These instructions will show you how to set up OpenVPN on a Chromebook.
In this article:
- Step 1. Review and request access
- Step 2: Set up your office computer for Remote Desktop Connection
- Step 3: Import the required certificates onto your Chromebook
- Step 4: Open a VPN connection
- Additional: Start a Remote Desktop Connection
- Additional: Terminating the VPN connection
Step 1. Request access (if you need to)
OpenVPN works on a per-user permission basis. As such, you normally have to request access to resources like your desktop PC or other protected resources not normally accessible from off campus.
However, there are some exceptions listed below which are automatically available to relevant staff that you don’t need to explicitly request and will just work for you. If in doubt about your OpenVPN permissions, please check your OpenVPN Account Details.
For off campus access to Agresso and iTrent
Staff who can access Agresso are automatically given access to: https://agrlive.essex.ac.uk/agresso/Login/Login.aspx
Staff who have access to iTrent (People Manager etc) are automatically given access to: https://ihr.essex.ac.uk/tlive_web/wrd/run/etadm001gf.open
For Remote Desktop Connection and access to other resources and services
If you require more than the default access to Agresso and/or iTrent, then you must email the IT Helpdesk at firstname.lastname@example.org with the following details:
- your Essex ID
- your office computer's S number (if you want to use Remote Desktop Connection)
- details of other resources or services you want to use that can't be accessed via Remote Desktop Connection
Please allow one working day for us to activate OpenVPN on your account - we'll send you a confirmation email once it's done. Once you have been given access continue to the next steps.
Step 2. Set up your office computer for Remote Desktop Connection
Perform the following steps on your office computer if you want to use Remote Desktop Connection.
- Click Start.
- Right-click Computer.
- Click Properties.
- Click Remote settings.
- Ensure that Allow connections from computers running any version of Remote Desktop is selected.
- Click Select Users... and ensure that your name is listed as a remote desktop user.
- If your name isn't listed, click Add and type in your login name using the format CAMPUS\mylogin. Click OK.
This is all you need to do on your office computer.
Step 3. Importing the required certificates onto your Chromebook
We have to import 2 certificates into ChromeOS and load them into the TPM (Trusted Platform Module) Hardware that ChromeOS uses as its certificate store. To do this, make sure you copy the ca.crt and the client.p12 configuration files from the zip archive to a folder accessible from within the file browser application within ChromeOS. (Note that the configuration files could also be downloaded on another computer and then copied to the Chromebook using a Google Drive share, a USB stick, or any other secure method of getting them on to the ChromeOS device.)
Download the required configuration files and unzip them:
Step 3.1 Import the CA certificate (ca.crt)
You must be signed in to your Google account before completing the next steps. Following these steps whilst using a Guest account will not work as the guest account has no way of binding the required certificates to the device.
- Open Chrome, and in the address bar enter chrome://settings/certificates
- Select the Authorities tab, and then select Import.
- Browse to where you extracted the certificate files and select the file named ca.crt, then select OPEN.
- Ensure Trust this certificate for identifying websites is checked, and then select OK.
- You should now see your CA listed in the Authorities tab (under the University of Essex folder).
Step 3.2 Import the client certificate (client2.p12)
- In Chrome, go to chrome://settings/certificates
- Select the Your Certificates tab, and then select Import and Bind to Device...
- Browse to where you extracted the certificate files and select the file named client2.p12, then select OPEN.
If you're asked t enter a password do not enter anything, just leave the password field blank and press enter.
- At this point you should see a certificate loaded in this window with the comment “(hardware-backed)”. Select Done.
- In Chrome, go to chrome://net-internals/#chromeos
- Select Choose File and browse to where you extracted the authentication files earlier.
- Select the file named University of Essex.onc and select OPEN.
- After a few moments you should see a new VPN icon as a connection option when you click on the system tray (note, the icon may look slightly different on your Chromebook but the text will say VPN disconnected):
Step 4. Open a VPN connection
- Select the VPN icon. Clicking on the VPN icon will load a submenu which should contain the University of Essex ChromeOS OpenVPN connection. Clicking on its icon will present a Join private network authentication box.
- Enter your Essex username and password into the Username and Password fields, making sure the Server hostname is listed as isslx029.essex.ac.uk
- Select Connect. After a short time, provided you have entered the correct details, you should see the status of the connection change from 'VPN disconnected' to 'VPN connected'.
Remote Desktop Connection
For remote desktop access, you will need a Remote Desktop app from the Chrome Web Store. Google's own Chrome Remote Desktop app native to most Chromebooks and/or available in the Web Store will not work for connecting to the University VPN service. We recommend using Chrome RDP (available here) which you can download from the Chrome Web Store store (there is a small one-off license fee for use of the software).
Terminating the VPN connection
When you have finished your remote work and want to terminate the VPN connection simply click on the University connection and click on the Disconnect button: