There is a feature I’ve seen on my ChromeOS Flex (104.0.5112.27) install which has been around for a while. There is native Wireguard support within the OS without the need for the Android client.
Under VPN there is the ability to fill in the GUI with the config details of your Wireguard server and usually, it works.
For whatever reason the configuration I’ve used previously and know works, after filling out the GUI the Connect button stays grey
As I use Wireguard to “phone home” this caused me a problem as there isn’t the option on Flex to use the Android app and even in the Linux shell Wireguard is doing stuff at a low level the container can’t work with it.
I did however find a Fix, it’s clunky however it works.
Open Crosh
What’s Crosh? It’s the Chrome Shell, not to be confused with the Linux Shell. It’s accessible by pressing CTRL ALT and T on the keyboard
This will either open a new Chrome Instance or a new tab if Chrome is open on the desktop and will look like this when it opens
From here we can run
help wireguardA lot of help commands will display
Example Wireguard Config
In order to continue, you will need a Wireguard config to pull information out of it will look something like this
[Interface]
PrivateKey = OFRqEpL29W1cMwVv4Rt/99DKkdkdjfuCPUi3vJn2DJa3Xc=
Address = 10.8.0.9/24
DNS = 8.8.8.8
[Peer]
PublicKey = uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ=
PresharedKey = 7ji2RO7PsjThisThatTherThenjPTXSR/EENI=
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = 85.22.34.123:51820Armed with this information you can move forward
Crosh Commands
Run the following commands
Create a new Wireguard Profile
wireguard new yourvpnSet the Local IP Address
wireguard set yourvpn local-ip 10.8.0.9Set the Private key
wireguard set homevpn private-keyYou’ll be prompted to enter the private key, this keeps the key out of the crosh history
Next, we set the peer information using the peer public key
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ=Next, add the preshared key
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= preshared-keyLike the private key, this will prompt you to enter the preshared key for the peer and keep it out of the shell.
Set the allowed IP List
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= allowed-ips 0.0.0.0/0Add the remote endpoint
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= endpoint 85.22.34.123:51820Finally set the keepalive
wireguard set homevpn peer uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ= persistent-keepalive 0Then view the config using the command
wireguard show homevpnThis will display the Wireguard config
name: homevpn
local ip: 10.8.0.9
public key: 7peV+Goleuko9VNLiwcQ9rHz4s/LguY8HW7IGzrCf0Y=
private key: (hidden)
name servers: 8.8.8.8, 8.8.4.4, 0.0.0.0, 0.0.0.0
peer: uvFAgGX2boDOldAR+41Z5N4fkkfkrlGe0mGbdIeqEJThQ=
preshared key: (hidden or not set)
endpoint: 85.22.34.123:51820
allowed ips: 0.0.0.0/0
persistent keepalive: 0The Wireguard VPN is now setup
Confirm in Gui
Within Settings open Network
Copen VPN
Click on Configure and you’ll see the config you entered in Crosh
The config should look like this
