You can use a pre-shared key (also called a shared secret or PSK) toauthenticate the Cloud VPN tunnel to your peer VPN gateway. As a securitybest practice, we recommend that you generate a strong 32-characterpre-shared key.
For more information about Cloud VPN, see theCloud VPN overview.
For definitions of terms used on this page, seeKey terms.
Generated for you
Your browser generates the following random string by using theJavaScript snippet at the end of this page. It is 24 bytes fromCrypto.getRandomValues
, and is base64-encoded to create a 32-characterpre-shared key.
By using this snippet, the private key stays securely in your browser. If youwant to generate it on your own system, use one of the generation methodslisted in the next section.
To generate a new random pre-shared key, click the Regenerate button.
Generation methods
Use the following methods to generate a strong 32-character pre-shared key.
OpenSSL
On a Linux or macOS system, run the followingOpenSSL command:
openssl rand -base64 24
/dev/urandom
On a Linux or macOS system, you can also use /dev/urandom
as a pseudorandomsource to generate a pre-shared key:
On Linux or macOS, send the random input to
base64
:head -c 24 /dev/urandom | base64
Pass the random input through a hashing function, such as
sha256
:On Linux:
head -c 4096 /dev/urandom | sha256sum | cut -b1-32
On macOS:
head -c 4096 /dev/urandom | openssl sha256 | cut -b1-32
JavaScript
You can generate the pre-shared key directly in a document by using JavaScriptwith theW3C Web Cryptography API.This API uses theCrypto.getRandomValues() method,which provides a cryptographically sound way of generating a pre-shared key.
The following code creates an array of 24 random bytes, and thenbase64 encodes those bytes to produce a random 32-character string:
var a = new Uint8Array(24); window.crypto.getRandomValues(a); console.log(btoa(String.fromCharCode.apply(null, a)));
What's next
- To use high-availability and high-throughput scenarios or multiplesubnet scenarios, seeAdvanced configurations.
- To help you solve common issues that you might encounter when usingCloud VPN, see Troubleshooting.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2023-12-15 UTC.
[{ "type": "thumb-down", "id": "hardToUnderstand", "label":"Hard to understand" },{ "type": "thumb-down", "id": "incorrectInformationOrSampleCode", "label":"Incorrect information or sample code" },{ "type": "thumb-down", "id": "missingTheInformationSamplesINeed", "label":"Missing the information/samples I need" },{ "type": "thumb-down", "id": "otherDown", "label":"Other" }] [{ "type": "thumb-up", "id": "easyToUnderstand", "label":"Easy to understand" },{ "type": "thumb-up", "id": "solvedMyProblem", "label":"Solved my problem" },{ "type": "thumb-up", "id": "otherUp", "label":"Other" }]
The topic at hand delves into Network Connectivity and Cloud VPN, focusing on the setup and authentication process, specifically using pre-shared keys (PSK). As an expert in networking and cloud services, I can delve into the concepts mentioned.
- Home: Likely refers to the starting or landing page of a network or system.
- Docs: Documentation or instructional materials guiding users through various processes.
- Network Connectivity: The ability of devices, systems, or networks to connect and communicate with each other.
- Documentation: Information, guides, or references aiding in the understanding or utilization of a system or service.
- Cloud VPN: A Virtual Private Network (VPN) service provided via the cloud, allowing secure connections between different networks or devices.
- Guides: Detailed instructions or manuals assisting users in navigating through processes or setups.
- Collections: A way to categorize and organize content or information based on user preferences.
- Pre-shared key (PSK): A cryptographic key shared between parties in advance to authenticate communication.
- Authentication: The process of verifying the identity of a user or system.
- Security Best Practices: Recommended methods or protocols aimed at enhancing the security of systems or networks.
- Crypto.getRandomValues(): A method used in JavaScript to generate cryptographically secure random values.
- Base64 Encoding: A method to encode binary data into ASCII characters to ensure safe transmission.
The provided excerpt details the importance of generating a strong 32-character pre-shared key for Cloud VPN authentication. It offers various methods to generate this key, including using OpenSSL commands on Linux or macOS systems, employing JavaScript with the Web Cryptography API, or utilizing pseudorandom sources like /dev/urandom.
The mentioned "Regenerate" button allows the creation of a new random pre-shared key, ensuring security. Additionally, it hints at further advanced configurations for specific scenarios and troubleshooting tips for common issues encountered while using Cloud VPN.
Understanding these concepts is crucial for setting up and maintaining secure network connections, especially when dealing with cloud-based services like VPNs.