User Tools

Site Tools


chromebooks:openvpn

Configuring ChromeOS OpenVPN with PFSense

PFSense Certificates

Create CA

  1. Login to PFsense
  2. go to System → Certificate Manager
  3. With the CA's tab selected click on +Add
  4. Change method to Create an internal Certificate Authority
  5. Fill out the remaining fields with your details
  6. Click on Save
  7. Click on Export CA (blue star seal icon)
  8. Save the CA certificate to a secure location we will need it later

Create Server Cert

  1. While in System → Certificate Manager click on the Certificates tab
  2. Click on the +Add button
  3. Change method to Create internal Certificate
  4. Set the Certificate Authority to the CA you created in the previous section
  5. Change the Certificate Type to Server Certificate
  6. Fill out the remaining fields
  7. Finally click on Save

OpenVPN Server Setup

  1. Go to VPN → OpenVPN
  2. While on the Servers tab click on the +Add button
  3. Change Server Mode to Remote Access (User Auth)
  4. Change Protocol to UDP
  5. Change Device mode to tun
  6. Uncheck the box for Enable authentication for TLS Packets
  7. Under Peer Certificate Authority select the CA we created in the first section
  8. Under Server Certificate select the server certificate we created
  9. Change the Encryption Algorithm to BF-CBC (128 bit)
  10. Verify Auth Digest is set to SHA1 (160-bit)
  11. Under IPv4 Tunnel Network enter a unused network like 192.168.132.0/24
  12. Under IPv4 Local Network enter the network of your local LAN network
  13. Verify Compression is set to No Prefernce
  14. Finally click on Save

Create Users

  1. Go to System → User Manager
  2. Under the Users tab click on +Add
  3. Enter a Username and Password
  4. Click on Save
  • Remember the username and password we will use them to configure the openvpn client on the ChromeOS device

ChomeOS Setup

Import CA

  1. Go to Settings
  2. Then Click on Manage Certificates
  3. Click on the Authorities Tab.
  4. Click Import
  5. Find the file that you Exported in the first section
  6. You just need to make sure Trust this certificate for identifying websites, but you can check all the boxes
  7. Click Ok

Setup VPN Client

  1. Go to Settings
  2. Click on Private Network the click on OpenVPN / L2TP
  3. For Server Hostname enter the HOSTNAME:PORT of your PFsense machine
  4. You can enter any Service Name that you want
  5. Set Provider type to OpenVPN
  6. For Server CA certificate select the CA you just added in the previous section
  7. Then enter the username and password you entered for the user backing PFsense
chromebooks/openvpn.txt · Last modified: 2016/12/14 14:10 by tschulz