Connecting to a Cisco VPN with OpenConnect on a Chromebook without Crouton

I have been looking at a Toshiba Chromebook 2 with Full HD screen for the last few months. The $300 price tag, my dying home laptop, and the good reviews convinced me to finally take the plunge and purchase it as a laptop for home use.

If you, like myself, have a Cisco VPN at work, you might find out that you can’t connect the Chromebook to your VPN. From what our network engineer found out it’s basically just some XAUTH mismatch. If you don’t know what that is, the basic take away is - you can’t connect without having additional software, OpenConnect. But how to run it in a Chromebook?

First try: Install Crouton

Crouton is a piece of software that allows you to run a full linux desktop on your chromebook.

You heard me. Full linux desktop.

The instructions are simple enough - put your chromebook into development mode, install crouton, install a whole linux desktop and then inside it install and run openconnect.

Well. Not so simple, but currently that’s your most supported option. Crouton is made by a guy working at Google, which is probablly the closest thing to ‘supported’ that you’re going to get. But if having a full linux installation is not something you want, there’s now an alternative.

Second try: Chromebrew

Chromebrew is a set of packages which are missing from the Chromebook, even in developer mode. These packages contain a compiler, development headers and utilities that allow you to build software for the platform you’re on. This software is most likely cross compiled on a similar environment and then packaged for Chromebooks.

Only problem is, the official repository from @skycocker is outdated. I asume the developer is busy with work, and from what I can see from the issues and comments, chromebrew is basically a dead project. Things might change, but currently the developer seems to be on a few month hiatus, and this required me to create a fork, and add additional packages. And now you can install openconnect :)

When in developer mode, Chromebooks have a terminal which you open with CTRL+ALT+T. When you open the terminal, type shell` (enter) and then install my fork of chromebrew, which includes the openconnect packages.

wget -q -O - https://raw.github.com/titpetric/chromebrew/master/install.sh | bash

After installing my fork of the software, all that is needed is to run

crew install openconnect

See? Now you have openconnect! A few more things are needed so you can use it.

# switch user to root
sudo su -

# create vpnc folder
mkdir /usr/local/etc/vpnc
cd /usr/local/etc/vpnc

# get the latest vpnc-script needed by openconnect
wget http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script

# make it executable
chmod a+x vpnc-script
exit

This sets you up with almost everything. One more thing which is needed is to create a helper script, to use when connecting to a vpn.

$ cat /usr/local/bin/vpn 
#!/bin/bash
VPNHOST=$1
if [ -z "$VPNHOST" ]; then
        echo "Usage: ./vpn [host]"
        exit
fi
/bin/ip tuntap add dev tun0 mode tun
openconnect -i tun0 $1
/bin/ip tuntap del dev tun0 mode tun

The ip tuntap lines take care of creating the tunnel interface tun0, which openconnect then uses for the traffic between you and your VPN.

So that’s it. Whenever you need to run a VPN session, open a terminal (ctrl+alt+t), enter a shell (shell), become root (sudo su -) and

vpn your.vpn.gateway.example.com

And when you want to disconnect, switch back to this terminal and press CTRL+C and type exit a couple of times.

Sorry, the process is not very friendly, but these are your only options until the Chromebook team decides or makes a better way to get a compiler environment onto your chromebook.

Additional info

When in development mode, Chromebook provides a dev_install script, which gives you some other software for Chromebook, using emerge. Unfortunately, a compiler is not between the packages provided. Having the option of installing a compiler with emerge would enable some concept of trust in package managers like chromebrew, or would at least enable some smart guys to build our a propper software mirror with additional software like openconnect, unzip, sshfs, samba, …

Suma sumarum

After some time using the Chromebook I am very happy about some aspects of it. Battery life is great, email is there, dropbox is there, and with developer mode there is at leat an idea of a propper linux terminal - but because of lacking software, it’s far from it. With chromebrew some of the pitfalls of my environment could be overcame.

Currently:

1. SSHFS should be native (Like google Drive, extension for SFTP doesn’t work well)
2. SSH client doesn’t manage ssh identities well (Agent forwarding doesn’t work unless you do it with ssh-agent bash, ssh -A, …)
3. No options to connect to NAS shares (NFS, Samba/cifs)

I hope some of it will be considered in the future, or atleast solved by stable extensions, like the one for Dropbox.

While I have you here...

It would be great if you buy one of my books:

• Go with Databases
• Advent of Go Microservices
• API Foundations in Go
• 12 Factor Apps with Docker and Go

I promise you'll learn a lot more if you buy one. Buying a copy supports me writing more about similar topics. Say thank you and buy my books.

Feel free to send me an email if you want to book my time for consultancy/freelance services. I'm great at APIs, Go, Docker, VueJS and scaling services, among many other things.