Ziti Mobile Edge on ChromeOS (Google Workspace Managed Device) Auto-Closes Immediately After Launch

ss_vinoth22 · November 16, 2025, 11:12pm

Environment

Device: ASUS Chromebook CX14
OS: ChromeOS (latest stable channel)
App: Ziti Mobile Edge (Android app from Google Play Store)
Management: Device enrolled under Google Workspace (Enterprise/Business)
Workspace Policies: Android app restrictions partially controlled by Admin Console
User: Logged in with a Google Workspace account
External Apps: No other VPN apps or firewalls installed

On a Google-Workspace–managed Chromebook, Ziti Mobile Edge launches for 1–2 seconds and then immediately closes, repeatedly.

Even after the admin unlocked all visible app permissions, ChromeOS reports:

“No permissions granted”
“Allowed permissions: None”
Admin Console shows: “This app does not support Android managed configurations.”

When the app attempts to start the VPN tunnel, ChromeOS kills the process, and the device loses internet connectivity until the Ziti app is uninstalled.

Is Ziti Mobile Edge officially supported on ChromeOS (Android container) under Google Workspace device management?
Are there known limitations with ChromeOS VPN APIs or Android VPNService on managed devices?

ekoby · November 17, 2025, 4:55pm

Are you configuring your managed devices to run ZME via Google EMM?

ss_vinoth22 · November 17, 2025, 8:20pm

Yes with Google manged policies

ekoby · November 18, 2025, 3:26pm

thank you for reporting this. We have not had to look into it yet. Let us do some research and run some tests on our end.

ss_vinoth22 · November 20, 2025, 8:21am

Today i tested with one of client chrome OS PC,
Ziti Mobile Edge installs successfully on ChromeOS, and the JWT enrollment also completes successfully.
However, immediately after the JWT is added and the tunnel attempts to start, the Ziti app crashes and becomes unusable.

After the crash:

The Ziti app cannot be opened again
Even after reboot, the app closes instantly
Clearing data resets app temporarily, but crash always occurs again after next JWT enrollment

Other Android VPN apps (Wireguard, OpenVPN, etc.) work fine on the same Chromebook, which means:

Android VPNService API is allowed
VPN tunneling is permitted
ChromeOS itself is not blocking VPNs

This behavior appears specific to Ziti Mobile Edge on ChromeOS.

Could someone help me fix this? because we have few clients who uses chromebook which is a blocker

ss_vinoth22 · November 24, 2025, 9:19am

@ekoby Could you confirm me, if this is an compatibility issue on chrome OS?

ss_vinoth22 · December 2, 2025, 5:13am

@ekoby I have tested with and without Google workspace rules, Basically it is crashing after JWT is enrolled on chrome OS. So its not policy issue, looks like compatability issue. Can you help us fixing this? We have few clients who are using chromebook we need to make them use our app via ziti. Its kind of blocker. It would be really helpful if some one can take a look and fix it?

ekoby · December 3, 2025, 8:49pm

Unfortunately I don't have a physical ChromeOS device to test with. It seems to work as expected on a virtual/simulated device.

if you're willing to help us to diagnose this issue:

enable ADB bridge on your device (non-managed only) like described here
create a bug report: adb bugreport ./bugreport.zip. the zip file may contain information that would help us

ss_vinoth22 · December 3, 2025, 11:38pm

Sure i can help you debug . will generate bugreport today and will send you

ss_vinoth22 · December 4, 2025, 1:16pm

I’ve attached the Ziti Mobile Edge logs captured on the Chromebook right after enrollment.
Please take a look and let me know what you find.
I only have this Chromebook for today, so I’m available to run any tests you need to help diagnose the issue.

ziti-logs.txt (499.1 KB)

ss_vinoth22 · December 4, 2025, 1:25pm

https://controller.xxxxx.com:443 version v1.1.15(0eec47ce3c80 2024-10-02T12:59:41Z)

12-04 18:25:37.073 2420 2441 I ziti-sdk:ziti.c:2042 version_pre_auth_cb(): ztx[1] using OIDC authentication method

--------- beginning of crash

12-04 18:25:37.074 2420 2441 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x8 in tid 2441 (native-tunnel), pid 2420 (openziti.mobile)

12-04 18:25:37.199 2507 2507 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstoneProto

12-04 18:25:37.201 142 142 I tombstoned: received crash request for pid 2441

12-04 18:25:37.208 2507 2507 I crash_dump64: performing dump of process 2420 (target tid = 2441)

12-04 18:25:37.901 2507 2507 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

12-04 18:25:37.901 2507 2507 F DEBUG : Build fingerprint: 'google/dedede/dedede_cheets:13/R142-16433.57.0/14390219:user/release-keys'

12-04 18:25:37.901 2507 2507 F DEBUG : Revision: '0'

12-04 18:25:37.901 2507 2507 F DEBUG : ABI: 'x86_64'

12-04 18:25:37.901 2507 2507 F DEBUG : Timestamp: 2025-12-04 18:25:37.229111789+0530

12-04 18:25:37.901 2507 2507 F DEBUG : Process uptime: 21s

12-04 18:25:37.901 2507 2507 F DEBUG : Cmdline: org.openziti.mobile

12-04 18:25:37.901 2507 2507 F DEBUG : pid: 2420, tid: 2441, name: native-tunnel >>> org.openziti.mobile <<<

12-04 18:25:37.901 2507 2507 F DEBUG : uid: 10075

12-04 18:25:37.901 2507 2507 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000008

12-04 18:25:37.901 2507 2507 F DEBUG : Cause: null pointer dereference

12-04 18:25:37.901 2507 2507 F DEBUG : rax 00007beaf7d55100 rbx 00007beb47a0f800 rcx 0000000000000086 rdx 00007beb47a4d380

12-04 18:25:37.901 2507 2507 F DEBUG : r8 0000000000000380 r9 0000000000000000 r10 000000000000005a r11 000000000001861a

12-04 18:25:37.901 2507 2507 F DEBUG : r12 0000000000000000 r13 00007beb47a0f8a0 r14 00007beb47a4d000 r15 00007bec11a2a280

12-04 18:25:37.901 2507 2507 F DEBUG : rdi 00007beb47a4d000 rsi 0000000000000000

12-04 18:25:37.901 2507 2507 F DEBUG : rbp 00007beaf76db920 rsp 00007beaf76db8f0 rip 00007beaf7d54e3d

Looks like it is throwing Cause: null pointer dereference kind of bug on installer for chrome book

ss_vinoth22 · December 5, 2025, 4:27pm

@ekoby Hi Let me know if you have time today to troubleshoot the chromebook device.

ekoby · December 5, 2025, 7:45pm

I just noticed this. is there a way you can upgrade controller and routers? Alternatively you can try commenting out oidc section in controller config/yaml file

ss_vinoth22 · December 5, 2025, 9:48pm

Oh I've deployed via helm charts so how do I comment out?

ss_vinoth22 · December 5, 2025, 10:23pm

i dont see any option of OIDC on configmap of controller

ss_vinoth22 · December 5, 2025, 10:30pm

To which version do i need to upgrade to support chromebook? I might need to be aware of breaking changes when i upgrade from 1.15 to stable version.
Alternatively if i can make some tweek to support on current version it would be great so that i can plan for upgrade later.

ekoby · December 6, 2025, 3:08pm

we (at lease I do) always recommend the latest stable (currently v1.6.9)

ss_vinoth22 · December 6, 2025, 3:16pm

I'm running 1.1.5 is it ok to jump to 1.6.9 what would break?

ss_vinoth22 · December 6, 2025, 3:18pm

I need you suggestion for upgrade. I'm running controller on gke cluster using helm charts

Topic		Replies	Views
Few bugs/issues	12	112	January 24, 2025
Ziti desktop edge + controller/network version compatibility? Ziti Desktop Edge for MacOS	18	113	October 26, 2024
Ziti Mobile Edge Not Connecting to Edge Router General Questions	20	554	June 20, 2023
Android client stopped to authenticate "subject_token is invalid" Ziti Mobile Edge for Android	14	100	November 3, 2025
Android Tunneler Bug Ziti Mobile Edge for Android	21	268	June 2, 2025

Ziti Mobile Edge on ChromeOS (Google Workspace Managed Device) Auto-Closes Immediately After Launch

Environment

Related topics