Skip to content

Instantly share code, notes, and snippets.

@eclectice

eclectice/README.md

Forked from aelindeman/README.md
Created October 22, 2022 01:53
Show Gist options
  • Save eclectice/d68d72807ade72e4f93edd391a5828ab to your computer and use it in GitHub Desktop.
Save eclectice/d68d72807ade72e4f93edd391a5828ab to your computer and use it in GitHub Desktop.
Download ZIP
ONC-format OpenVPN client configuration (Chrome OS) for OVPN
Raw
README.md

Instructions

  1. Download https://files.ovpn.com/ubuntu_cli/ovpn-us.zip
  2. Unzip it
  3. Fill in the template
    • UUID #1 and #2: create two UUIDs either from something like https://www.uuidgenerator.net/ or by running cat /proc/sys/kernel/random/uuid in a terminal, then paste them into the fields (leave in the curly braces)
    • Server CA: ovpn-ca.crt from the download - remove the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, make the rest all one line, then paste it into the X509 field
    • Host: the OVPN server you wish to use - I chose US servers, but if you follow the "Ubuntu CLI" guide and download the zip file, the ovpn.conf file has a remote field where you can find a different host
    • Client key: ovpn-tls.key from the download - run grep -v '#' ovpn-tls.key | perl -p -e 's/\n/\\n/' - and paste the result into the TLSAuthContents field
    • Fill in your OVPN username and password
  4. Go to chrome://net-internals, pick your ONC file where it says "Import ONC file"
  5. Nothing obvious will happen once you hit Upload, but if it worked a new "OVPN" connection should appear in Settings

Sources

I used these to make this template. Check them out in case something doesn't work right.

Raw
ovpn.onc
{
"Type": "UnencryptedConfiguration",
"Certificates": [
{
"GUID": "{<uuid #1>}",
"Type": "Authority",
"X509": "<server ca cert>"
}
],
"NetworkConfigurations": [
{
"GUID": "{<uuid #2>}",
"Name": "OVPN",
"Type": "VPN",
"VPN": {
"Type": "OpenVPN",
"Host": "<preferred server - e.g. pool-1.prd.us.ovpn.com>",
"OpenVPN": {
"ServerCARef": "{<uuid #1>}",
"ClientCertType": "Pattern",
"ClientCertPattern": {
"IssuerCARef": [
"{<uuid #1>}"
]
},
"AuthRetry": "interact",
"CompLZO": "true",
"Port": 1194,
"Proto": "udp",
"RemoteCertTLS": "server",
"RemoteCertEKU": "TLS Web Server Authentication",
"KeyDirection": "1",
"TLSAuthContents": "<client key>",
"SaveCredentials": true,
"ServerPollTimeout": 10,
"UserAuthenticationType": "Password",
"Username": "<username>",
"Password": "<password>"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment