Solved: Edit Pre-Shared Key for IPsec VPN tunnel

Scumstachio · 11-07-2022 01:18 AM

I replaced a Firewall on one of our sites and need to set a new pre-shared key for the existing connection to bring the tunnel back up. I can't seem to find a way to edit the existing tunnels.

alexmoore

To update the pre-shared key, simply delete the old tunnel and re-create it with the new key.

Hope that helps,

Alex

View solution in original post

alexmoore

To update the pre-shared key, simply delete the old tunnel and re-create it with the new key.

Hope that helps,

Alex

sosonetwork

Hello, is there any other solution than deleting the tunnel to update its pre-shared key ? I'm facing this issue and I don't want to have network interruption as our GCP environment is in production. Thank you by advance 😊

sosonetwork

Tips for interested people

If your VPN configuration is active/active your two tunnels have the same route priority, which is 1000 by default (you can see it in your BGP session). To change the pre-shared key without cause network interruption, change the route priority of one tunnel with a lower value than the other tunnel to be in active/passive configuration. The tunnel with the lowest route priority will become passive so you can delete it and recreate it with a new PSK. During this time, the active tunnel will still running so you won't have interruption.

Tested and approved in production 😉