Set up virtual private networks (VPNs)

You can connect to a private network, such as a network at your work or school, using a Virtual Private Network (VPN) connection. You can use some types of VPNs on your Chromebook without installing any software. For other types, you can install VPN apps, including Pulse Secure VPN, SonicWALL Mobile Connect, and Cisco AnyConnect.

Built-in VPN support
Your Chromebook has built-in support for these VPNs:
  • L2TP over IPsec with PSK
  • L2TP over IPsec with certificate-based authentication
  • OpenVPN
Tip: Cisco Anyconnect works when configured with L2TP over IPSec. See setup instructions for a Cisco ASA device.
VPN apps

Three VPN apps are available in the Chrome Web Store, with more coming soon:

You download and configure these apps just as you would any other Chrome app. If you are an administrator, you can force install a VPN app using the Admin console. You can also upload a config file if the app allows it (the app is written using the chrome.storage.managed API).

Can I have concurrent VPN connections?

Concurrent VPN connections won't work. You can only have one active VPN connection. However, you can use the inclusionList parameter to decide which traffic goes through the VPN and which traffic goes to the Internet directly.

Set up a VPN

  1. If you haven't already, sign in to your Chromebook.
  2. Click the status area, where your account picture appears.
  3. Click Settings.
  4. In the "Internet connection" section, click Add connection.
  5. Click Add OpenVPN / L2TP.
  6. In the box that appears, fill in the information below. If you're using your Chromebook with an organization, you might need to get this information from your administrator.
    Fill out the fields
    • Server hostname: The name of the server you need to connect with to access your VPN. This can either be the IP address or the full server hostname.
    • Service name: This can be anything you want to name this connection. For example: "Work VPN."
    • Provider type: If you use a passphrase or key besides your personal password to connect to your VPN, select L2TP/IPsec + Pre-shared key. If you use certificates that your administrator gives you, select L2TP/IPsec + User certificate.
    • Pre-shared key: This key isn't your personal password, but a passphrase or key used to connect to the VPN.
    • Server CA certificate: Select your installed server VPN certificate from the list.
    • User certificate: Select your installed user VPN certificate from the list. If you don't have any certificates installed, you'll see an error message. To install a certificate, see the instructions below.
    • Username: Your VPN credentials.
    • Password: Your VPN credentials.
    • OTP: If you have an OTP card or VPN token that generates one-time passwords, generate a password and enter it here.
    • Group name: The name of the VPN setup, if applicable.
  7. Click Connect.

Install certificates

If you need certificates to connect to your VPN, your administrator might ask you to visit a special website while connected directly to your organization's network or download and install the certificates directly yourself.

You'll need:

  • A server certificate that's for everyone at your organization
  • A user certificate that is specific to you
Install your server certificate
  1. Download your server certificate authority, according to the steps your administrator gives you.
  2. Open a new tab in Chrome.
  3. In the address bar, enter chrome://settings/certificates
  4. Click the Authorities tab.
  5. Press the Import button and choose the X.509 certificate authority file, which is usually a file with a .pem, .der, .crt, or .p7b extension.
  6. In the box that appears, fill out the information on how this certificate authority should be trusted. None of these trust settings need to be enabled for VPN, so we recommend that you leave these unchecked.
  7. The certificate will open and install itself on your Chromebook.
Install your user certificate
  1. Download your user certificate, according to the steps your administrator gives you.
  2. Open a new tab in Chrome.
  3. In the address bar, enter chrome://settings/certificates
  4. Click the Your Certificates tab.
  5. If you have a .pfx or .p12 file to import, click the Import and Bind to Device button.
  6. In the box that opens, select the certificate file and click Open.
  7. When prompted, enter the password for your certificate. If you don't know the password, contact your network administrator.
  8. The certificate will open and install itself on your Chrome device.

Related articles

Using your Chromebook at work or school? If you experience any problems setting up your VPN, contact your administrator for more help.

Casey is a Chromebook expert and author of this help page. Help her improve this article by leaving feedback below.

Was this article helpful?