Skip to main content

Set up a VPN connection to OutSystems PaaS

A VPN Virtual Private Network allows you to extend a private network across the internet. This enables you to create a private network between your OutSystems PaaS and your on-premises systems by establishing a secure communication channel between the two.

Before starting, be sure to check the Requirements to set up a VPN to OutSystems PaaS. To enable a VPN connection between your data center and OutSystems PaaS, you'll need to:

  1. Request a VPN to your data center;
  2. Provide information about your data center;
  3. Configure your VPN device.

Step 1: Request a VPN to your data center

Log in into the infrastructure management console the administrator credentials. Navigate to the  'Environments' tab, click the 'Options' menu, and choose the 'Activate VPN' option.



Step 2: Provide information about your data center


During the process of activating the VPN Service, our support engineers will need the following information:

  • The public IP of your internet gateway;
  • The brand/model of your VPN device;
  • Your internal network IP range that has access to the VPN.

To speed up the process, be sure to have this information. If there are other people in your company that should be involved in this process, add their contacts to the ticket that has been created on the Support portal.


Platform Version

Activate VPN.png



Older Platform Versions


In this case, you will receive an email to provide the information required.


On the confirmation screen, click the 'Activate VPN Service' button.


Activating the VPN requires performing manual configurations. One of our support engineers will contact you to continue the process. 


VPN service is only displayed as active in the infrastructure management console after the support case is closed.

Step 3: Configure your VPN device

When we have all information needed, we'll configure the VPN connection on the OutSystems PaaS. After this is done, we'll send you a configuration file with information on how to set up your end of the VPN.

The configuration file looks like this

Category Definition
VPN Hardware Manufacturer  Amazon AWS VPC with VPN Service 
Technical Contact, +351 214 153 739 
VPN Peer address  <provided after the VPN gateway is configured> 
Supported VPN Protocols  IPsec 
Phase 1 Parameters 
Protocol  IKE v1 (IKEv2 is not supported)
Authentication Method  Pre-shared Key 
Protocol Communications  Encapsulated UDP port 500, NAT-T (UDP port 4500)
Encryption Algorithm  AES-128, AES-256
Diffie-Hellman Group  Group 2 (1024 bit), Group 5 (1536 bit)
Perfect Forward Secrecy (PFS)  Yes 
Hashing Algorithm for Integrity  SHA-1,  SHA-256
Re-negotiation time  28800 seconds 
Mode  Main 
Phase 2 Parameters 
Protocol  IKE Phase II (IPSEC SA) 
IPSec Protocol  ESP; UDP port 500; NAT-T is supported on your side.
Encryption Algorithm  AES-128, AES-256
Encryption Mode  Tunnel 
Diffie-Hellman Group  Group 2 (1024 bit), Group 5 (1536 bit)
Hashing Algorithm for Integrity  SHA-1,  SHA-256
Lifetime Measurement  Time 
Time Lifetime  3600 seconds 

Step 4: Configure your firewall

You also need to configure your firewalls to allow IPSec traffic:

  • Allow UDP traffic on port 500 between your datacenter VPN gateway and each of the tunnels to the OutSystems Cloud. There should be four rules: two inbound, two outbound;
  • Allow traffic with IP protocol 50 (Encapsulating Security Payload) between your gateway IP and the two tunnels IPs in the Virtual Private Gateway;
  • Add other inbound and outbound firewall rules to access your on-premises systems. As an example, create a rule on port 1433 for SQL Server databases, port 1521 for Oracle databases, etc.

More Information

Check the Troubleshoot VPN connection problems if you're having issues with your VPN connection.