ChromeOS VPN solution meeting NCSC.gov.uk guidelines

Question

Is there a blog article on Configuring VPN on managed ChromeOS devices that meets the NCSC.gov.uk guidelines, to work with AWS ideally but Google cloud is an option.

https://www.ncsc.gov.uk/collection/device-security-guidance/platform-guides/chrome-os

Configure a virtual private network (VPN) where required:
- ChromeOS supports the use of NCSC recommended protocol IPSec IKEv2 which can be configured using the built-in client. This can be deployed via an MDM (such as Google Workspace).
- If a third party VPN is required, use an official Android app deployed by the Google Play Store to manage and configure the connection on ChromeOS.
- When using third party VPN solutions, you should test that ChromeOS, Crostini and Android traffic are protected by the VPN (where required) and that the VPN is automatically started.

Requirements above.

Ideally Split tunnel so that Google Workspace traffic ( like Google Meet) does not go over the VPN.

Managed from the google admin console with.

Ideally using Google Workspace Sign in to the VPN or certificates? Configured by the Google Admin Console

mdcb · Accepted Answer

@plewis_rbk Most commercial VPN providers support split tunnel and integration with modern authentication standards. On ChromeOS devices you would typically leverage the vendors Android applications to connect to the VPN service. Whilst there are a number of VPN protocols supported natively on ChromeOS e.g. IPsec (IKEv2), L2TP over IPsec with Pre-Shared Key & OpenVPN they provide limited configuration options, compared to Android clients.

Depending on your use case, I would recommend evaluating Chrome Enterprise Premium to see if it can meet your secure access requirements and more.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded