# vpn key-exchange

## Syntax

```
vpn key-exchange <host> <secret>
```

## Syntax Description

<table><thead><tr><th width="203">Keyword</th><th>Description</th></tr></thead><tbody><tr><td>host</td><td>The name or IP address of the remote Island running the IslandExpress service.</td></tr><tr><td>secret</td><td>The shared secret configured with the <a href="/pages/fYQmMoMDm65EPrWAkole">vpn server secret</a> command on the remote Island.</td></tr></tbody></table>

## Defaults

None; all parameters must be specified.

## Usage Guidelines

Island supports an extention to the standard WireGuard protocol called IslandExpress that simplifies configuration of an Island-to-Island VPN. To use IslandExpress, one Island (typically the "hub" or "central" Island to which one or more remote Islands will be connecting) will configure and enable the IslandExpress service using the [vpn server](/island-router-cli-2.3.2/commands/vpn-server.md) commands, including a shared secret phrase.

Once IslandExpress has been configured on an Island, other Islands can establish a VPN to it using only the [vpn key-exchange](/island-router-cli-2.3.2/commands/vpn-key-exchange.md) command. Note that the IslandExpress service does not need to be configured on the Island on which the [vpn key-exchange](/island-router-cli-2.3.2/commands/vpn-key-exchange.md) command is run.

By default, a VPN created using the [vpn key-exchange](/island-router-cli-2.3.2/commands/vpn-key-exchange.md) command will be assigned a local IP address from a pool on the IslandExpress server to which it connects, and the IP address for traffic sent over the VPN will be translated to this address using NAT. However, once the VPN has been created, it can be modified as desired using the desired [vpn peer](/island-router-cli-2.3.2/commands/vpn-peer.md) commands.

A VPN created with this command will not be immediately available if the auto-trust option is enabled on the other Island. Refer to the [vpn server auto-trust](/island-router-cli-2.3.2/commands/vpn-server/vpn-server-auto-trust.md) command for more information.

## Examples

```
vpn key-exchange 198.51.100.28 mysecretpassword
```

## Related Commands

{% content-ref url="/pages/04CMOWdR0FTt4QxQ7pzD" %}
[vpn peer](/island-router-cli-2.3.2/commands/vpn-peer.md)
{% endcontent-ref %}

{% content-ref url="/pages/ZPVPrBGRPUnuTO1qawbS" %}
[vpn server](/island-router-cli-2.3.2/commands/vpn-server.md)
{% endcontent-ref %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.islandrouter.com/island-router-cli-2.3.2/commands/vpn-key-exchange.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.