Connecting to a Cisco VPN with OpenConnect on a Chromebook without Crouton
I have been looking at a Toshiba Chromebook 2 with Full HD screen for the last few months. The $300 price tag, my dying home laptop, and the good reviews convinced me to finally take the plunge and purchase it as a laptop for home use.
If you, like myself, have a Cisco VPN at work, you might find out that you can’t connect the Chromebook to your VPN. From what our network engineer found out it’s basically just some XAUTH mismatch. If you don’t know what that is, the basic take away is - you can’t connect without having additional software, OpenConnect. But how to run it in a Chromebook?
First try: Install Crouton
Crouton is a piece of software that allows you to run a full linux desktop on your chromebook.
You heard me. Full linux desktop.
The instructions are simple enough - put your chromebook into development mode, install crouton, install a whole linux desktop and then inside it install and run openconnect.
Well. Not so simple, but currently that’s your most supported option. Crouton is made by a guy working at Google, which is probablly the closest thing to ‘supported’ that you’re going to get. But if having a full linux installation is not something you want, there’s now an alternative.
Second try: Chromebrew
Chromebrew is a set of packages which are missing from the Chromebook, even in developer mode. These packages contain a compiler, development headers and utilities that allow you to build software for the platform you’re on. This software is most likely cross compiled on a similar environment and then packaged for Chromebooks.
Only problem is, the official repository from @skycocker is outdated. I asume the developer is busy with work, and from what I can see from the issues and comments,
chromebrew is basically a dead project.
Things might change, but currently the developer seems to be on a few month hiatus, and this required me to create a fork, and add additional packages. And now you can install openconnect :)
When in developer mode, Chromebooks have a terminal which you open with
. When you open the terminal, typeshell` (enter) and then install my fork of chromebrew, which includes the openconnect packages.
wget -q -O - https://raw.github.com/titpetric/chromebrew/master/install.sh | bash
After installing my fork of the software, all that is needed is to run
crew install openconnect
See? Now you have openconnect! A few more things are needed so you can use it.
# switch user to root sudo su - # create vpnc folder mkdir /usr/local/etc/vpnc cd /usr/local/etc/vpnc # get the latest vpnc-script needed by openconnect wget http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script # make it executable chmod a+x vpnc-script exit
This sets you up with almost everything. One more thing which is needed is to create a helper script, to use when connecting to a vpn.
$ cat /usr/local/bin/vpn #!/bin/bash VPNHOST=$1 if [ -z "$VPNHOST" ]; then echo "Usage: ./vpn [host]" exit fi /bin/ip tuntap add dev tun0 mode tun openconnect -i tun0 $1 /bin/ip tuntap del dev tun0 mode tun
ip tuntap lines take care of creating the tunnel interface
tun0, which openconnect then uses for the traffic between you and your VPN.
So that’s it. Whenever you need to run a VPN session, open a terminal (ctrl+alt+t), enter a shell (shell), become root (sudo su -) and
And when you want to disconnect, switch back to this terminal and press
C and type
exit a couple of times.
Sorry, the process is not very friendly, but these are your only options until the Chromebook team decides or makes a better way to get a compiler environment onto your chromebook.
When in development mode, Chromebook provides a
dev_install script, which gives you some other software for Chromebook, using
Unfortunately, a compiler is not between the packages provided. Having the option of installing a compiler with
emerge would enable
some concept of trust in package managers like
chromebrew, or would at least enable some smart guys to build our a propper
software mirror with additional software like openconnect, unzip, sshfs, samba, …
After some time using the Chromebook I am very happy about some aspects of it. Battery life is great, email is there, dropbox is there, and with developer mode there is at leat an idea of a propper linux terminal - but because of lacking software, it’s far from it. With chromebrew some of the pitfalls of my environment could be overcame.
- SSHFS should be native (Like google Drive, extension for
SFTPdoesn’t work well)
- SSH client doesn’t manage ssh identities well (Agent forwarding doesn’t work unless you do it with
ssh -A, …)
- No options to connect to NAS shares (NFS, Samba/cifs)
I hope some of it will be considered in the future, or atleast solved by stable extensions, like the one for Dropbox.
While I have you here...
It would be great if you buy one of my books:
Want to stay up to date with new posts?