Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1727 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pre-shared Keys Changing

MrOven

Hi, I have a doubt about a pop-up in the vpn configuration menu.

My current firmware is: SFOS 19.0.0 GA-Build317

When i click to save button on the vpn configuration, i have the same pop-up: "the change will update the pre shared key of the all connections configured between the same local and remote peers in this connection". 

I am afraid to continue the configuration because I can't lost or change any other working vpn cofiguration.

I would like to know if continuing the configuration I would lose the other VPNs or damage them.
If so, what can I do to avoid it?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello ,

    Thank you for reaching out to the community, if you make any changes on the VPN configurations then the users will need to re-download the config file once again in order to connect it successfully !!

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Thanks for answering, the connection is a site-to-site, I already have 2 configured with the same preshared key and I need to add others with a different preshared key. My question is: will i lost or will the other site-to-site connection get modified, after applying the nw site-to-site connection?

  • +1 in reply to MrOven

    No, for Site-to-Site VPN, if you update the PSK then ensure the remote peer appliance has the same PSK. 

    And it does not effect the another running IPsec tunnel until that IPsec's tunnel remote PSK has been changed !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to Vivek Jagad

    Ipsec works in phase 1 and phase 2. 

    Phase 1: PSK

    Phase 2: Own key.

    This means, if you have an green tunnel, it will use Phase2. You can change the key. But if you disconnect and reconnect, the PSK is needed. If this is changed, the tunnel will stay down.

    SFOS will use the same PSK for all Wildcard Tunnel (Remote tunnel: *) 

    __________________________________________________________________________________________________________________

Reply
  • +1 in reply to Vivek Jagad

    Ipsec works in phase 1 and phase 2. 

    Phase 1: PSK

    Phase 2: Own key.

    This means, if you have an green tunnel, it will use Phase2. You can change the key. But if you disconnect and reconnect, the PSK is needed. If this is changed, the tunnel will stay down.

    SFOS will use the same PSK for all Wildcard Tunnel (Remote tunnel: *) 

    __________________________________________________________________________________________________________________

Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?