Running OpenVPN with custom options in Chrome OS

Finally managed to make my Chrome OS work with OpenVPN. The process is a little hairy, as there were certain customised settings that the GUI did not provide, such as customized port numbers and encryption type.

From the set of files that OpenVPN generates, the next step is to turn it into a .p12 format file:

openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt \
     -name MyClient -out client.p12

Once that is generated, we need to add the CA cert of ‘Authority’ (in my case a self-generated cert that identifies ourselves as the end target to connect to), and also add a cert to identify myself. Both can be set up using the URL chrome://settings/certificates.

Then we need to create a hand-spun configuration, in which the following JSON syntax needs to be written to a file to load:

{
    "Type":"UnencryptedConfiguration",
    "Certificates": [ {
        "GUID": "{CA-CERT-GUID-IDENTIFIER}",
        "Type": "Authority",
        "X509": "MIIEpzCCA4+gAwIBAgIJAMueiWq5WEIAMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTExMDEyODA2MjA0MFoXDTEyMDEyODA2MjA0MFowgZMxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIEwZSYWRpdXMxEjAQBgNVBAcTCVNvbWV3aGVyZTEVMBMGA1UEChMMRXhhbXBsZSBJbmMuMSAwHgYJKoZIhvcNAQkBFhFhZG1pbkBleGFtcGxlLmNvbTEmMCQGA1UEAxMdRXhhbXBsZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9EDplhyrVNJIoy1OsVqvD/K67B5PW2bDKKxGznodrzCu8jHsP1Ne3mgrK20vbzQUUBdmxTCWO6x3a3//r4ZuPOuZd1ViycWjt6mRfRbBzNrHzP7NiyFuXjdlz74beHQQLcHwvZ3qFAWZK37uweiLiDPaMaEQlka2Bztqx4PsogmSdoVPSCxi5Cl1XlJmITA03LlKpO79+0rEPRamWO/DMCwvffn2/UUjJLog4/lYe16HQ6iq/6bjhffm2rLXDFKOGZmBVbLNMCfANRMtdFWHYdBXERoUo2zpM9tduOOUNLy7E7kRKVm/wy38s51ChFPlpORrhimN2j1caar+KAv2tAgMBAAGjgfswgfgwHQYDVR0OBBYEFBTIImiXp+57jjgn2N5wq93GgAAtMIHIBgNVHSMEgcAwgb2AFBTIImiXp+57jjgn2N5wq93GgAAtoYGZpIGWMIGTMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGUmFkaXVzMRIwEAYDVQQHEwlTb21ld2hlcmUxFTATBgNVBAoTDEV4YW1wbGUgSW5jLjEgMB4GCSqGSIb3DQEJARYRYWRtaW5AZXhhbXBsZS5jb20xJjAkBgNVBAMTHUV4YW1wbGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggkAy56JarlYQgAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAnNd0YY7s2YVYPsgEgDS+rBNjcQloTFWgc9Hv4RWBjwcdJdSPIrpBp7LSjC96wH5U4eWpQjlWbOYQ9RBq9Z/RpuAPEjzRV78rIrQrCWQ3lxwywWEb5Th1EVJSN68eNv7Ke5BlZ2l9kfLRKFm5MEBXX9YoHMX0U8I8dPIXfTyevmKOT1PuEta5cQOM6/zH86XWn6WYx3EXkyjpeIbVOw49AqaEY8u70yBmut4MO03zz/pwLjV1BWyIkXhsrtuJyA+ZImvgLK2oAMZtGGFo7b0GW/sWY/P3R6Un3RFy35k6U3kXCDYYhgZEcS36lIqcj5y6vYUUVM732/etCsuOLz6ppw=="
    } ],

    "NetworkConfigurations": [ {
        "GUID": "{VPN-GUID-IDENTIFIER}",
        "Name": "My VPN Connection",
        "Type": "VPN",
        "VPN": {
            "Type": "OpenVPN",
            "Host": "vpn.unknown.host.domain",
            "OpenVPN": {
                "ServerCARef": "{CA-CERT-GUID-IDENTIFIER}",
                "AuthRetry": "interact",
                "Cipher": "AES256",
                "ClientCertType": "Pattern",
                "ClientCertPattern": {
                    "IssuerCARef": [ "{CA-CERT-GUID-IDENTIFIER}" ]
                },

                "CompLZO": "true",
                "Port": 62222,
                "Proto": "udp",
                "RemoteCertTLS":"server",
                "RemoteCertEKU": "TLS Web Server Authentication",
                "SaveCredentials": false,
                "ServerPollTimeout": 10,
                "Username": "MY_USER_NAME_IS_JOHN",
                "KeyDirection":"1",
                "TLSAuthContents":"-----BEGIN OpenVPN Static key V1-----\nad81f4aafe33ecbbc68ae88536ccd8d4\Gn9c929dfdd6d57aff5e082a37da9a827c\nca3f3db0815b1ae268bb106946c6e757\n4f5e624824b5e3c62c02a6098f1d4efe\n8d9858df2a73c5ec1a3b6e3901f1d70d\n3e16a318999d6515f3a7f1b0971ebe48\ne59145aa968c8c2b69926a78ce6ddf5f\nf5df09d1340bd3227ed65c294fe15273\nfc142b05a4bce36395c86727825c378a\n56ca3d32ccc888172f4549334835cae2\n39d7348daccba3c2131f6e62e85873aa\nbe8c79a342f64335963825468b262789\ne94148ea636272928002770262b345d7\na3bcf8637c2138ffebe47ac879755a5d\n51cfa985db7d56006e4d865dd0487a12\n55bfe0b9d162e0dc54457a9bb9bbeaaf\n-----END OpenVPN Static key V1-----\n"
            }
        }
    } ]
}