Set up virtual private networks (VPNs)

You can connect to a private network from your Chromebook, such as a network at your work or school, using a Virtual Private Network (VPN) connection. Moreover, VPN support is built-in, so you don't need to install any software.

Supported VPNs

Chromebooks currently support the following VPNs:

  • L2TP over IPsec with PSK
  • L2TP over IPsec with certificate-based authentication
  • OpenVPN

SSL VPN solutions or any VPN implementation other than the ones listed above aren't currently supported.

Tip: Cisco Anyconnect is supported when configured with L2TP over IPSec. See setup instructions for a Cisco ASA device

Setting up a VPN

  1. If you haven't already, sign in to your Chromebook.
  2. Click the status area at the bottom of your screen, where your account picture is located.
  3. Select Settings.
  4. In the "Internet connection" section, click Add connection.
  5. Select Add private network.
  6. In the box that appears, fill in the information below. If you're using your Chromebook with an organization, you may need to get this information from your network administrator.
    • Server hostname: Name of the server that you need to connect to in order to access your VPN. This can either be the IP address or the full server hostname.
    • Service name: This can be anything you want to name this connection, for example, "Work VPN."
    • Provider type: If you use a passphrase or key besides your personal password to connect to your VPN, select L2TP/IPsec + Pre-shared key. If you use certificates that your network administrator gives you, select L2TP/IPsec + User certificate.
    • Pre-shared key: The Pre-shared key is not your personal password, but a passphrase or key used to connect to the VPN.
    • Server CA certificate: Select your installed server VPN certificate from the list.
    • User certificate: Select your installed user VPN certificate from the list. If you don't have any certificates installed, you'll see an error message. To install a certificate, see instructions below.
    • Username credentials for connecting to VPN.
    • Password credentials for connecting to VPN.
  7. Click Connect.

Installing certificates

If you need certificates to connect to your VPN, your administrator may require you to visit a special website while connected directly to your organization’s network or you may be asked to download and install the certificates directly yourself. You will need both a server certificate that is given to everyone at your organization and a user certificate that is specific to you.

To install your user certificate after you've downloaded it, follow the steps below.

  1. In a new tab, enter chrome://settings/certificates into your browser's address bar.
  2. Click the Your Certificates tab.
  3. If you have a .pfx or .p12 file to import, click the Import and Bind to Device button.
  4. In the dialog box that opens, select the certificate file and click Open.
  5. When prompted, enter the password for your certificate. If you don't know the password, contact your network administrator.
  6. The certificate will open and install itself on your Chrome device.

To install your server certificate authority after you've downloaded it, follow the steps below.

  1. In a new tab, enter chrome://settings/certificates into your browser's address bar.
  2. Click the Authorities tab.
  3. Press the Import button and choose the X.509 certificate authority file, which is usually a file with a .pem, .der, .crt, or .p7b extension.
  4. In the dialog that appears, fill out the information on how this certificate authority should be trusted. None of these trust settings need to be enabled for VPN, so it's advisable to leave these unchecked.
  5. The certificate will open and install itself on your Chromebook.

Using your Chromebook at work or school? If you experience any issues setting up your VPN, contact your network administrator for additional assistance.