Skip to main content

Set up a VPN connection to OutSystems PaaS


Set up a VPN connection to OutSystems PaaS

A VPN Virtual Private Network allows you to extend a private network across the internet. This enables you to create a private network between your OutSystems Cloud Infrastructure and your on-premises systems by establishing a secure communication channel between the two.

Before starting, be sure to check the Requirements to set up a VPN to OutSystems PaaS. 

To enable a VPN connection between your data center and your OutSystems Cloud Infrastructure, you will need to:

  1. Request a VPN to your data center;
  2. Provide information about your data center;
  3. Configure your VPN device;
  4. Configure your firewall.

Step 1: Request a VPN to your data center

Log in into the infrastructure management console (make sure your user has an administrator role). Navigate to the 'Environments' tab, click the 'Options' menu and choose the 'Activate VPN' option.



Step 2: Provide information about your data center

During the VPN Service activation process, our support engineers will need the following information:

  • The public IP of your internet gateway;
  • The brand/model of your VPN device;
  • Your internal network IP range that has access to the VPN.

To speed up the process, be sure to have this information before submitting the request. If there are other people in your company that should be involved in this process, add their contacts to the ticket that has been created on the Support portal.


Platform Version

Activate VPN.png



Older Platform Versions


In this case, you will receive an email to provide the information required.


On the confirmation screen, click the 'Activate VPN Service' button.


Step 3: Configure your VPN device

Once all the required information has been provided, OutSystems Support will configure the VPN connection on your OutSystems Cloud Infrastructure. You will then receive a configuration file with information on how to set up your end of the VPN.

The configuration file will look similar to this:

Category Definition
VPN Hardware Manufacturer  Amazon AWS VPC with VPN Service 
VPN Peer address  <provided after the VPN gateway is configured> 
Supported VPN Protocols  IPsec 
Phase 1 Parameters 
Protocol  IKE v1 or IKE v2 (IKE v2 is only supported for VPN connections created after February 6, 2019)
Authentication Method  Pre-shared Key 
Protocol Communications  Encapsulated UDP port 500, NAT-T (UDP port 4500)
Encryption Algorithm  AES-128, AES-256
Diffie-Hellman Group  2 (1024 bit), 14-18 (2048 bit), 22, 23, and 24 (2048 bit)
Perfect Forward Secrecy (PFS)  Yes 
Hashing Algorithm for Integrity  SHA-1,  SHA-256
Re-negotiation time  28800 seconds 
Mode  Main 
Phase 2 Parameters 
Protocol  IKE Phase II (IPSEC SA) 
IPSec Protocol  ESP; UDP port 500; NAT-T is supported on your side.
Encryption Algorithm  AES-128, AES-256
Encryption Mode  Tunnel 
Diffie-Hellman Group  2 (1024 bit), 5 (1536 bit), 14-18 (2048 bit), 22, 23, and 24 (2048 bit)
Hashing Algorithm for Integrity  SHA-1,  SHA-256
Lifetime Measurement  Time 
Time Lifetime  3600 seconds 

Once the support case is closed, the infrastructure management console will display the VPN service as active.

Step 4: Configure your firewall

You also need to configure your firewalls to allow IPSec traffic:

  • Allow UDP traffic on port 500 between your datacenter VPN gateway and each of the tunnels to the OutSystems Cloud. There should be four rules: two inbound, two outbound;
  • Allow traffic with IP protocol 50 (Encapsulating Security Payload) between your gateway IP and the two tunnels IPs in the Virtual Private Gateway;
  • Add other inbound and outbound firewall rules to access your on-premises systems. As an example, create a rule on port 1433 for SQL Server databases, port 1521 for Oracle databases, etc.

More Information

If you need to add an additional internal network IP range that has access to the VPN you should contact OutSystems Support in order for them to perform the needed changes.

Check the Troubleshoot VPN connection problems article if you're having issues with your VPN connection.