How I got PIA working correctly on a Chromebook
I'm new to VPN and have had a frustrating past few days trying to get it to work properly on my Chromebook.
I know there's a few posts dotted around about Chromebooks but I thought I'd share my solution for anyone in the same situation.
So, I have a router provided by my ISP. Having had issues with my fibre connection in the past I know that the ISP can only fault find properly if I am using their router which meant I did not want to replace it. Unfortunately that router does not have the ability to turn off IPV6 and as you probably know by now nor does ChromeOS anymore. This means your IPV6 address will leak.
My solution for this issue was to plug in another router (in my case an old TP Link W9980 that I had spare). So this router is plugged into the ISP's router. After much fiddling I found the only way to block IPV6 on the TP Link was to go into the router's IPV6 firewall, turn it on and deny all IPV6 packets.
Obviously I connect my Chromebook to the TP Link now instead of the ISP's router.
I replaced the Name servers with those of PIA: 209.222.18.222 and 209.222.18.218
The next step is to set up OpenVPN. The easiest way by far is to go here: https://chromium.googlesource.com/experimental/cros-pia/
The Quick Start instructions are super easy and I experienced no issues. I did however just choose to use one specific server ONC rather than selecting ALL.
Once set up I selected automatically connect to this network.
And that's it!
All the leak tests I have run are coming back fine. I have no issues closing the lid on the Chromebook and coming back to it hours later, the VPN is working as it should and speeds are great.
I don't know why PIA don't offer an official ONC for ChromeOS? I only came across the link by accident. I also don't really understand why IPV6 isn't blocked by default through PIA as I had read it should be. I did try connecting to my ISP's router via the OpenVPN connection but sure enough IPV6 leaked.
If anyone has anything to add then feel free. Having tried the Chrome extension and L2TP/IPsec + Pre-shared key, both had their own issues. (I've had a few support tickets open) I believe and correct me if I'm wrong that using OpenVPN means I'm now finally connected properly and securely.
I know there's a few posts dotted around about Chromebooks but I thought I'd share my solution for anyone in the same situation.
So, I have a router provided by my ISP. Having had issues with my fibre connection in the past I know that the ISP can only fault find properly if I am using their router which meant I did not want to replace it. Unfortunately that router does not have the ability to turn off IPV6 and as you probably know by now nor does ChromeOS anymore. This means your IPV6 address will leak.
My solution for this issue was to plug in another router (in my case an old TP Link W9980 that I had spare). So this router is plugged into the ISP's router. After much fiddling I found the only way to block IPV6 on the TP Link was to go into the router's IPV6 firewall, turn it on and deny all IPV6 packets.
Obviously I connect my Chromebook to the TP Link now instead of the ISP's router.
I replaced the Name servers with those of PIA: 209.222.18.222 and 209.222.18.218
The next step is to set up OpenVPN. The easiest way by far is to go here: https://chromium.googlesource.com/experimental/cros-pia/
The Quick Start instructions are super easy and I experienced no issues. I did however just choose to use one specific server ONC rather than selecting ALL.
Once set up I selected automatically connect to this network.
And that's it!
All the leak tests I have run are coming back fine. I have no issues closing the lid on the Chromebook and coming back to it hours later, the VPN is working as it should and speeds are great.
I don't know why PIA don't offer an official ONC for ChromeOS? I only came across the link by accident. I also don't really understand why IPV6 isn't blocked by default through PIA as I had read it should be. I did try connecting to my ISP's router via the OpenVPN connection but sure enough IPV6 leaked.
If anyone has anything to add then feel free. Having tried the Chrome extension and L2TP/IPsec + Pre-shared key, both had their own issues. (I've had a few support tickets open) I believe and correct me if I'm wrong that using OpenVPN means I'm now finally connected properly and securely.
Comments
After importing the ONC file I am able to select it from the list of available VPN's and it has preloaded information for the following fields:
Server Hostname: us-east-privateinternetaccess.com
Service Name PIA: US East
Provider Type: Open VPN
Server CA certificate: Private Internet Access CA
Upon entering my username and password the Connect button remains grayed out and I am unable to connect. Do you know if I need to enter a user certificate or just enter in my username and password provided from PIA?
Since this thread Max-P has provided a new ONC with current server list to download: https://d.max-p.me/pia/forum/30318/PIA-Standard-CrOS.onc
Perhaps delete the ones that the other ONC provided and use the new one and see if you can get that to work? Both work for me so not sure why the old ONC won't work for you.