you can ask the meraki support (via support-case) to change the client VPN server default of
3des-sha1-modp1024 (= 3des-sha1-dh2)
to
aes128-sha1-modp2048 (= aes128-sha1-dh14)
unfort, although the IPSec protocol would support it, meraki can't activate both at the same time.
in case the chromebook requires sthg else, i bet you're out of luck (if your error is related to this).