Differences

This shows you the differences between two versions of the page.

--- chromebooks:openvpn [2016/12/14 09:10]
tschulz created
+++ chromebooks:openvpn [2016/12/14 14:10] (current)
tschulz
@@ Line 3: / Line 3: @@
 ===== PFSense Certificates =====
 ==== Create CA ====
+{{ :chromebooks:cert_ca_crop.png?200|}}
   - Login to PFsense
   - go to **System -> Certificate Manager**
@@ Line 11: / Line 12: @@
   - Click on **Export CA** (blue star seal icon)
   - Save the CA certificate to a secure location we will need it later
 ==== Create Server Cert ====
+{{ :chromebooks:cert_server_crop.png?200|}}
   - While in **System -> Certificate Manager** click on the **Certificates** tab
   - Click on the **+Add** button
@@ Line 20: / Line 23: @@
   - Fill out the remaining fields
   - Finally click on **Save**
 ===== OpenVPN Server Setup =====
+{{ :chromebooks:server_settings.png?200|}}
   - Go to **VPN -> OpenVPN**
   - While on the **Servers** tab click on the **+Add** button
-  -
+  - Change **Server Mode** to **Remote Access (User Auth)**
+  - Change **Protocol** to **UDP**
+  - Change **Device mode** to **tun**
+  - Uncheck the box for **Enable authentication for TLS Packets**
+  - Under **Peer Certificate Authority** select the CA we created in the first section
+  - Under **Server Certificate** select the server certificate we created
+  - Change the **Encryption Algorithm** to **BF-CBC (128 bit)**
+  - Verify **Auth Digest** is set to **SHA1 (160-bit)**
+  - Under **IPv4 Tunnel Network** enter a unused network like **192.168.132.0/24**
+  - Under **IPv4 Local Network** enter the network of your local LAN network
+  - Verify **Compression** is set to **No Prefernce**
+  - Finally click on **Save**
+===== Create Users =====
+  - Go to **System -> User Manager**
+  - Under the **Users** tab click on **+Add**
+  - Enter a **Username** and **Password**
+  - Click on Save
+  * Remember the username and password we will use them to configure the openvpn client on the ChromeOS device
+====== ChomeOS Setup ======
+===== Import CA =====
+{{ :chromebooks:ca_import2.png?200|}}{{ :chromebooks:ca_import1.png?200|}}
+  - Go to **Settings**
+  - Then Click on **Manage Certificates**
+  - Click on the **Authorities Tab**.
+  - Click **Import**
+  - Find the file that you Exported in the first section
+  - You just need to make sure **Trust this certificate for identifying websites**, but you can check all the boxes
+  - Click Ok
+===== Setup VPN Client =====
+{{ :chromebooks:openvpn_client_setup.png?200|}}
+  - Go to **Settings**
+  - Click on **Private Network** the click on **OpenVPN / L2TP**
+  - For **Server Hostname** enter the **HOSTNAME:PORT** of your PFsense machine
+  - You can enter any **Service Name** that you want
+  - Set **Provider type** to **OpenVPN**
+  - For **Server CA certificate** select the CA you just added in the previous section
+  - Then enter the username and password you entered for the user backing PFsense

ISD 820 Knowledge Base

User Tools

Site Tools

Differences

Page Tools