Forum Discussion

plewis_rbk's avatar
plewis_rbk
Level 1.5: Cupcake
2 months ago
Solved

ChromeOS VPN solution meeting NCSC.gov.uk guidelines

Is there a blog article on Configuring VPN on managed ChromeOS devices that meets the NCSC.gov.uk guidelines, to work with AWS ideally but Google cloud is an option.

 

https://www.ncsc.gov.uk/collection/device-security-guidance/platform-guides/chrome-os

 

  • Configure a virtual private network (VPN) where required:
    • ChromeOS supports the use of NCSC recommended protocol IPSec IKEv2 which can be configured using the built-in client. This can  be deployed via an MDM (such as Google Workspace).
    • If a third party VPN is required, use an official Android app deployed by the Google Play Store to manage and configure the connection on ChromeOS.
    • When using third party VPN solutions, you should test that ChromeOS, Crostini and Android traffic are protected by the VPN (where required) and that the VPN is automatically started.

Requirements above.

 

 Ideally Split tunnel so that Google Workspace traffic ( like Google Meet) does not go over the VPN.

Managed from the google admin console with.

Ideally using  Google Workspace Sign in to the VPN or certificates? Configured by the Google Admin Console

  • mdcb's avatar
    2 months ago

    plewis_rbk​ Most commercial VPN providers support split tunnel and integration with modern authentication standards. On ChromeOS devices you would typically leverage the vendors Android applications to connect to the VPN service. Whilst there are a number of VPN protocols supported natively on ChromeOS e.g. IPsec (IKEv2), L2TP over IPsec with Pre-Shared Key & OpenVPN they provide limited configuration options, compared to Android clients. 

    Depending on your use case, I would recommend evaluating Chrome Enterprise Premium to see if it can meet your secure access requirements and more.

1 Reply

  • mdcb's avatar
    mdcb
    Level 1.5: Cupcake
    2 months ago

    plewis_rbk​ Most commercial VPN providers support split tunnel and integration with modern authentication standards. On ChromeOS devices you would typically leverage the vendors Android applications to connect to the VPN service. Whilst there are a number of VPN protocols supported natively on ChromeOS e.g. IPsec (IKEv2), L2TP over IPsec with Pre-Shared Key & OpenVPN they provide limited configuration options, compared to Android clients. 

    Depending on your use case, I would recommend evaluating Chrome Enterprise Premium to see if it can meet your secure access requirements and more.