Applies to: OutSystems PaaS.
This topic describes how to activate a site-to-site VPN, allowing your platform running on the cloud to connect securely to the environments you have on-premises.
In this example, the Production environment is running on-premises and the Operations team wants to ensure the OutSystems PaaS and the Production environment are on the same private network.
Benefits of Using a VPN
A VPN allows you to extend a private network across the internet, enabling you to create a private network between your OutSystems PaaS and your OutSystems on-premises installation, and establishing a secure communication channel between the two. This way:
- Your environments are all connected to the same network.
- The data exchanged cannot be read by an unauthorized third-party, since it's encrypted at the packet level.
- The data exchanged cannot be tampered with, since the message integrity is checked.
Technical Details and Requirements
The VPN connection uses industry-standard IPsec tunnel mode (with IKE-PSK, AES-128, HMAC-SHA1, PFS) to authenticate both sides of the VPN connection, and to protect the data. This means that your VPN concentrator device needs to be able to:
- Maintain the same static public IP address
- Establish IKE Security Association using Pre-Shared Keys
- Establish IPSec Security Associations in Tunnel mode
- Use AES 128-bit encryption function
- Use the SHA-1 hashing function
- Use the Diffie-Hellman Perfect Forward Secrecy in "Group2" mode
Before activating the VPN, make sure you know:
- The public IP of your internet gateway
- The brand/model of your VPN concentrator
- Your internal network IP range, that has access to the VPN
Without this information, it will not be possible to configure the VPN.
Activate the VPN
To activate the VPN for your OutSystems PaaS go to the Environments screen, click Options and choose the Activate VPN option.
Since activating the VPN requires performing manual configurations, an OutSystems Support Engineer will contact you with instructions to configure the VPN tunnel to your OutSystems PaaS.