In case Pre-shared Key will be used to authenticate IPSec tunnels, they need to be created on a Nodegrid system before they can be used.
To create a Pre-Shared key on a Nodegrid use the below steps.
admin@ng-west /]# shell WARNING: Improper use of shell commands could lead to data loss, the deletion of important system files or other unexpected result. Please double-check your syntax when typing shell commands.
admin@ng-west:~$ openssl rand -base64 128 SB1Lhn1Z1GdUj6VKTf5L2V5yAvWCLI2YOdDvIeSbGC3sTnUookxz34ozAtKT9Apu 59VHKMcAikzBH9Vi0sfdinr/4W6wqOv4a2BgRcGbMXtFakNz4IyfuFmGRzEF9xMb G8USf02bRBvYpgM6nbngQkEPDleyLj5epNWS1BHB5PI=
The result of this command will create a valid Pre-Shared key with 128 Byte, which can be used for the IPSec configuration. It needs to be stored in a secrets file. For this store the output of the command in a file in the below format:
: PSK “”
Example the file /etc/ipsec/ipsec.d/mypsk.secrets contains.
100.0.1.10 100.0.2.11 : PSK "z29p/x/g10cI… … … … RafMGnwTH3Bk="
or
@West @East : PSK "z29p/x/g10cI… … … … RafMGnwTH3Bk="
Note: The Pre-Shared Keys have been shortened in the Examples to improve readability.
The secrets files need to be copied to all IPSec nodes. It is to note that the Pre-Shared key is not a text string as such and care should be taken when key is copied to other systems as these might change the key and make it invalid.
The best method is to copy the secrets file to each node.
conn host-to-host-psk connaddrfamily=ipv4 auto=start authby=secret leftid=@West left=192.168.50.4 rightid=@East right=192.168.58.4
Example for /etc/ipsec/ipsec.d/host-to-host-psk.secrets
@West @East : PSK "z29p/x/g10cI… … … … RafMGnwTH3Bk="