": "{vpn4us201602231651}",
    "Name": "ExampleUsingTCP",
    "Type": "VPN",
    "VPN": {
    "Type": "OpenVPN",
    "Host": "XX.XX.XX.XX",
    "OpenVPN":
    {
    "Auth": "SHA1",
    "ClientCertType": "Ref",
    "CompLZO": "true",
    "Cipher": "AES-128-CBC",
    "Port": 1194,
    "Proto": "tcp",
    "SaveCredentials": true,
    "ServerCARef": "{cacert}",
    "ClientCertRef": "{clientcert}",
    "IgnoreDefaultRoute": true,
    "Verb": "3",
    "RemoteCertTLS": "none",
    "ServerPollTimeout": 360
    }
    }
    }
    ],
    "Certificates": [
    {
    "GUID": "{cacert}",
    "Type": "Authority",
    "X509": "-----BEGIN CERTIFICATE-----

    (snip)

    -----END CERTIFICATE-----"
    },
    {
    "GUID": "{clientcert}",
    "Type": "Client",
    "X509": "-----BEGIN CERTIFICATE-----

    (snip)

    -----END CERTIFICATE-----"
    }
    ]
    }

Reply
  • 0

    Yup - using it now on my chromebook.  The http://blog.dwolla.com/openvpn-on-chromeos-a-step-by-step-guide/  mostly works fine.  You'll need to use a full-blown openssl (e.g. Linux box) to create the .p12 file... don't use your chromebook.

    Here is a sample .ONC file - important line I just added (and is not in the sample).... the ""IgnoreDefaultRoute": true" is new.  Otherwise, you'd end up with 2 default routes, and coudln't have a split tunnel. 

    ###################

    {
    "Type": "UnencryptedConfiguration",
    "NetworkConfigurations": [
    {
    "GUID": "{vpn4us201602231651}",
    "Name": "ExampleUsingTCP",
    "Type": "VPN",
    "VPN": {
    "Type": "OpenVPN",
    "Host": "XX.XX.XX.XX",
    "OpenVPN":
    {
    "Auth": "SHA1",
    "ClientCertType": "Ref",
    "CompLZO": "true",
    "Cipher": "AES-128-CBC",
    "Port": 1194,
    "Proto": "tcp",
    "SaveCredentials": true,
    "ServerCARef": "{cacert}",
    "ClientCertRef": "{clientcert}",
    "IgnoreDefaultRoute": true,
    "Verb": "3",
    "RemoteCertTLS": "none",
    "ServerPollTimeout": 360
    }
    }
    }
    ],
    "Certificates": [
    {
    "GUID": "{cacert}",
    "Type": "Authority",
    "X509": "-----BEGIN CERTIFICATE-----

    (snip)

    -----END CERTIFICATE-----"
    },
    {
    "GUID": "{clientcert}",
    "Type": "Client",
    "X509": "-----BEGIN CERTIFICATE-----

    (snip)

    -----END CERTIFICATE-----"
    }
    ]
    }

Children
No Data
Unfiltered HTML