New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 665941 link

Starred by 68 users
Status: Unconfirmed
Owner:
naveenv@chromium.org
Last visit > 30 days ago
Cc:
naveenv@chromium.org
maxkirsch@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Feature



Sign in to add a comment

[FR] Include VPN on the list of Restricted Network Interfaces

Reported by stepheng...@amplifiedit.com, Nov 16 2016 
UserAgent: Mozilla/5.0 (X11; CrOS x86_64 8872.44.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.42 Safari/537.36
Platform: 8872.44.0 (Official Build) beta-channel samus

Steps to reproduce the problem:
1. Enroll Chromebook and restrict network to only managed networks
2. Allow users to take devices home

What is the expected behavior?

What went wrong?
Users will not be allowed to access online content when devices are at home.  The recommended solution would be to not restrict networks, but this opens up the ability to add a VPN, which many students have found as a means of getting around school filters.

Did this work before? N/A 

Chrome version: 55.0.2883.42  Channel: beta
OS Version: 8872.44.0
Flash Version: Shockwave Flash 23.0 r0

Educational environments would like to have the capability to restrict use of the "Add Connection > OpenVPN - L2TP" within their environments without completely restricting access to users adding non-managed networks.  Adding the "OpenVPN - L2TP" to the Restrict Network Interfaces seems like the most logical place for this type of a restriction.

Comment 1 by cpor...@warwickschools.org, Nov 30 2016 

We are having the same issue.  Following and bumping up!

Comment 2 by douglas....@warwickschools.org, Nov 30 2016 

We have 7K+ Chromebooks deployed here in RI, with more on the way - the ability to control students' access to VPN connections would be huge, as it's becoming a problem for us.

Comment 3 by fostercl...@gmail.com, Dec 21 2016 

We work with many schools in the UK where this is a big issue. We try and push Chromebooks on a'security' tickets but this remains a backdoor that students are only to happy to open.

Comment 4 by linda.ca...@wayne.k12.in.us, Dec 22 2016 

This would be a huge improvement, especially in school environments!

Comment 5 by roy...@google.com, Dec 22 2016

Labels: -Pri-2 Pri-1
Owner: maxkirsch@chromium.org

Comment 6 by roy...@google.com, Dec 22 2016

Labels: Hotlist-Enterprise

Comment 7 by docon...@handcrossparkschool.co.uk, Dec 23 2016 

A big yes for this.

Comment 8 by prosi...@fcpsk12.net, Dec 28 2016 

Adding our voice to this one.  Add as an enhancement please.
Frederick County, VA

Comment 9 by rohi...@chromium.org, Jan 28 2017

Components: OS>Systems>Network

Comment 10 by dli...@salesforce.com, Feb 1 2017 

+1. For business cases, there is risk that a user could connect unchecked to an external VPN provider, exfiltrate data, get around policy.

Comment 11 by dool...@student.pcps.us, Apr 20 2017 

+1 more for this feature.  Users trying to circumvent filtering measures by using this option.

Comment 12 by msew...@mcgregor-isd.org, Jun 27 2017 

Our students are always trying to work around filter measures to use a VPN.  Please block this feature... it would be much appreciated!

Comment 13 by ghol...@sdcc.net, Feb 26 2018 

It's a safeguarding issue as well. +1 for me

Comment 14 by mpiec...@marinette.k12.wi.us, Feb 26 2018 

Yes - this is very much needed.

Comment 15 by dhop...@kgcs.k12.va.us, Feb 26 2018 

We would like to see this feature added in King George, VA.

Comment 16 by maxkirsch@chromium.org, Mar 19 2018

Cc: maxkirsch@chromium.org
 Issue 823104  has been merged into this issue.

Comment 17 by ggille...@rockingham.k12.va.us, Jun 8 2018 

related: crbug.com/731104

Comment 18 by cpor...@warwickschools.org, Jun 8 2018 

18 plus months and no progress. Can we get an update?

Comment 19 by stepheng...@amplifiedit.com, Sep 18 

@Max - any update on progress on this issue?

Comment 20 by maxkirsch@chromium.org, Sep 19

Cc: naveenv@chromium.org
Owner: naveenv@chromium.org
Don't think it's been looked at yet. Sending to naveenv@ for EDU prioritization.

Comment 21 by joseph.l...@greececsd.org, Oct 30 

This would be a huge help for us.  Our students are figuring out that they can connect via VPN and bypass our filters.  the solutions that we could find would not allow them to connect at home, and so they're not viable.  Something as simple as a url that we could block, such as chrome://settings/VPN, would work.  Right now, blocking chrome://settings would work, but unfortunately would block too much.

Comment 22 by cynthia_...@saintmartinschools.org, Dec 7 

This is a must in google for education!

Comment 23 Deleted

Comment 24 by jstrumwa...@challengecharterschools.org, Dec 7 

This needs to be looked at for EDU!

Comment 25 by mglo...@sgs-austin.org, Dec 7 

Google Admin > Device management > Chrome > User Settings:

scroll down to Block Extensions by Permission: Block VPN Provider


This is what we are using to stop any apps from being used for VPN connection

Comment 26 by joseph.l...@greececsd.org, Dec 7 

mglo...@sgs-austin.org, that is only blocking apps or extensions that are used for VPN connections.  There are other ways of doing it, which students are figuring out.

Comment 27 by ggille...@rockingham.k12.va.us, Dec 7 

Thanks comment #25, but students are still able to go to Settings > VPN > and manually add OpenVPN/L2TP servers.  Of course they need to have an account on one of those servers, but it's easy enough to go spin up a free one.  For school divisions who use Securly for Chromebooks, the extension does still block URL's even when connected to an OpenVPN/L2TP server.  I assume other content filters that use a Chromebook extension would have similar behavior.

Comment 28 by mglo...@sgs-austin.org, Dec 7 

I see what you mean now. I would prefer to have a way to disabled settings access for users.

Sign in to add a comment