cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Ni_c
Nickel

Shared Secret in clear text

Hi there,

is there a way that we can see shared secret key in clear text for site to site VPN in R80.10 management server?

Regards,

Nagarjuna 

0 Kudos
12 Replies
Danny
Pearl

Re: Shared Secret in clear text

Of Course. In R80.10, simply click 'IPsec VPN > Edit secrets' > Edit > Set / View your secret.

Ni_c
Nickel

Re: Shared Secret in clear text

Can you tell me how it is. I know in previous versions if we click on the shared secret it will show the key in clear text. But this is not working in R80.10

0 Kudos
Chris_Hoff
Nickel

Re: Shared Secret in clear text

Are you trying to edit it within the VPN community? If you look above, Danny is editing the Shared Secret within the Gateway. Try that if you have not already. 

0 Kudos
Ni_c
Nickel

Re: Shared Secret in clear text

Thanks Danny, But apparently this is only for traditional mode VPN's.

0 Kudos
Danny
Pearl

Re: Shared Secret in clear text

You just asked for a way to see shared secrets within R80.10. This is a way.

0 Kudos
Admin
Admin

Re: Shared Secret in clear text

We removed the ability to see the shared secret in SmartDashboard/SmartConsole sometime in the R65 timeframe.

0 Kudos
Danny
Pearl

Re: Shared Secret in clear text

Um, no. See my screen shot above.

0 Kudos

Re: Shared Secret in clear text

Maybe it came back in R80.10 but it certainly is unreadable in R77.30

Regards, Maarten
0 Kudos

Re: Shared Secret in clear text

When not using traditional mode, then Danny's guide does not give results neither in R80.10 and R77.30. Several versions back it was possible to see the pre-shared secret and it was damn convenient Smiley Happy

0 Kudos

Re: Shared Secret in clear text

Hi Nagarjuna,

Did you ever find a solution to this?

Thanks,

Don

0 Kudos
Ni_c
Nickel

Re: Shared Secret in clear text

Hi Don,

It is only possible for traditional mode VPN’s in R80.10

0 Kudos
Dale_Lobb
Nickel

Re: Shared Secret in clear text

This may not be useful to you, depending on your particular situation, but I recently (last year) had to recover some shared secrets for VPNs that had been around for a very long time.  I was able to do so because I still had (on my R77.30 management system,) some database revisions dating back prior to the advent of R67. 

I extracted a policy revision made under R62 (its just a tarball).  I obtained the R62 installation ISO from a checkpoint partner and installed it into a VMWare VM using "Other 2.4.x kernel Linux, 32 bit" as the OS specification.  I then overwrote the R62 installation with the extracted tarball files from the R62 policy DB revision.  Then started up via cpstart.

I was able to access the policy of the VM using R62 Dashboard and extract the ancient shared secrets which now safely reside in an encrypted password vault.

Obviously, the stars all aligned exactly to make this work for me, but who knows, maybe you still have an old backup or DB revision or migrate export from prior to R67?

0 Kudos