You can use a pre-shared key (also called a shared secret or PSK) to authenticate the Cloud VPN tunnel to your peer VPN gateway. As a security best practice, we recommend that you generate a strong 32-character pre-shared key.
For more information about Cloud VPN, see the Cloud VPN overview.
For definitions of terms used on this page, see Key terms.
Generated for you
Your browser generates the following random string by using the
Crypto.getRandomValues, and is base64-encoded to create a 32-character
By using this snippet, the private key stays securely in your browser. If you want to generate it on your own system, use one of the generation methods listed in the next section.
To generate a new random pre-shared key, click the Regenerate button.
Use the following methods to generate a strong 32-character pre-shared key.
On a Linux or macOS system, run the following OpenSSL command:
openssl rand -base64 24
On a Linux or macOS system, you can also use
/dev/urandom as a pseudorandom
source to generate a pre-shared key:
On Linux or macOS, send the random input to
head -c 24 /dev/urandom | base64
Pass the random input through a hashing function, such as
head -c 4096 /dev/urandom | sha256sum | cut -b1-32
head -c 4096 /dev/urandom | openssl sha256 | cut -b1-32
The following code creates an array of 24 random bytes, and then base64 encodes those bytes to produce a random 32-character string:
var a = new Uint8Array(24); window.crypto.getRandomValues(a); console.log(btoa(String.fromCharCode.apply(null, a)));
- To use high-availability and high-throughput scenarios or multiple subnet scenarios, see Advanced configurations.
- To help you solve common issues that you might encounter when using Cloud VPN, see Troubleshooting.