Since dec 2006
1'942'871 Visitors
4'218'042 Pages

Nov 2010 Stats
82'909 Visitors
146'476 Pages
196 countries
Full statistics

Help us translate
our tutorials!

JOIN the
OpenManiak Team.
Blaise Carrera
Tutorials creation:
Blaise Carrera
Giovanni Fredducci
Angel Chraniotis
Moham. H. Karvan
Alexandro Silva
Blaise Carrera
Andrei Chertolyas
Sergiy Uvarov
Nickola Kolev
Łukasz Nowatkowski
Ivo Raisr
Catalin Bivolaru
Bogdan A. Costea
Kirill Simonov
Oliver Mucafir
JaeYoung Jeon
Seungyoon Lee
Jie Yu & Si Cheng
Tao Wei
Fumihito Yoshida
Muhammad Takdir
Çağdaş Tülek
Leslie Luthi
Joe Anderson
Jennifer Ockwell
Nigel Titley
Alison Rees
Blaise Carrera
OPENVPN - The Easy Tutorial - Static Key

OpenVPN Static Key
Last Change : Mar 05 2008


Details What is OpenVPN?
Prerequisites & Installation
Tutorial OpenVPN
-----SECURITY MODE-----------
Transparent Tunnel
Static key
SSL & PKI (certificates)
-----CASE STUDY-----------
Ethernet VPN (TAP)
VPN Advanced Settings

Please check our website about
attractions in Western Switzerland !! (Please use english translation).

Merci de consulter notre site sur les
activités à faire en Suisse romande !!

OpenVPN - Preshared or static keys

The preshared keys OpenVPN mode is easier to implement than the SSL/TLS mode but with the following disadvantages:
- The shared secret is not renewed.
- The shared secret has be transported on the two peers.
- The VPN peers are not authenticated.

You can create a preshared key very easily with OpenVPN on any platform. Once you have created a preshared key, you have to copy it onto the other OpenVPN peer.
You should transmit it only via a secure media like SSH or physically with a floppy disk or an USB key.

To create a key, proceed as follows:

On Linux:

##openvpn --genkey --secret /home/user/key.txt

On Windows:

openmaniak generate a static openvpn key

Let's open the key file we have just created:

openmaniak openvpn static key

The OpenVPN key is composed by hexadecimal characters and divided into four parts.

The first part is used as a key to cipher the data, the second for the hash algorithm key. By default the key to cipher and decipher the data are similar, the principle being the same for the Hash algorithm.
The third and fourth part of the OpenVPN key is used in case you want different cipher (1st part) and decipher (3rd part) keys and different keys to hash the outgoing (2nd part) or incoming (4th part) data.

Do not confuse the OpenVPN key which is composed of 512 hexadecimal characters with the keys used by the cipher and hash function algorithm to secure the OpenVPN tunnel which are composed by hexadecimal characters inside the OpenVPN key.

By default, the blowfish encryption algorithm is used with a 128 bits keys (cipher and decipher), 160 bits being used for the hash algorithm (outgoing and incoming data).
Each hexadecimal character represents 4 bits of the key meaning, that 128 and 160 bits will represent respectively (128/4) 32 and (160/4) 40 hexadecimal characters.

In our example (default setting), the hexadecimal characters used for the keys are displayed in the red squares above.
The characters not used for the keys can be different on the two OpenVPN key files.

If you want to finish your OpenVPN configuration go on with the OpenManiak OpenVPN configuration tutorial.

Examples with OpenVPN in preshared keys can be found in the case studies.