VPN Enhancements in Liferay Cloud: TCP protocol, PreShared-key and TLS certificate

Liferay Cloud, has rolled out a series of significant enhancements to its VPN offerings this quarter. These updates are aimed at providing users with more control, security, and flexibility over their VPN configurations.

1. TCP Communication Protocol

Liferay Cloud Platform now allows users to choose between two major communication protocols: UDP and TCP.

Key Takeaways:

  • The VPN service seamlessly supports both UDP and TCP protocols, paving the way for smoother communication between Liferay Cloud and the users' internal networks.
  • The platform’s console interface has been refined, introducing a dropdown menu where users can effortlessly switch between the two protocols. Upon making a selection, users receive a confirmation of their updated VPN configuration.

2. Refined VPN Client-to-Site Authentication with PreShared-key

With the recent rollout, Liferay DXP Cloud has augmented its VPN Client-to-Site offerings, introducing the PreShared-key (PSK) authentication method.

Key Takeaways:

  • The VPN service now caters to two authentication methods: the existing PublicKey+Certificate and the newly added PreShared-key.
  • For reinforced security, a distinct PSK is generated for every individual client-to-site VPN connection.
  • The user interface has been tailored to accommodate these changes. A dropdown menu in the VPN configuration dashboard allows users to select their preferred authentication method, with a confirmation message ensuring clarity on the applied settings.
  • Beyond mere PSK generation, tools are embedded to allow users to manage and modify their keys, offering more autonomy over security configurations.

3. Upgrades to OpenVPN Peer Validation with TLS certificate

Liferay Cloud’s OpenVPN setup has seen a pivotal enhancement, providing users the flexibility to upload their client's TLS certificate and key during the OpenVPN server establishment.

Key Takeaways:

  • Prior to this enhancement, the OpenVPN client wasn't configurable with a TLS certificate and key. Recognizing the frequent requirement for client-side TLS certificate authentication in many VPN setups, this gap has been addressed.
  • The entire VPN ecosystem, from the backend vpn-openvpn to the user-facing API and Console interface, has been enhanced to support this change.
  • As a result, users can now have their VPN configurations that utilize their TLS certificate and key, granting them more authentication options and a fortified connection.


Liferay Cloud's recent spate of VPN enhancements underlines the platform's commitment to optimizing user experience through technical advancements. These refined features grant users more granularity in their VPN configurations, ensuring both robust security and operational flexibility. For any clarifications or technical assistance, our dedicated support team is always at your disposal.

Was this article helpful?
0 out of 0 found this helpful