Using OpenVPN and PFSense on a chromebook

This took WAY too long to figure out, so here is a summary of how I got OpenVPN client working with a PFSense server.

First create an openvpn profile in pfsense.

The IP addresses and CAs will be different for you (I’m not going to go into that part, but you should have a CA and User certs already setup)

Server Mode

  • Remote Access SSL/TLS + User Auth
  • UDP
  • TUN mode
  • pick any port you want

Cryptographic Settings

  • Enable TLS auth
  • Autogenerate the TLS key, we’ll need to get this key later on
  • Server cert should be the one you generated your user certs off of
  • DH length is 2048
  • Encryption algorithm is BF-CBC 128 (I know, just pick it)
  • Auth digest is SHA-1 160

Tunnel Settings

  • IPV4 network is just  a small network for your VPN endpoints. I like a /28
  • Do not select redirect gateway. ChromeOS will anyway
  • IPv4 local network should be the networks you use in your LAN
  • Compression is Enabled with Adaptive compression

Client Settings

I spent way too much time on this part.

  • Address pool should be checked
  • Topology should be Net30

Advanced settings

  • Nothing checked in this section

The ChromeOS part has been done way better by others, so I won’t touch that, but don’t try to use the builtin OpenVPN support in chromeOS. I ended up with TLS auth issues, instead I went down the ONC file route and just generated an ONC file using the handy javascript ONC generator.