topic Re: Pre-Share Keys CMD CLISH in SASE and Remote Access

Pre-Share Keys CMD CLISH

jessica_stanson — Sun, 04 Mar 2018 14:33:18 GMT

Hi,

does anyone the CMD to see the vpn Pre-Share Keys in Checkpoint?

In Fortinet the PSK is saved in the config File like:

set remote-gw 77.56.199.43
set psksecret ENC Sqjxee+N3ZaTG2lL..........wa27N+XALaSxVQ==

Re: Pre-Share Keys CMD CLISH

PhoneBoy — Sun, 04 Mar 2018 17:40:21 GMT

As far as I know, no such command exists.

If you don't know what it is, you have to reset it, per this SK:

Is it possible to recover the VPN pre-shared secrets, if they are unknown?

Re: Pre-Share Keys CMD CLISH

jessica_stanson — Tue, 06 Mar 2018 08:55:46 GMT

Hi Dameon,

thanks for your reply.

Maybe in the active connections?

grep radius /config/active

....

aaa:auth_profile:base_radius_authprofile:radius_sr v:0:secret \ lDGLiWozsw==

.....

So instead of radius maybe vpn?

grep vpn /config/active

Finally i would search this in the CP Firewall with

find / -type f -not -path "/var/log" | xargs grep -i " lDGLiWozsw== " 2>&1 | grep -v "Permission denied"

Unfortunately, at the moment, i install a CP and i don"t have a finished CP Installation to

to see if this could find this key?

Re: Pre-Share Keys CMD CLISH

PhoneBoy — Tue, 06 Mar 2018 15:16:00 GMT

I can assure you the shared VPN key will NOT appear in /config/active as that contains OS config only, nothing related to firewall, VPN, or Threat Prevention.

Re: Pre-Share Keys CMD CLISH

G_W_Albrecht — Thu, 08 Mar 2018 08:07:37 GMT

As Dameon wrote, there is an sk about that - sk92561 Is it possible to recover the VPN pre-shared secrets, if they are unknown? In older (<R75.40) version dashboard, the PSK entry was unmasked and readable, but that has been changed for good! I assume that even using GuiDBedit to search a known PSK in the database would not yield any success... At least it should not .

Re: Pre-Share Keys CMD CLISH

thallam08 — Thu, 07 Nov 2019 03:46:51 GMT

The unencrypted pre-shared key is needed to establish the VPN. Therefor it must be stored somewhere on the CP FW in a reversible format.

The question is, where is it stored, and how is it decrypted?

Any claim that it cannot be recovered is just security by obscurity ....