-1

Trying to learn more about strongSwan and IPsec tunnels, I had set up a basic (and local) site-to-site IPsec tunnel between 2 machines running pfSense.

While studying the ipsec.secrets file (/var/etc/ipsec/ipsec.secrets), I have noticed that the basic (and not secure!) pre-shared key (PSK) 'vpn' has been converted to '0sdnBu'. Does anyone know what hash this could be? Feels like it could be relevant if I would like to create a tunnel between pfSense and another kind of system running strongSwan.

Oleg
  • 163
  • 10
  • Stackoverflow is for [programming questions](https://stackoverflow.com/help/on-topic). Questions about **general computing hardware and software** are off-topic for Stack Overflow unless they directly involve tools used primarily for programming. You may be able to get help on [Super User](https://superuser.com/about). – President James K. Polk Apr 30 '18 at 20:41

1 Answers1

0

That's just a Base64-encoding of the PSK. The 0s prefix indicates this to strongSwan and the rest of the value is parsed as binary value accordingly:

$ echo -n 'vpn' | base64
dnBu
$ echo -n 'dnBu' | base64 -d
vpn

Similarly, the 0x prefix would allow passing shared secrets in hex-encoding (e.g. vpn would then be 0x76706e).

pfSense probably encodes the shared secret in Base64 to avoid issues with special characters (or character sets) when users configure this via the Web UI.

ecdsa
  • 542
  • 3
  • 12