Friday, December 29, 2017

PulseSecure/Juniper VPN on Chromebook GalliumOS

In this post I will go over the steps I took to make my Chromebook use PulseSecure/Juniper VPN to connect to my school/corporate network.

WARNING: The following steps may brick your Chromebook. Please do not proceed.

Step 1: Install GalliumOS on your Chromebook

GhalliumOS is a fast and lightweight Linux distro for ChromeOS devices.  I dual-boot GalliumOS alongside ChromeOS by installing with chrx on my Chromebook. I followed the following steps to install GhalliumOS via chrx.

References:
https://wiki.galliumos.org/Installing#chrx_Installation

Step 1.1: Install chrx

Please visit this link for latest installation steps - https://chrx.org/#usage
  1. Enable Developer Mode (process is model-specific; for Acer C720, press ESC+F3(Refresh)+Power), then reboot
  2. Load ChromeOS by pressing CTRL+D at the white "OS verification is OFF" screen
  3. Configure your Wi-Fi network if necessary, then log in (Guest account is fine)
  4. Open the ChromeOS Terminal by pressing CTRL+ALT+T, and enter shell at the prompt
  5. Update firmware, if necessary (required for Bay Trail and Braswell models, recommended for Broadwell and Skylake models, optional for Haswell models -- see chromebooks)
  6. Run chrx: cd ; curl -Os https://chrx.org/go && sh go (see options)
  7. Follow on-screen instructions to prepare your Chromebook for installation
  8. Reboot, then repeat steps 2-4 and 6 to install and configure your new system

Step 1.2: Install GalliumOS via chrx

Please visit this link for latest installation steps - https://wiki.galliumos.org/Installing#chrx_Installation
  1. Prepare your ChromeOS device: see Installing/Preparing
  2. Boot device into ChromeOS and configure networking; you do not need to log in
  3. Switch to a virtual terminal by pressing Ctrl+Alt+F2(top row right arrow), then log in as user chronos with no password
  4. Run chrx: curl -O https://chrx.org/go && sh go (see chrx docs for additional options)
  5. Follow on-screen prompts to repartition your SSD and install GalliumOS. If this is the first time running chrx on this ChromeOS machine, chrx will reboot after the partitioning step and you will need to continue the installation by running chrx again with the same command line.
  6. After reboot, at the white "OS verification is OFF" screen, press Ctrl+L for GalliumOS, or Ctrl+D for ChromeOS

Step 2: Install "zesty" version of oppenconnect on GalliumOS

Boot to the GalliumOS and login as chrx. You are likely on the Xenial (Ubuntu 16.04) version ($ lsb_release -a). There is a bug with Pulse Secure Openconnect and the solution outlined here worked for me.

Step 2.1: Add zesty repository to /etc/apt/sources.list

$ sudo nano /etc/apt/sources.list
Add the following line to the end of the file, save, exit,
deb http://cz.archive.ubuntu.com/ubuntu zesty main universe

Step 2.2: Install Openconnect v7.08

Execute the following commands
$ sudo apt update
$ sudo apt install openconnect
$ openconnect --version
OpenConnect version v7.08

If you see v7.08 you are good to go. Please open the file /etc/apt/sources.list and remove the zesty line deb http://cz.archive.ubuntu.com/ubuntu zesty main universe from the end of the file, followed by sudo apt update

Step 3: VPN into your School/Corporate Network

Please execute the following command to connect,
$ sudo openconnect --juniper https://www.yourvpnserver.com

That is it, you should be connected now. 

If you have a better way of using Pulse Secure/Juniper VPN from a Chromebook, please leave it in the comments. Thanks.

No comments:


(c) Jyotirmaya Nanda 2012