Using pre-shared key (PSK) is where OpenVPN started. The static key how-to on the OpenVPN website is often the first place aspiring VPN administrators begin. Problems with PSKs are relatively easy to identify as the VPN will simply fail to operate.

There are two scenarios where PSKs are used, in a static key point-to-point VPN and with the --tls-auth directive in the more commonly deployed client-server topology. This section will specifically cover the prior, static key, scenario. The latter, the --tls-auth scenario, is specifically covered in depth in Chapter 7, Network and Routing. The advice listed there equally applies to VPNs using PSKs for the data channel, as well. Pay close attention to --key-direction, if used.