Client VPN on Chrome OS

CashG
Getting noticed

Client VPN on Chrome OS

Has anyone had experience using Client VPN and Chrome books? I set a Chrome book up the other day and everything was working fine. The client said she disconnected the VPN when she went to lunch but could never get it to reconnect after. I even tried forgetting the VPN connection and recreating it and still nothing. I can however go to a Win 10 laptop and use all the same settings and it works fine. I don't know what this means but in the logs I see "invalid DH group 19" and "invalid transform-id=20 in ESP".

6 REPLIES 6
rwiesmann
A model citizen

Hi, 

do you know the Troubleshooting Client VPN documentation from meraki?

 

https://documentation.meraki.com/MX/Client_VPN/Troubleshooting_Client_VPN

 

Maybe it helps you.

rgds

roger

@rwiesmann Yes, most of that has to do with Windows. I'm having an issue with Chrome OS and I don't have much experience with Chrome OS. I can use all the same settings and credentials on a Windows 10 computer and works fine. 

 

First day I was testing I set it up and worked fine and then it wanted to do a update. After the update it wouldn't work but I told it to forget the VPN and I recreated it and it worked again. As far as I know there hasn't been another update and I've tried redoing the VPN. 

tantony
Head in the Cloud

Restart the chrome book?  Sorry, I'm not familiar with Chrome book.

 

https://documentation.meraki.com/MX/Client_VPN/Client_VPN_OS_Configuration#Chrome_OS

Any other Chromebook you can compare the logs with? Just to make sure those messages aren't sending you off into the wrong direction?

@BrechtSchamp No there is only one. We were trying it out to see how it works. All the Windows Laptops work. 

 

I've tested here on a hotspot connection to rule out something with the clients ISP. Also logged into the Chromebook with my profile and still doesn't work. 

you can ask the meraki support (via support-case) to change the client VPN server default of

 3des-sha1-modp1024 (= 3des-sha1-dh2)

to

 aes128-sha1-modp2048 (= aes128-sha1-dh14)

unfort, although the IPSec protocol would support it, meraki can't activate both at the same time.

 

in case the chromebook requires sthg else, i bet you're out of luck (if your error is related to this).

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels