VPN Client setups

Our vpn server is running Openvpn, so these instructions are aimed at that.

Chromebooks

This page is the most helpful one I found. It is strangely difficult to set up an openvpn client on a chromebook in 2019 -- it hasn't changed significantly since I first followed these instructions a few years ago. But it does work and, now that we have working .onc files we can keep using them. Here is a brief reminder to myself for next time:

  • install a ca.crt file on the chromebook by navigating to chrome://settings/certificates (this one goes in the Authorities tab)
  • install cdisales.p12 the same way, under the YourCertificates tab
  • install cdi_vpn2.onc by navigating to chrome://net-internals/#chromeos

The onc file auto-fills the fields and creates a clickable vpn.

I've used the same 3 files on a few different chromebooks and that seems to work fine. Not sure if it will introduce problems if multiple clients try to connect to the VPN simultaneously. And I'm also not sure if this is proper security practice.

Mac

According to this helpful page it is necessary to install a program on the mac to use openvpn.

Tunnelblick wants ovpn configuration files (it might also work with .conf files).

The ovpn file is a text file containing a few details like the IP address of the server and all of the certs and keys with xml style delineators. I created one following this example. Have not tested yet.

The ovpn file is not yet working. I have re-checked that:
  • the ca section matches ca.crt
  • the cert section matches cdisale.crt
  • the private key section matches cdisales.key
  • the tls-auth section matches ta.key - BUT how should this be formatted

When I tested this on Jeni's mac it didn't work. The error message is something related to authentication. It is definitely contacting the server and there are log messages when it tries but they don't look very informative so far.

It may be that the authentication should be from the p12 file in the mac's "keychain". There's a way to put a reference to that in the ovpn file.

I haven't been able to find a nice example ovpn file for a mac yet.

Android

To help debug the mac vpn I created cdisales.ovpn, loaded it on to my phone, and used it with the Openvn android app. It seems to work. So maybe it will work with the mac when I get a chance to try it.

File locations

VPN configuration files are in subdirectories on my google drive of Work/OpenVpnConfigurations. This is so that chromebook and mac clients can get them, when they're shared.

They were generated using easy-rsa on n30 and the originals can be found there under /etc/openvpn/easy-rsa/keys.

See also

Easy-rsa is well documented here: https://wiki.archlinux.org/index.php/Easy-RSA.

-- BenDugan - 07 Jun 2022
Topic revision: r1 - 07 Jun 2022, BenDugan
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback