Configuring a VPN Server
The following scenario walks through how to set up an IPsec or OpenVPN VPN server. Once a VPN server is configured, a secure connection can be established between an internal network and the production environment on Liferay Cloud. This example uses Ubuntu Server 18.0.4 as a proof of concept. Please read the VPN Integration Overview article for an overview on Liferay Cloud’s Client-to-Site VPNs functionality.
Configuration commands and values are subject to change and should be adapted for your specific environment.
EAP-TLS
and EAP-MSCHAPV2
authentication protocols are both supported for VPN connections.
Basic Setup for an IPsec Server
To configure an IPsec test server:
-
Save the following file as
~/ipsec.conf
and replace theleftid
value with your VPN server’s external IP.If you want to use the
EAP-TLS
protocol instead of onlyEAP-MSCHAPv2
, addeap-tls
to therightauth
line of the configuration: -
On your server, replace the
SERVER_EXTERNAL_IP
with your VPN server’s external IP andUSERNAME/PASSWORD
with your values: -
Install the necessary dependencies:
-
Set up the security certificates and keys.
If you want to use
EAP-MSCHAPV2
, then run these commands to generate the certificate:Otherwise, to use
EAP-TLS
, run these commands: -
If you are using
EAP-TLS
for your VPN connection, then add this to your/etc/ipsec.secrets
file (using your VPN password): -
Configure StrongSwan (see the
server.conf
file described above). -
Configure the VPN server’s authentication.
-
Configure the OS kernel.
-
Configure the OS’s firewall.
-
Obtain a server certificate to use on the client.
The IPsec VPN server has been configured.
Basic Setup for an OpenVPN Server
Follow these steps if using an OpenVPN server:
-
Create a
~/server.conf
with the following values: -
Install the necessary dependencies:
-
Set up the certificates and keys.
-
Use the OpenVPN
server.conf
file from above. -
Configure the OS kernel.
-
Configure the OS firewall
-
Start the VPN server service.
-
Create the OS user to be used for authentication on the VPN.
The OpenVPN server has been configured.