pre-shared key (2024)

hrbsupport wrote:
alternatively is it possible migrate users in a more phased basis ---- eg set up a new IPsec vpn with a new preshared key and have that running in parallel with the existing IPsec vpn ?

I know this is a reply to an old thread. However, I thought I'd make a suggestion.

Basically, it is possible to use more than one pre-shared key on the same phase1 configuration. Here is the relevant (but incomplete) config bits:

config vpn ipsec phase1-interface
edit "tunnelname"
set type dynamic
 set peertype dialup
set usrgrp "IPsec-PSKs"
next
end

The pre-shared key is not specified in the phase1 configuration. Instead, each key is represented by a local user. The client indicates which name/password (key) to use by entering the username as the localID or leaving the localID blank and instead only define a pre-shared key in the form of [username]+[key/password] as one long string. (This technique can be found in the FortiOS Handbook under the section "Enabling VPN access with user accounts and pre-shared keys".) Note that aggressive mode is required when using localIDs and there's more than one dynamic/dialup phase1 configuration (see "Choosing main mode or aggressive mode" in the FortiOS handbook).

You can (and perhaps should) still use Xauth with a unique account for each user.

You can then manually distribute the new pre-shared key while keeping the old one alive. If you're managing Forticlient from a Fortigate, you can "push" the changes although this wouldn't be fool-proof if some clients are not receiving updates in a timely manner.

pre-shared key (2024)

FAQs

What is a common problem with using pre-shared keys? ›

A PSK network is vulnerable to a wide variety of attacks including: Over-the-Air (OTA) attacks, especially Man-In-The-Middle attacks. Brute force attacks using free security tools like Aircrack-ng. Simple dictionary attacks.

Read On
What does a pre-shared key do? ›

Definitions: A secret key that has been established between the parties who are authorized to use it by means of some secure method (e.g., using a secure manual-distribution process or automated key-establishment scheme). A secret key that has previously been established.

Discover More Details
What is the pre-shared key on my router? ›

It utilizes a pre-shared key, also known as a passphrase or password, that is shared among the network administrator and the users of the network. This key is used to authenticate devices and establish an encrypted connection between the client and the access point.

Continue Reading
What is the pre-shared key for VPN? ›

You can use a pre-shared key (also called a shared secret or PSK) to authenticate the Cloud VPN tunnel to your peer VPN gateway. As a security best practice, we recommend that you generate a strong 32-character pre-shared key. For more information about Cloud VPN, see the Cloud VPN overview.

See Details
Is a pre-shared key better than a certificate? ›

IPsec has two ways of authenticating a peer--via a pre-shared key or a certificate. While pre-shared keys are easier to work with, they are generally considered less secure than a certificate. Pros: Convenience--no need to go through the complicated process of obtaining a certificate.

Find Out More
What is the main weakness in a PSK network? ›

The weakness within this is that the majority of the information required to compute the plaintext PSK passphrase can be enumerated either through packet sniffing the access point (for example the SSID) or by capturing the traffic of the 4-way handshake itself.

Tell Me More
Is Preshared key the Wi-Fi password? ›

Note: The WEP key or WPA/WPA2 preshared key/passphrase is not the same as the password for the access point. The password lets you access the access point settings. The WEP key or WPA/WPA2 preshared key/passphrase allows printers and computers to join your wireless network.

Show Me More
Is pre-shared key my Wi-Fi password? ›

A pre-shared key is basically just a shared secret or password that is used to authenticate an individual attempting to join a wireless network (no username or identification or than the key is required).

Explore More
Should I change the pre-shared key? ›

Rotating your PSKs as soon as an employee leaves an organization is essential, but this still won't cover 100% of security breaches due to improper key management. An employee can also connect his personal devices to the network through a PSK, which leaves the network even more vulnerable.

Continue Reading
What does a preshared key look like? ›

Pre-shared key authentication uses a pre-shared key to authenticate the communicating peers, and a negotiated cipher and secret shared key for encrypting and decrypting the data. This mode is also known as TLS-PSK. The pre-shared key is a string that can be any word or phrase that does not include a comma.

Show Me More

How do I set a Preshared key? ›

Configure a preshared key on a VPN server

Right-click the server that you will configure with the preshared key, and then click Properties. Click Security. Click to select the Allow Custom IPSec Policy for L2TP connection check box. In the Preshared key box, type the preshared key value.

Read The Full Story
What is the difference between shared key and pre-shared key? ›

"Shared key" means that the same key is used by several party. It doesn't tell you how the key was distributed among them. "pre-shared key" means the key has been shared before the current operational context.

See Details
What are the risks of shared logins? ›

When sharing your password with someone else, you risk granting that individual access to every account you own with the same password — and probably even those with similar passwords. If one of these passwords is for a social media platform, an angry colleague could change your profile picture to embarrass you.

Get More Info Here
What is the biggest problem with using simple or commonly used passwords? ›

Passwords such as “123456”, “qwerty”, “admin”, “admin@123”, and “password” consistently remain among the most commonly used passwords. If these passwords are reused across multiple accounts, it becomes even easier for attackers to gain access to sensitive corporate information.

Continue Reading
What are some security risks if a pre-shared key is used to enable L2TP on a VPN server and VPN clients choose all that apply? ›

The primary concern with L2TP is that some VPNs do not implement the protocol effectively, using pre-shared keys that can be downloaded from the service's website. An attacker could use the pre-shared key to impersonate a VPN server and then monitor encrypted traffic or even inject code into the VPN tunnel.

View More
Top Articles
Binance Resumes Bitcoin Withdrawals As Transaction Fees Skyrocket
Will Ripple be Bigger than Bitcoin? Experts Say Yes
Fahrzeugimport aus USA & Kanada - wir bieten den Komplett-Service!
Europas größter Marktplatz für Fahrzeuge aus den USA/Kanada
Latest Posts
BINANCE Review - Accepted Countries, Payment Methods, Coins & User Reviews
FCA Incoterms: What FCA Means and Pricing - Guided Imports
Article information

Author: Patricia Veum II

Last Updated:

Views: 6320

Rating: 4.3 / 5 (64 voted)

Reviews: 87% of readers found this page helpful

Author information

Name: Patricia Veum II

Birthday: 1994-12-16

Address: 2064 Little Summit, Goldieton, MS 97651-0862

Phone: +6873952696715

Job: Principal Officer

Hobby: Rafting, Cabaret, Candle making, Jigsaw puzzles, Inline skating, Magic, Graffiti

Introduction: My name is Patricia Veum II, I am a vast, combative, smiling, famous, inexpensive, zealous, sparkling person who loves writing and wants to share my knowledge and understanding with you.