There is a feature I’ve seen on my ChromeOS Flex (104.0.5112.27) install which has been around for a while. There is native Wireguard support within the OS without the need for the Android client.
Under VPN there is the ability to fill in the GUI with the config details of your Wireguard server and usually, it works.
For whatever reason the configuration I’ve used previously and know works, after filling out the GUI the Connect button stays grey
As I use Wireguard to “phone home” this caused me a problem as there isn’t the option on Flex to use the Android app and even in the Linux shell Wireguard is doing stuff at a low level the container can’t work with it.
I did however find a Fix, it’s clunky however it works.
What’s Crosh? It’s the Chrome Shell, not to be confused with the Linux Shell. It’s accessible by pressing CTRL ALT and T on the keyboard
This will either open a new Chrome Instance or a new tab if Chrome is open on the desktop and will look like this when it opens
From here we can run
A lot of help commands will display
Example Wireguard Config
In order to continue, you will need a Wireguard config to pull information out of it will look something like this
[Interface] PrivateKey = OFRqEpL29W1cMwVv4Rt/99DKkdkdjfuCPUi3vJn2DJa3Xc= Address = 10.8.0.9/24 DNS = 184.108.40.206 [Peer] PublicKey = uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= PresharedKey = 7ji2RO7PsjThisThatTherThenjPTXSR/EENI= AllowedIPs = 0.0.0.0/0, ::/0 PersistentKeepalive = 0 Endpoint = 220.127.116.11:51820
Armed with this information you can move forward
Run the following commands
Create a new Wireguard Profile
wireguard new yourvpn
Set the Local IP Address
wireguard set yourvpn local-ip 10.8.0.9
Set the Private key
wireguard set homevpn private-key
You’ll be prompted to enter the private key, this keeps the key out of the crosh history
Next, we set the peer information using the peer public key
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ=
Next, add the preshared key
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= preshared-key
Like the private key, this will prompt you to enter the preshared key for the peer and keep it out of the shell.
Set the allowed IP List
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= allowed-ips 0.0.0.0/0
Add the remote endpoint
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= endpoint 18.104.22.168:51820
Finally set the keepalive
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= persistent-keepalive 0
Then view the config using the command
wireguard show homevpn
This will display the Wireguard config
name: homevpn local ip: 10.8.0.9 public key: 7peV+Goleuko9VNLiwcQ9rHz4s/LguY8HW7IGzrCf0Y= private key: (hidden) name servers: 22.214.171.124, 126.96.36.199, 0.0.0.0, 0.0.0.0 peer: uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= preshared key: (hidden or not set) endpoint: 188.8.131.52:51820 allowed ips: 0.0.0.0/0 persistent keepalive: 0
The Wireguard VPN is now setup
Confirm in Gui
Within Settings open Network
Click on Configure and you’ll see the config you entered in Crosh
The config should look like this