Openvpn support

Comments

8 comments

  • Forrest Smith

    Rob -

    Sadly, I'm ignorant in this matter. I'll see if our more technical trouble comment!

  • Forrest Smith

    Hi Rob,

    I don't know that we can help you with this issue at the moment. The number of dependencies for openvpn might be very large, and I don't know for sure that they're all included.

    Can you give me some more details about how you're trying to enable this?

  • Rob Davis

    We have openvpn setup on the router side to accept connections. Chromebooks implementation of openvpn is pretty buggy, but we managed to get it to work. OpenVpn is basically a VPN using ssl certificates. You put 2 on the router side, and two on the client side. You can either load these directly into the chromebook, or put them in a script, .onc, which is what we did. We managed to get the script working for normal chromebooks.

    Here is a guide:

    http://blog.dwolla.com/openvpn-on-chromeos-a-step-by-step-guide/

    In our usage case, we have a bunch of remote workers who connect back into the building using openvpn, from there they use chromerdp to connect to a Windows terminal server.

  • James Evans

    I am also evaluating Cloudready, and am having the same problem with OpenVPN. This is a show stopper for us, as all our remote access policies are built around OpenVPN. I'd be more than happy to help debug this issue if that will speed a resolution.

    I have attempted both the .onc solution as well as configuring via the GUI. The configuration is working on HP Chromebooks, so I'm confident that the .onc file is correct.

  • Matt Christian

    FYI, I don't think the the OpenVPN client problems are specific to CloudReady. I had very similar problems with trying to get OpenVPN client on Chrome OS and Chromium OS to work with pfSense. The OpenVPN client is just very buggy right now and Google seems to know about it.

    There are dozens of known open issues on the chromium bug tracker.
    https://code.google.com/p/chromium/issues/list?can=2&q=openvpn

    Too badly broken, OpenVPN just won’t function correctly.
    https://docs.google.com/document/d/18TU22gueH5OKYHZVJ5nXuqHnk2GN6nDvfu2Hbrb4YLE/pub

    • Matt
  • James Evans

    @Matt,

    None of these bugs describe the behavior reported here. Yes, OpenVPN support is kinda rough around the edges, but it isn't hard to make work on Chromebooks. Our OpenVPN solution is working perfectly well from Linux, Windows, Mac OS, Android and ChromeOS. I believe the issue here has to do with the lack of TPM support on non-Chromebook hardware.

    The difference between "Import" and "Import and Bind to Device" is probably the root of this. It seems like supporting non-TPM certificate storage is something that CloudReady needs to address to make older hardware useful to many users.

  • James Evans

    A little more detail from the debug log:
    NOTICE openvpn[xxxx]: PKCS#11: Adding PKCS#11 provider 'libchaps.so'
    WARNING openvpn[xxxx]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
    WARNING openvpn[xxxx]: Cannot load certificate "<certificate iD>" using PKCS#11 interface
    WARNING shill[xxx]: [WARNING:openvpn_managment_server.cc(206)] Message ignored: >FATAL:Error:private key password verification failed
    ERR openvpn[xxxx]: Error: private key password verification failed

  • Matt Christian

    James,

    Interesting observations. My previous attempts to get OpenVPN client to work on both official Chrome OS and unofficial Chromium OS were unsuccessful. Perhaps due to not using the Google Management Console? This was done purely on standalone Chromebooks and laptops, not managed by Google Apps. That's yet another difference and perhaps the source of my troubles?

    Thanks for your thoughts and feedback.

Please sign in to leave a comment.