Edit: I’ve updated the script due to more updates in ChromeOS. Find the update here.
Around October of 2015 an update came out to Google Chromebooks that had an unfortunate side effect for me: openvpn no longer worked. Despite my having created a tunnel device seconds earlier, openvpn complained that a tunnel device didn’t exist.
I finally found a fix for this here. It turns out that the update caused the “shill” process to aggressively kill the tun0 interface. The clever workaround as posted by pippo0312 works flawlessly. It involves creating the openvpn tunnel in chromium itself rather than in a crouton chroot as I had previously done.
The original script took an argument for an ovpn file to use. Since I only have one VPN profile I just modified it to specify the ovpn file I use.
Place the script in /usr/local/bin on your chrome install (not a chroot) and mark it executable by issuing chmod +x
#!/bin/sh -e trap '' 2 # Stop shill and restart it with a nicer attitude towards tun0 sudo stop shill sudo start shill BLACKLISTED_DEVICES=tun0 # Sleep 10 seconds to allow chromebook to reconnect to the network sudo sleep 10 sudo openvpn --mktun --dev tun0 sudo sleep 3 # Add google DNS on top of current ones, since openvpn command does not do it sudo sed -i '1s/^/# new DNS\nnameserver 126.96.36.199\nnameserver 188.8.131.52\n# old DNS\n/' /var/run/shill/resolv.conf # Lauch openvpn, finally... sudo openvpn --config $1 --dev tun0 # When ctrl-c is hit remove tun0 and cleanup the DNS sudo openvpn --rmtun --dev tun0 sudo sed -i '/# new DNS/,/# old DNS/d' /var/run/shill/resolv.conf trap 2
Now you can just issue the command of the name of your script and vpn works again! hooray.
4 thoughts on “Fix openVPN on chromebooks”
how would I be able to add two tun interfaces?
sudo start shill BLACKLISTED_DEVICES=tun0,tun1?
That’s a good question. I’m not sure. I’d love to hear what you find out.
Thank you for this post. I was able to connect to my synology using your approach.