Update: Google released a ChromeOS update that broke the openvpn script. Find the updated version here.
Update 3/29/17: Added a DNS suffix line to fix broken DNS
I posted a little while ago about how to get openvpn working on your chromebook. That guide required that you run openvpn outside your chroot on the chromebook instance itself.
Lately I’ve been really feeling the need to have openvpn run within a crouton chroot instead. The solution is to take the script from the post above and divide it into two parts. One part you will still have to run outside your chroot but you will only have to do it once on each reboot. The other part can safely live inside your chroot.
First, on your chromebook itself (not in a chroot) make a small script to tell the shill service not to kill tun0:
sudo echo " #!/bin/bash #Allows the tun0 device to function sudo stop shill sudo start shill BLACKLISTED_DEVICES=tun0" > /usr/local/bin/shill chmod +x /usr/local/bin/shill
Next, create this script within your chroot. Be sure to modify the environment variables to suit your setup.
#!/bin/bash CONF_DIR="/path/to/directory/openvpn/config/is/in" CONF_FILE="FILENAME_OF_OVPN_FILE" NAMESERVER="IP_OF_DNS_SERVER_YOU_WANT_TO_USE" SEARCH="DNS_SUFFIX_YOU_WANT_TO_USE" cd "$CONF_DIR" # Add google DNS on top of current ones, since openvpn command does not do it sudo sed -i "1s/^/# new DNS\nsearch $SEARCH\nnameserver $NAMESERVER\n# old DNS\n/" /etc/resolv.conf sudo openvpn --config "$CONF_FILE" --dev tun0 # When ctrl-c is hit remove tun0 and cleanup the DNS sudo openvpn --rmtun --dev tun0 sudo sed -i '/# new DNS/,/# old DNS/d' /etc/resolv.conf trap 2
Voila, we now have openvpn working inside our chroots again.