About Preshared Keys

A preshared key can be used instead of a certificate to authenticate the endpoints of a VPN tunnel during IKE phase 1.

Advantages

  • Easier to set up than certificates for small enterprises.

Disadvantages

  • Keys must be distributed offline, then manually entered, making them vulnerable to interception or mistyping.

  • When many clients use the same VPN tunnel, the clients must all use the same key.

  • It is difficult to change keys when many clients are involved.