Chromebook with developer mode enabled

bubbly

Here's what I've found works to leverage PIA from Chromebook developer mode.

In developer mode, in a non-chroot environment accessed as follows:

Ctrl-Alt-T

> shell

The following script content needs to be located at /usr/local/bin/openvpn2 with 755 permissions:

===

#!/bin/sh -e

trap '' 2

# Stop shill and restart it with a nicer attitude towards tun0

sudo stop shill

sudo start shill BLACKLISTED_DEVICES=tun0

# Sleep 10 seconds to allow chromebook to reconnect to the network

sudo sleep 10

sudo openvpn --mktun --dev tun0

sudo sleep 3

# Add google DNS on top of current ones, since openvpn command does not do it

sudo sed -i '1s/^/# new DNS\nnameserver 8.8.8.8\nnameserver 8.8.4.4\n# old DNS\n/' /var/run/shill/resolv.conf

# Lauch openvpn, finally...

sudo openvpn --config $1 --dev tun0

# When ctrl-c is hit remove tun0 and cleanup the DNS

sudo openvpn --rmtun --dev tun0

sudo sed -i '/# new DNS/,/# old DNS/d' /var/run/shill/resolv.conf

trap 2

===

Then (still in the non-chroot environment), one needs to visit a directory containing the PIA "openvpn" scripts normally passed to the --config option of "openvpn" (i.e. those extracted from the likes of openvpn-strong.zip or openvpn.zip). If, for example, they're in the Downloads/Openvpn directory, then from said environment:

> cd /home/user/<id>/Downloads/Openvpn

and then run:

> openvpn2 "<desired file>.ovpn"

which should lead to interaction looking like this:

shill stop/waiting

shill start/running, process 3913

Tue Mar  6 07:40:36 2018 TUN/TAP device tun0 opened

Tue Mar  6 07:40:36 2018 Persist state set to: ON

Tue Mar  6 07:40:40 2018 OpenVPN 2.4.4 x86_64-cros-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 13 2018

Tue Mar  6 07:40:40 2018 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.06

Enter Auth Username:<enter username>

Enter Auth Password:<enter password>

Tue Mar  6 07:40:51 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]107.182.231.39:1198

Tue Mar  6 07:40:51 2018 UDP link local: (not bound)

Tue Mar  6 07:40:51 2018 UDP link remote: [AF_INET]107.182.231.39:1198

Tue Mar  6 07:40:51 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Tue Mar  6 07:40:51 2018 [c20108aab34135543531409d2efee654] Peer Connection Initiated with [AF_INET]107.182.231.39:1198

Tue Mar  6 07:40:53 2018 TUN/TAP device tun0 opened

Tue Mar  6 07:40:53 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

Tue Mar  6 07:40:53 2018 /bin/ifconfig tun0 10.22.11.6 pointopoint 10.22.11.5 mtu 1500

Tue Mar  6 07:40:53 2018 Initialization Sequence Completed

After which point opening another shell:

Ctrl-Alt-T

> shell

and entering one's chroot:

> sudo enter-chroot

leads to an environment in which network interactions go through a PIA VPN.

Max-P

Using the built-in OpenVPN support could also be a simpler option for those who don't have developer mode enabled: https://www.privateinternetaccess.com/forum/discussion/comment/54159/#Comment_54159