Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johnlloyd_13
Contributor II

Created on ‎09-17-2023 07:45 PM

How to view IPSec Tunnel PSK

hi,

i'm trying to document our FG. how do i view/check the configured pre-shared key string?

can this be viewed in the GUI or via CLI only? where in the GUI or what command to use?

Labels:
13982
0 Kudos
2 Solutions
srajeswaran
Staff
Staff

Created on ‎09-17-2023 10:22 PM

Preshared keys are saved as encrypted keys once you save the config and we cannot see the decrypted value. If you lost the key, the ideal option is to change the keys on both sides of tunnel.

You can see the encrypted keys in below location on GUI/CLI.
image.png

 

config vpn ipsec phase1-interface
edit "Test"
set interface "port3"
set peertype any
set net-device disable
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set comments "VPN: Test (Created by VPN wizard)"
set wizard-type static-fortigate
set remote-gw 10.10.10.1
set psksecret ENC E/W7Rt2omWmzvZOX1qGGf7ice4JdqdsSxbPLfAkKGDV9tywVxPkHVFXZE9sszT75k7gdcdXldz5uTofF60OmMYdqHBxULCAAAbNLtZ/2DBecLwoEY5Q9a3NqNmU5ZDSsC7OClaCbeaTZMAPsN2ev+yAyBaxfw9stMMGDfx7Jdy+P/YBJyJ3BR+IxIRaWBsV4vvtUiw==
next
end

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

13965
xsilver_FTNT
Staff
Staff

Created on ‎09-17-2023 10:57 PM

Hi @johnlloyd_13 

Hint:
as @srajeswaran mentioned, encrypted secret/pre-shared key is visible in CLI.
In case you would need to restore such config it is in there, in backup, or could be even copied and paste to new config and it will still work. If the opposite side of the VPN still has the same pre-shared key, then tunnel will work even without knowledge of actual plain text form.

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

View solution in original post

13961
4 REPLIES 4
srajeswaran
Staff
Staff

Created on ‎09-17-2023 10:22 PM

Preshared keys are saved as encrypted keys once you save the config and we cannot see the decrypted value. If you lost the key, the ideal option is to change the keys on both sides of tunnel.

You can see the encrypted keys in below location on GUI/CLI.
image.png

 

config vpn ipsec phase1-interface
edit "Test"
set interface "port3"
set peertype any
set net-device disable
set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
set comments "VPN: Test (Created by VPN wizard)"
set wizard-type static-fortigate
set remote-gw 10.10.10.1
set psksecret ENC E/W7Rt2omWmzvZOX1qGGf7ice4JdqdsSxbPLfAkKGDV9tywVxPkHVFXZE9sszT75k7gdcdXldz5uTofF60OmMYdqHBxULCAAAbNLtZ/2DBecLwoEY5Q9a3NqNmU5ZDSsC7OClaCbeaTZMAPsN2ev+yAyBaxfw9stMMGDfx7Jdy+P/YBJyJ3BR+IxIRaWBsV4vvtUiw==
next
end

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
13966
xsilver_FTNT
Staff
Staff

Created on ‎09-17-2023 10:57 PM

Hi @johnlloyd_13 

Hint:
as @srajeswaran mentioned, encrypted secret/pre-shared key is visible in CLI.
In case you would need to restore such config it is in there, in backup, or could be even copied and paste to new config and it will still work. If the opposite side of the VPN still has the same pre-shared key, then tunnel will work even without knowledge of actual plain text form.

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

13962
johnlloyd_13
Contributor II

Created on ‎09-19-2023 05:18 AM

thanks guys! appreciate it.

13923
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎04-30-2024 10:18 PM

One trick that I found useful in order to actually see it instead of copy/paste it as it is in case that you need it for RA IPsec, https://fortigateip:port/api/v2/cmdb/vpn.ipsec/phase1-interface?plain-text-password=1

"jack of all trades, master of none"
"jack of all trades, master of none"
10065
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.