PPKs

Quantum computers pose a potential challenge to current cryptographic algorithms, such as those used in IKEv2 VPN. Current algorithms are considered to be very robust, but the challenge is that an attacker can record encrypted data today and decrypt it using quantum computers in the future.

The RFC 8784 "Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security" offers a way to resist quantum computers when passwords (PSKs) are used. The extension works by "mixing" the standard IKEv2 password key (PSK) with another key in the form of a Post-quantum Preshared Key (PPK) to increase resistance.

Existing IKEv2 PSK tunnels can easily be supplemented with PPKs. The PPK is independent of the existing PSK.

LCOS supports manual configuration of PPKs. Automatic procedures for changing PPKs are not supported.

This table is used to configure the PPKs.