Hello Everyone,

So I had a curveball thrown at me, and I need to widen my stance a little bit, choke up on the bat, and try to pull this down the first base line:

Long story short - I am attempting to set up a select handful of students to VPN into my campus and Remote Desktop into my domain PCs in our lab. I am hitting issues with both the VPN and Remote Desktop

​

VPN

I already have a functioning L2TP w/ preshared key VPN set up and working on one of my Windows servers. The VPN is fully functioning for multiple users and departments. My VPN has also been tested and working on mobile devices such as iPhone.

​

I am seeing some bizarre behavior on two different Chromebook models running ChomeOS 80:

​

My deployed VPN settings from G Suite - When I attempt to connect the VPN, it brings up the ‘Join VPN network’ window with all the settings pre-populated. It wants me to enter my username and password. When I then click ‘Connect’ at the bottom of the window, I get an error in the window stating “Error configuring network”.

​

When I then create the VPN settings manually on my Chromebook - I get a successful VPN connection (hooray!), however if I disconnect the VPN, it will NOT reconnect until I log out, shut down, and restart the Chromebook. Paraphrasing the error: ‘could not connect to VPN due to a network error’. Really bizarre and inconsistent behavior with this.

I want to try to work through the L2TP/IPsec route beings it is already a set up and working VPN, before I go implementing openVPN

​

Remote Desktop

When I do have successful connections with my VPN, I can ping my internal network just fine via IPs and DNS names. Awesome.

I have tried about three different RDP apps. Microsoft Remote Desktop is one example. None of them will connect to my computers. I have tried full DNS name as well as IP addresses. I have a gut feeling that these apps are not sending traffic through the VPN. On my VPN settings I enabled the ‘prefer this network’ setting. My computers are online, responding to pings, remote desktop works, etc.

​

​

Questions

So my questions for anyone who has insight:

• Anyone else seeing this type of behavior with L2TP/IPsec w/ preshared key VPN’s on Chromebooks? If so, is there a workaround?
• Any way to get apps to send their traffic through the VPN connection?
• Is there an alternative solution for me to do remote desktop to my domain joined PCs and allowing for my handful of students to connect with their domain accounts?

This ultimately came from the need to provide students to Microsoft Access from their Chromebooks at home. My quick and dirty solution was VPN and RDP. In a perfect world I would love to use VMWare Horizon and just use virtuals. I dont think I have the time or clearance for that type of spending at the moment!

​

I appreciate the community here. Hang in there everyone!

Why not use remotedesktop.google.com

Assign a PC to the student, log into that pc as the student setup remotedesktop.google.com again on their account, then set the PC to remain on and to autologin as that student. Then the student at home can goto remotedesktop.google.com they can click on the computer and open a remote session. No need for a VPN and the computer is locked down to that student’s account only.

This is assuming its not a large number of students. IE one machine to a student will not exhaust all the lab machines.

I started down this path (just Google remote desktop, not VPN) for our students who need access to Adobe apps (the big ones) running on iMacs in the lab, using their Chromebooks at home. It seemed like it was going to work, but just kept locking up on the far-end - or at least the video would freeze. I could reconnect a couple times, but it was still frozen, then it wouldn’t let me connect at all. I didn’t spend a lot of time troubleshooting, just figured it was the nature of the “free” beast. What devices are your students using to get in, and did you experience anything like that?

Remote Desktop was definitely on my list of backup plans. I was trying to go with a solution that didn’t involve me setting up a live session of sorts on the remote computer and leaving it idle. My access right now is remote, so I myself would have to use RDP, log in as student, set up Chrome remote desktop, and then RDP would lock the session upon my disconnection. I think that the student would then be unable to log in since their session would be locked.

​

UPDATE: This totally works how we need it to work. I completely underestimated this tool. It shows the local login screen allowing for domain login. Huge thanks for making me accept this as an option. The deployment setup will suck (looks like I will have to log into each PC as the student, create the remote desktop, etc.), but at this point it will be less work than sorting out RDP and VPN.

Sometimes the best solutions is the one that sucks