- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Shared Secret in clear text
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Shared Secret in clear text
Hi there,
is there a way that we can see shared secret key in clear text for site to site VPN in R80.10 management server?
Regards,
Nagarjuna
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Of Course. In R80.10, simply click 'IPsec VPN > Edit secrets' > Edit > Set / View your secret.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you tell me how it is. I know in previous versions if we click on the shared secret it will show the key in clear text. But this is not working in R80.10
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you trying to edit it within the VPN community? If you look above, Danny is editing the Shared Secret within the Gateway. Try that if you have not already.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Danny, But apparently this is only for traditional mode VPN's.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You just asked for a way to see shared secrets within R80.10. This is a way.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like this is gone in 81.10.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We removed the ability to see the shared secret in SmartDashboard/SmartConsole sometime in the R65 timeframe.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Um, no. See my screen shot above.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe it came back in R80.10 but it certainly is unreadable in R77.30
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When not using traditional mode, then Danny's guide does not give results neither in R80.10 and R77.30. Several versions back it was possible to see the pre-shared secret and it was damn convenient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Nagarjuna,
Did you ever find a solution to this?
Thanks,
Don
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Don,
It is only possible for traditional mode VPN’s in R80.10
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This may not be useful to you, depending on your particular situation, but I recently (last year) had to recover some shared secrets for VPNs that had been around for a very long time. I was able to do so because I still had (on my R77.30 management system,) some database revisions dating back prior to the advent of R67.
I extracted a policy revision made under R62 (its just a tarball). I obtained the R62 installation ISO from a checkpoint partner and installed it into a VMWare VM using "Other 2.4.x kernel Linux, 32 bit" as the OS specification. I then overwrote the R62 installation with the extracted tarball files from the R62 policy DB revision. Then started up via cpstart.
I was able to access the policy of the VM using R62 Dashboard and extract the ancient shared secrets which now safely reside in an encrypted password vault.
Obviously, the stars all aligned exactly to make this work for me, but who knows, maybe you still have an old backup or DB revision or migrate export from prior to R67?
