In cryptography, a pre-shared key (PSK) is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used.
A PSK can be used to authenticate the VPN tunnel to your peer VPN gateway. It is recommended that you generate a strong 32-character pre-shared key.
When creating an IPsec VPN connection, the VPN server will not allow the authentication process to continue until the correct string of text is given. Unless the VPN server receives the shared secret, a username and password cannot be sent, and the connection will be refused.
On a Linux or macOS system, run the following OpenSSL command:
openssl rand -base64 24
On a Linux or macOS system, you can also use /dev/urandom as a pseudorandom source to generate a pre-shared key:
On Linux or macOS, send the random input to base64:
head -c 24 /dev/urandom | base64
Pass the random input through a hashing function, such as sha256:
head -c 4096 /dev/urandom | sha256sum | cut -b1-32
head -c 4096 /dev/urandom | openssl sha256 | cut -b1-32
The following code creates an array of 24 random bytes, and then base64 encodes those bytes to produce a random 32-character string:
var a = new Uint8Array(24); window.crypto.getRandomValues(a); console.log(btoa(String.fromCharCode.apply(null, a)));