-
Notifications
You must be signed in to change notification settings - Fork 0
VPNC
Chromium OS has VPN support built-in, but connecting to some VPNs requires client features and configurations that are not available. For those networks, it is possible to establish a VPN connection from a chroot that is usable from both within the chroot and Chromium OS.
These instructions assume you are running an Ubuntu chroot and have been tested with precise.
$ sudo apt-get install vpnc
Create a vpnc conf file as per man vpnc. A selection from the man page to help get you started:
This is an example vpnc.conf with pre-shared keys:
IPSec gateway vpn.example.com
IPSec ID ExampleVpnPSK
IKE Authmode psk
IPSec secret PskS3cret!
Xauth username user@example.com
Xauth password USecr3t
And another one with hybrid authentication (requires that vpnc was
built with openssl support):
IPSec gateway vpn.example.com
IPSec ID ExampleVpnHybrid
IKE Authmode hybrid
CA-Dir /etc/vpnc
or
CA-File /etc/vpnc/vpn-example-com.pem
IPSec secret HybS3cret?
Xauth username user@example.com
Xauth password 123456
vpnc doesn't seem to work with tun devices in a Chromium chroot, but tap works just fine.
$ sudo vpnc --ifmode tap ~/vpn/myvpn.conf
Given a valid ~/vpn/myvpn.conf, this will create a VPN tunnel that is shared by both the chroot and Chromium OS.
The VPNC options for automatically updating DNS don't seem to work, so until someone finds an automatic solution for re-configuring DNS you'll have to do it manually. This can be accomplished by overwriting /var/host/shill/resolv.conf with a hard-coded version configured for your VPN. This can be automated by writing a simple shell script around the vpnc connect/disconnect. To preserve continuity of connectivity across VPN connects/disconnects, I recommend stashing away a copy of resolv.conf before overwriting during connect, and then restoring the stashed copy during disconnect.
As with the VPN connection itself, /var/host/shill/resolv.conf is shared between the chroot and Chromium OS, so your DNS changes will take effect in both environments.
Chromium OS enables wifi power management by default, which will cause your wifi radio to turn off somewhat aggressively during short idle periods. This can be very inconvenient when using vpnc since there is no auto-reconnect, and especially if your particular VPN requires a token passcode on each connect. You may find it useful to disable wifi power manager while connected to the VPN to help stay connected. This can be accomplished via the wireless-tools package:
$ sudo apt-get install wireless-tools
Once installed, you can enable or disable wifi power management in your vpnc connect/disconnect scripts as follows:
$ sudo iwconfig wlan0 power off $ sudo iwconfig wlan0 power on
The same disclaimers apply if Chromium OS decides to put your Chromebook into sleep. You may want to look into the various options available to disable Chromium OS power management, such as Caffeine.