I have PepVPN in star topology when it is managed by InControl2, and there are a few things I’d love to learn how they work:
Pre-shared keys - when i configured the Profile and selected the AES256 there is no place to enter custom PSK, i read in the forum that there is an option to generate new PSK under advance link configuration but no why to put in yourself a new one.
Continuing with the previous section is there any option to use Certificate instead PSK?
if yes please explain how.
1: No, IC2 handles key management in these cases, generating unique key pairs for each connection between devices. Manual key entry is possible via either firmware configuration or adding the remote device as an ‘unmanaged device’ when selecting devices.
2: We had x.509 certificate handling 5+ years ago and found the feature was never used by IC2 users, so support was removed. If you require this for business/legal purposes, please create a feature request and we can revisit it.
First thanks for your answer.
Second i would like to know how often does the IC2 generating and exchange keys between the pairs, and if there is any option to change the values.
In cases where you have a need to update the handshake key, you can choose to manually trigger a rekey from the advanced link settings that you mentioned in the first post.
