Use this dialog box to configure authentication settings for virtual private networks (VPNs) used for demand-dial connections between RRAS routers.

Dialog box element Description

Use preshared key for authentication

This method uses a secret set of characters (the key) that has been agreed upon by two users.

Security Note
  • We recommend that you do not use preshared key authentication because it is a relatively weak authentication method. Preshared key authentication creates a master key that is less secure (that might produce a weaker form of encryption) than certificates. In addition, preshared keys are stored in plaintext in the registry. In Active Directory Domain Services (AD DS), preshared keys are stored in readable hexadecimal format.
  • Preshared key authentication is provided for interoperability and to meet Internet Protocol security (IPsec) standards. We recommend that you use certificates in a production environment instead and use preshared keys for testing only.


Type the preshared key. This option is available only if the Use preshared key for authentication check box is selected.

Use certificate for authentication

This method uses a certificate issued by a specified certification authority (CA).

Verify the Name and Usage attributes of the server's certificate

Specifies whether the server verifies the validity of the certificate used for Internet Key Exchange (IKE) with the CA certificate the server has in its certificate store.