Using pre-shared keys

A pre-shared key is a secret key shared by two IKE peers.

Before using pre-shared keys, you have to define them and to store them on Turbo IPsec.

  • Add pre-shared keys:

    router{conf:myconfig}sec
    router{conf:myconfig-sec}psk [IDS] [vrf-id ID|any] KEY
    
    IDS

    One or more ID selectors, specifying which IKE peers use this pre-shared key. To specify several selectors, separate them with spaces and surround the list with double quotes. An identifier can be:

    • IPv4 or IPv6 address
    • Email address (user-FQDN)
    • DNS name (FQDN)

    See also

    For more details, please refer to the ID selector section in strongSwan’s ipsec.secrets documentation.

    vrf-id

    Optional. VRF in which this pre-shared key is used. Defaults to VRF zero.

    ID

    ID of the VRF.

    any

    This pre-shared key can be used in all VRs.

    KEY

    The pre-shared key (a byte string). You can type it:

    • as a character string, or,
    • as an hexadecimal string with a leading 0x.

    The character string cannot include blank characters or quotes.

    Important

    For security reasons, choose a string length of at least 20 bytes.

    Example

    Router ID VRF
    A FQDN hurricane.6wind.com 1
    B IPv6 address 3ffe:327:450:ffff:215:3fff:fea2:8c56 Any

    Router A will perform a pre-shared key based IKE negotiation with router B.

    1. Enter the following commands on router A:

      router{conf:myconfig}sec
      router{conf:myconfig-sec}psk "@hurricane.6wind.com 3ffe:327:450:ffff:215:3fff:fea2:8c56" vrf-id 1 6windpsktest
      
    2. Enter the following commands on router B:

      router{conf:myconfig}sec
      router{conf:myconfig-sec}psk "3ffe:327:450:ffff:215:3fff:fea2:8c56 hurricane.6wind.com" vrf-id any 6windpsktest
      
  • Delete a specific pre-shared key:

    router{conf:myconfig}sec
    router{conf:myconfig-sec}delete psk [IDS] [vrf-id ID|any] KEY
    
  • Delete all pre-shared keys:

    router{conf:myconfig}sec
    router{conf:myconfig-sec}delete psk all