Last active
July 4, 2024 06:32
-
-
Save NiceRath/006391e810bb6052357a681d54bd7efd to your computer and use it in GitHub Desktop.
OpenVPN Profile for ChromeOS (ONC Format)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# onc file format reference: https://chromium.googlesource.com/chromium/src/+/main/components/onc/docs/onc_spec.md#OpenVPN-connections-and-types | |
# NOTE: it seems tls-crypt is not supported | |
# TLSAuth | |
tlsauth="$(cat tlsauth.key | sed '1,3d' | sed ':a;N;$!ba;s/\n/\\n/g')" | |
# CA Certificate | |
ca="$(cat ca.crt | sed '1,1d' | sed '$d' | sed ':a;N;$!ba;s/\n//g')" | |
# Client Certificate | |
## Remove password: | |
openssl pkcs12 -in client.p12 -nodes -out test.pem openssl pkcs12 -export -in test.pem -out cl.p12 | |
## Generate b64 of p12 and strip all line breaks | |
cert="$(base64 cl.p12 | sed ':a;N;$!ba;s/\n/ /g')" | |
# paste cert, ca and tlsauth in the onc file and test to import it at 'chrome://net-internals/#chromeos' | |
# { | |
# "Type":"UnencryptedConfiguration", | |
# "Certificates": [ { | |
# "GUID": "{1e05f740-64ed-603f-3f8a-ebc575d290a0}", | |
# "Type": "Authority", | |
# "X509": "<CA-CERT>" | |
# }, { | |
# "GUID": "01312de9-bee4-52e0-8c7e-c41706b50dd0", | |
# "PKCS12": "<CLIENT-CERT>", | |
# "Type": "Client" | |
# } ], | |
# "NetworkConfigurations": [ { | |
# "GUID": "830dd9ea-fcfc-52ca-ad6c-decd00a2acdd", | |
# "Name": "<PRETTY-NAME>", | |
# "Type": "VPN", | |
# "VPN": { | |
# "Type": "OpenVPN", | |
# "Host": "<SERVER IP or DNS>", | |
# "OpenVPN": { | |
# "Port": <SERVER PORT>, | |
# "Proto": "<SERVER PROTOCOL>", | |
# "CompLZO": "false", | |
# "UserAuthenticationType": "Password", | |
# "AuthNoCache": true, | |
# "AuthRetry": "interact", | |
# "SaveCredentials": false, | |
# "RemoteCertTLS": "server", | |
# "RemoteCertEKU": "TLS Web Server Authentication", | |
# "TLSVersionMin": "1.2", | |
# "VerifyX509": { | |
# "Name": "C=AT, ST=Styria, CN=OpenVPN", | |
# "Type": "subject" | |
# }, | |
# "ServerCARefs": ["{1e05f740-64ed-603f-3f8a-ebc575d290a0}"], | |
# "ClientCertType": "Ref", | |
# "ClientCertRef": "01312de9-bee4-52e0-8c7e-c41706b50dd0", | |
# "Cipher": "AES-256-GCM", | |
# "Auth": "SHA512", | |
# "TLSAuthContents": "<TLS-AUTH>" | |
# "RenegSec": 86400 | |
# } | |
# } | |
# } ] | |
# } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment