Applies To:
Show Versions
BIG-IP APM
- 12.1.0
Summary:
In December 2015, Google posted the release of F5 Access version 1.0.0 for Chrome OS. Chrome OS users should download this app from the Chrome web store.
Contents:
- Limitations in 1.0.0
- Known issues in 1.0.0
- Supported features in 1.0.0
- Contacting F5 Networks
- Legal notices
F5 Access for Chrome OS 1.0.0 download
Version 1.0.0 of F5 Access for Chrome OS is now available from the Chrome Web Store. The download is available from the app store for your device, at https://chrome.google.com/webstore/detail/f5-access/hhogfmlhffdddckpokfodepfiimfffjf. (Note that this link is for a third-party site, and thus is subject to change at any time.) This is the initial release for Chrome OS.
Release 1.0.0 requirements
- This version is supported on Chrome OS version 46.0 and later.
- This version is supported on BIG-IP 12.0 and later.
- In BIG-IP 12.0, the connectivity profile contains specific settings for Chrome OS.
- In BIG-IP 12.0, use the access policy item Client Type and the Edge Client branch to detect F5 Access for Chrome OS.
F5 Access Session Variables
F5 Access for Chrome OS supports the following session variables and values.
Session variable | Description | Example value |
---|---|---|
session.client.app_version | Chrome App version | 1.0.0.0 |
session.client.cpu | CPU type | ARM, ARM64, x86 or x64 |
session.client.model | Client device model | Chromebook, Chromebox, Chromebit, or Chromebase |
session.client.platform | Operating system name | ChromeOS |
session.client.platform_version | Operating system version | 45.0.2454.4 |
session.client.type | Type of session | For this client, this value is always Standalone |
session.client.activex | Active X check | For this client, this value is always 0 |
session.client.jailbreak | Jailbreak check | For this client, this value is always 0 |
session.client.version | Client protocol version | For this client, this value is always 2.0 |
session.client.js | JavaScript check | For this client, this value is always 0 |
session.client.plugin | Plugin check | For this client, this value is always 0 |
session.client.vpn_scope | VPN connection scope | For this client, the value is always device |
session.client.vpn_scope | VPN tunnel type | For this client, the value is always L3 |
session.client.vpn_start_type | How the VPN connection starts | For this client, the value is always manual |
F5 Access and BIG-IP versions prior to 12.0
F5 Access for Chrome OS may run on versions prior to BIG-IP 12.x. However, the configuration is unsupported and F5 cannot address any issues that may arise with this configuration.
Please see SOL16874 for more information on this configuration.
- On BIG-IP versions prior to BIG-IP 12.0, client settings are derived from the Win/Mac F5 Access Client settings in the connectivity profile.
On versions prior to BIG-IP 12.0, you can detect Chrome OS clients in an access policy with a custom branch rule in the Client OS access policy item:
- Add a Client OS Access Policy item.
- Add a custom branch rule called Chrome OS and use the Advanced expression builder to enter the expression: expr { [mcget {session.client.platform}] == "ChromeOS" }
Limitations in 1.0.0
Limitations in F5 Access
ID Number | Description |
---|---|
537334 | Because of a limitation of the Chrome OS VPN framework, a tunnel connection is not restored when the user switches between wireless access points (APs). |
555822 | Due to Chrome OS limitations, when multiple users sign in on the same Chrome OS device, Chrome OS always uses the network configuration of the primary user (the user who logged in first). A VPN app added or configured as any other user will not work. |
562673 | VPN performance is limited on low-end Chromebook devices. This is documented in the Chrome OS issue: Issue 514341: chrome.vpnProvider severe performance degradation on lower-end Chromebooks. (Note that this link is for a third-party site, and thus is subject to change at any time.) |
Google Account Sync and F5 Access
By default, Google accounts sync apps across all devices. F5 Access for Chrome OS is not supported on the Chrome browser on platforms other than Chrome OS. An error message will be displayed if the user attempts to launch F5 Access on a platform other than Chrome OS. For more information, see Sync information across Chromebooks. (Note that this link is for a third-party site, and thus is subject to change at any time.)
Known issues in 1.0.0
ID Number | Description |
---|---|
537336 | Immediately after the installation or upgrade of F5 Access for Chrome OS, the first time the VPN is initiated you may notice a delay. |
547383 | If the user creates a VPN configuration while another VPN configuration is connected, the system shows the error Connection to name has been lost. This is documented in the Chrome OS defect https://code.google.com/p/chromium/issues/detail?id=481365 . |
547558 | Traffic from Chrosh tools such as ping or tracepath is not sent through the VPN tunnel. Instead, it is routed through the primary network connection on the device. No workaround or mitigation is available. See: Issue 534872: Allow third-party VPNs to tunnel crosh traffic for more information. (Note that this link is for a third-party site, and thus is subject to change at any time.) |
557689 | The certificate information button in the certificate selection screen is not working properly. This is documented in the Chrome OS defect https://code.google.com/p/chromium/issues/detail?id=312893. |
Supported features in 1.0.0
The following F5 Access features are available in F5 Access for Chrome OS 1.0.0:
Feature |
---|
Username/Password |
Optional Client Certificate |
SAML (APM acting as SP with SP initiated access) |
Feature |
---|
TLS 1.x |
IPv4 lease pool |
DTLS |
DTLS port |
IPv4 transport |
Feature | Notes |
---|---|
Use split tunneling for traffic | |
Force all traffic through tunnel | |
Include Subnet | List of subnets to be routed through the virtual VPN adapter. |
Exclude Subnet | List of subnets to exclude from routing through the virtual VPN adapter. |
AllowLocal SubnetAccess | Excludes local subnet and host or subnet in routes that have been explicitly specified in the client routing table from routing through VPN adapter. |
DNSSuffix | DNS suffix for intranet. |
DNS | DNS server for VPN connection. |
Feature | Notes |
---|---|
Client Proxy Settings | Settings apply to the proxy behind the Access Policy Manager. |
Client Proxy Autoconfig Script | The URL for a proxy auto-configuration script, if one is used with this connection. |
Client Proxy Address | IP address of the client proxy server that network access clients use to connect to the Internet. |
Client Proxy Port | Port number on the proxy server that you want network access clients to use to connect to the Internet. |
Client Proxy Exclusion List | Specifies the Web addresses that do not need to be accessed through your proxy server. You can use wild cards to match domain and host names or addresses. For example,www.*.com, 128.*, 240.8, 8., mygroup.*, *.* , and so forth. |