Connecting a VPN Server to Liferay Cloud
You can use Liferay Cloud’s VPN feature to connect your Liferay Cloud services to external services on private networks. This allows you to operate an external system with the Cloud environment as though they exist within the same network.
For example, you may need to connect your Liferay Cloud services to directories or applications that are only accessible on a company VPN. You’ll learn how to do this here.
Creating a VPN Configuration
Go to your environment’s Settings tab.
Scroll down to the VPN section of the page and click Create New VPN.
Select the connection protocol to use. Here are the supported protocols:
Selecting a protocol reveals the required fields to connect with it below.
Fill in the VPN’s required fields:
Server: The server’s IP address.
Port: The VPN’s local port number.
Account Name: The administrator’s email address.
Password: The administrator’s password.
IKE Version: The VPN’s Internet Key Exchange version. This field only appears when IPSec is selected as the protocol. Only IKEv2 is supported.
Certificate: The certificate code.
Enter one or more port forwarding routes for your VPN connection. Fill in the required fields for each route:
Forwarded Port: The port number within the Liferay Cloud environment to forward.
Destination IP: The IP address of the customer network interfacing with the VPN.
Destination Port: The port of the customer network interfacing with the VPN.
tipAdd more port forwarding routes by clicking the + icon on the right side. Remove added routes by clicking the Trash icon to the side of the existing route.
Click Create VPN.
The VPN configuration has been created. However, the VPN is not connected until you manually connect it from the VPN details page.
Managing Your VPN Configuration
Once you have created your VPN configuration, you can view the status of the connection and configuration details, edit the configuration, and connect or disconnect from the details page.
Navigate to your environment’s Settings page and then click on the configured VPN connection to get to the details page.
The status of the VPN (connected or not connected) is visible both from the VPN details page, as well as the VPN section of the Settings
page of your environment.
Connecting and Disconnecting the VPN
The VPN details page indicates whether or not the VPN is already connected in the top-right corner. If the VPN is not connected, then click the Connect button to establish the connection.
The VPN attempts to connect after clicking the button. If the connection fails, then the failed attempt displays in the Related Activities section of the details page.
You can manually test the connectivity of your services to an IP address through your VPN by using the service’s shell to run a command like the following: curl -v [address]
.
While the connection is being established, the message “VPN connection attempt initiated” appears, and you cannot perform other management operations for your VPN until it completes. If you need to cancel the connection (for example, because an error is causing the connection to hang), then click “Cancel” on the pop-up.
To disconnect the VPN any time after the connection is established, click Disconnect from the top-right Actions menu. This takes you to the Disconnect VPN page.
Disconnecting the VPN will interrupt communications with any external services with Liferay Cloud.
Check the boxes confirming the impact of disconnecting the VPN, and then click Disconnect VPN to immediately disconnect it. Once the VPN is disconnected, the configuration can be changed again.
Editing the Configuration
You can change any details of the VPN configuration (including forwarding ports) after it has been created as long as the VPN is not currently connected. If the VPN is connected, then disconnect it before editing the configuration.
To edit the configuration, go to the environment’s details page, and then Edit… from the top-right Actions menu. This displays the same screen as creating the VPN configuration for the first time.
Deleting the Configuration
You can completely remove a VPN configuration by using the Delete VPN option.
From your environment’s Settings page, click the Actions menu for the VPN and click Delete VPN.
On the Delete VPN page, check the checkbox to confirm the deletion. More checkboxes appear to confirm the effects if the VPN is connected at the time.
Click Delete VPN at the bottom of the page.
The VPN is deleted and can no longer be used for your environment. Add a new VPN configuration to connect to your environment instead.