It seems everyone has jumped on the VPN bandwagon these days. On Chromebooks, we can use VPN extensions, but these don't protect Android apps. We can use Android VPN apps, which protect the entire ChromeOS (including Android apps but not Linux apps).
So what happens today? Even if you have an Android VPN running, the Linux apps go our via your origin IP bypassing the VPN network adapter. If you need to use a VPN with the Linux container today on ChromeOS, you have to install a Linux VPN client in the container itself.
In Chrome 76, Google will finally fix this issue and app Linux traffic will also flow through the VPN (extension of Android app). You can test this today if you have the developer or Canary versions of ChromeOS installed on your Chromebook.
We expect ChromeOS 76 to be released to the Beta channel June 13-20 and to the stable channel around July 30.
Other cool features coming with the ChromeOS 76 release will be
"Picture In Picture" support for most video platforms
"Web Share Target Level 2" which will allow any installed application to receive a file share (using a manifest)