Pre-shared keys, Using a pre-shared key – D-Link DFL-2500 User Manual
Page 250
1.
Go to Objects > VPN Objects > IKE Algorithms > Add > IPsec Algorithms
2.
Enter a name for the list eg. esp-l2tptunnel.
3.
Now check the following:
•
DES
•
3DES
•
SHA1
•
MD5
4.
Click OK
Then, apply the proposal list to the IPsec tunnel:
1.
Go to Interfaces > IPsec
2.
In the grid control, click the target IPsec tunnel
3.
Select the recently created esp-l2tptunnel in the IPsec Algorithms control.
4.
Click OK
9.3.7. Pre-shared Keys
Pre-Shared Keys are used to authenticate VPN tunnels. The keys are secrets that are shared by the
communicating parties before communication takes place. To communicate, both parties prove that
they know the secret. The security of a shared secret depends on how "good" a passphrase is.
Passphrases that are common words are for instance extremely vulnerable to dictionary attacks.
Pre-shared Keys can be generated automatically through the WebUI but they can also be generated
through the CLI using the command pskgen (this command is fully documented in the CLI
Reference Guide).
Example 9.2. Using a Pre-Shared key
This example shows how to create a Pre-shared Key and apply it to a VPN tunnel. Since regular words and
phrases are vulnerable to dictionary attacks, they should not be used as secrets. Here the pre-shared key is a
randomly generated hexadecimal key. Note that this example does not illustrate how to add the specific IPsec
tunnel object.
CLI
First create a Pre-shared Key. To generate the key automatically with a 64 bit (the default) key, use:
gw-world:/> pskgen MyPSK
To have a longer, more secure 512 bit key the command would be:
gw-world:/> pskgen MyPSK -size=512
Or alternatively, to add the Pre-shared Key manually, use:
gw-world:/> add PSK MyPSK Type=HEX PSKHex=<enter the key here>
Now apply the Pre-shared Key to the IPsec tunnel:
gw-world:/> set Interface IPsecTunnel MyIPsecTunnel PSK=MyPSK
Web Interface
First create a Pre-shared Key:
9.3.7. Pre-shared Keys
Chapter 9. VPN
250