Configure a Preshared Key
Applies To: Windows Server 2008, Windows Server 2012
You can use a preshared key instead of a digital certificate for L2TP/IPsec authentication of your VPN clients that are running Windows Vista, Windows Server 2008, Windows XP, or Windows Server 2003. Preshared keys do not require a public key infrastructure (PKI) for deployment, but they are a relatively weak authentication method. You can increase the security of your preshared key deployment by encrypting the preshared key with a personal identification number (PIN), which your users must enter before the connection profile can install.
| Setting | Description |
|---|---|
Type preshared key |
Specifies the encryption key that both the server and client use to begin their L2TP/IPsec session. The string must be at least eight characters long, and no longer than 256 characters. You must get the key from the administrator of the VPN server. It is recommended that you use a very long key, and that you encrypt it by using the PIN option below. |
Encrypt the preshared key using a PIN |
Specifies that the preshared key is itself encrypted in the connection profile, and that the connection profile can only be installed by entering the supplied PIN. The PIN can be alphanumeric characters, must be at least 4 characters long, and must be no longer than 15 characters long. Enter the same characters in both text boxes. |
After you place a key in the connection profile and navigate to a different page, the key is no longer displayable. To change the key used in a profile, click Replace Key, and then enter the new key in the Type preshared key text box.
For more information about using preshared keys, see https://go.microsoft.com/fwlink/?LinkId=80954 on the Microsoft Web site.