Meraki

Community

Special characters in pre-shared key for non-Meraki site-to-site vpn

Jeizzen
Getting noticed
‎Aug 3 2020 11:01 AM
‎Aug 3 2020 11:01 AM

Special characters in pre-shared key for non-Meraki site-to-site vpn

Hi,

 

It is written that special characters are not recommanded at beginning or end of the key for Client VPN:

 

Client VPN uses the L2TP/IP protocol, with the following encryption and hashing algorithms: 3DES and SHA1 for Phase1, AES128/3DES and SHA1 for Phase2. As a best practice, the shared secret should not contain any special characters at the beginning or end.

 

I'm wondering if this can create an issue, but for non-meraki site-to-site VPN ?

 

thanks

 

0 Kudos
2 Replies 2
cmr
Kind of a big deal
Kind of a big deal
‎Aug 3 2020 11:40 PM
‎Aug 3 2020 11:40 PM

@Jeizzen if you are having an issue and the psk has a special character at the beginning or end then I'd change it to see.  It would not surprise me if the same applies to both.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Aug 4 2020 12:07 AM
‎Aug 4 2020 12:07 AM

The issue with client VPN is that many of the GUIs don't accept some special characters correctly.  So you type it in correctly, but it doesn't work.

 

Weather you have the same issue with non-Meraki VPNs will also depend on devices being able to process special characters.

I'll give you a specific example.  Cisco routers use the ' to denote the start of a comment.  So if you have a PSK with a ' character in it, it ignores that character and the rest of the PSK.  Looks perfect, just doesn't work.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.