Clear search
Close search
Google apps
Main menu

Set up virtual private networks (VPNs)

Your Chromebook can connect to a private network, like the network at your work or school, using a Virtual Private Network (VPN) connection.

You can use some types of VPNs on your Chromebook without installing any software. For other types, you can install VPN apps, including Pulse Secure VPNSonicWALL Mobile ConnectCisco AnyConnectF5 Access, and GlobalProtect.

Note: If you're using your Chromebook at work or school and have problems setting up your VPN, contact your administrator for more help.

Built-in VPN support
Your Chromebook has built-in support for these VPNs:
  • L2TP over IPsec with PSK
  • L2TP over IPsec with certificate-based authentication
  • OpenVPN

Tip: Cisco Anyconnect works when configured with L2TP over IPSec. Learn how to set up a Cisco ASA device.

VPN apps

Available VPN apps

Five VPN apps are available in the Chrome Web Store, with more coming soon:

Install a VPN app

You download and configure these apps just as you would any other Chrome app. If you are an administrator, you can force install a VPN app using the Admin console. You can also upload a config file if the app allows it. (The app uses the API to read the configuration file and apply it.)

Note: Concurrent VPN connections won't work. You can only have one active VPN connection. However, you can use the inclusionList parameter to decide which traffic goes through the VPN and which traffic goes to the Internet directly.

Set up a VPN

  1. If you haven't already, sign in to your Chromebook.
  2. Click your account photo.
  3. Click Settings Settings.
  4. In the "Network" section, click Add connection.
  5. Click Add OpenVPN / L2TP.
  6. In the box that appears, fill in the information below. If you're using your Chromebook with an organization, you might need to get this information from your administrator.
    • Server hostname: The name of the server you need to connect with to access your VPN. This can either be the IP address or the full server hostname.
    • Service name: This can be anything you want to name this connection. For example: "Work VPN."
    • Provider type: If you use a passphrase or key besides your personal password to connect to your VPN, select L2TP/IPsec + Pre-shared key. If you use certificates that your administrator gives you, select L2TP/IPsec + User certificate.
    • Pre-shared key: This key isn't your personal password, but a passphrase or key used to connect to the VPN.
    • Server CA certificate: Select your installed server VPN certificate from the list.
    • User certificate: Select your installed user VPN certificate from the list. If you don't have any certificates installed, you'll see an error message. To install a certificate, see the instructions below.
    • Username: Your VPN credentials.
    • Password: Your VPN credentials.
    • OTP: If you have an OTP card or VPN token that generates one-time passwords, generate a password and enter it here.
    • Group name: The name of the VPN setup, if applicable.
  7. Click Connect.

Install certificates

You might need certificates to connect to a VPN, WPA2 Enterprise network (such as EAP-TLS), or website that requires mutual TLS authentication. If so, your administrator might ask you to visit a special website while connected directly to your organization's network, or download and install the certificates directly yourself.

You'll need:

  • A server certificate that's for everyone at your organization
  • A user certificate that is specific to you
Install your server certificate
  1. Download your server certificate, according to the steps your administrator gives you.
  2. Open a new tab in Chrome Chrome.
  3. In the address bar, enter chrome://settings/certificates
  4. Click the Authorities tab.
  5. Press the Import button and choose the X.509 certificate file, which is usually a file with a .pem, .der, .crt, or .p7b extension.
  6. In the box that appears, fill out the information on how this certificate should be trusted. None of these trust settings need to be enabled, so we recommend that you leave these unchecked.
  7. The certificate will open and install itself on your Chromebook.
Install your user certificate
  1. Download your user certificate, according to the steps your administrator gives you.
  2. Open a new tab in Chrome Chrome.
  3. In the address bar, enter chrome://settings/certificates
  4. Click the Your Certificates tab.
  5. If you have a .pfx or .p12 file to import, click the Import and Bind to Device button.
  6. In the box that opens, select the certificate file and click Open.
  7. When prompted, enter the password for your certificate. If you don't know the password, contact your network administrator.
  8. The certificate will open and install itself on your Chromebook.

Related articles

Mel is a Chromebook expert and author of this help page. Help her improve this article by leaving feedback below.

Was this article helpful?
How can we improve it?
Watch video tutorials

To get the latest tips, tricks, and how-to's, subscribe to our YouTube Channel.