diff --git a/conf/config.go b/conf/config.go
index 38c48e4..c90a5a9 100644
--- a/conf/config.go
+++ b/conf/config.go
@@ -5,6 +5,7 @@ import "sync"
 type Config struct {
 	Name            string
 	Hostname        string
+	PSKPath         string
 	PublicKeyPath   string
 	PrivateKeyPath  string
 	DHTEndpointPort int64
diff --git a/infrastructure/crypto.go b/infrastructure/crypto.go
index c17d093..d2c67ef 100644
--- a/infrastructure/crypto.go
+++ b/infrastructure/crypto.go
@@ -1,11 +1,13 @@
 package infrastructure
 
 import (
+	"bytes"
 	"fmt"
 	"oc-peer/conf"
 	"os"
 
 	"github.com/libp2p/go-libp2p/core/crypto"
+	"github.com/libp2p/go-libp2p/core/pnet"
 )
 
 func sign(priv crypto.PrivKey, data []byte) ([]byte, error) {
@@ -47,3 +49,18 @@ func VerifyPubWithPriv() bool {
 	}
 	return priv.GetPublic().Equals(pub)
 }
+
+func LoadPSKFromFile() (pnet.PSK, error) {
+	path := conf.GetConfig().PSKPath
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return nil, err
+	}
+
+	// Try to unmarshal as libp2p private key (supports ed25519, rsa, etc.)
+	psk, err := pnet.DecodeV1PSK(bytes.NewReader(data))
+	if err != nil {
+		return nil, err
+	}
+	return psk, nil
+}
diff --git a/infrastructure/dht.go b/infrastructure/dht.go
index 32633d1..e73d847 100644
--- a/infrastructure/dht.go
+++ b/infrastructure/dht.go
@@ -55,7 +55,12 @@ func Init(ctx context.Context) (*DHTService, error) {
 	if err != nil {
 		return nil, err
 	}
+	psk, err := LoadPSKFromFile()
+	if err != nil {
+		return nil, err
+	}
 	h, err := libp2p.New(
+		libp2p.PrivateNetwork(psk),
 		libp2p.Identity(priv),
 		libp2p.ListenAddrStrings(
 			fmt.Sprintf("/ip4/0.0.0.0/tcp/%d", conf.GetConfig().DHTEndpointPort),
diff --git a/main.go b/main.go
index 3ee559c..8918d60 100644
--- a/main.go
+++ b/main.go
@@ -29,12 +29,12 @@ func main() {
 		o.GetStringDefault("LOKI_URL", ""),
 		o.GetStringDefault("LOG_LEVEL", "info"),
 	)
-
 	conf.GetConfig().Name = o.GetStringDefault("NAME", "local")
 	conf.GetConfig().Hostname = o.GetStringDefault("HOSTNAME", "http://localhost")
-	conf.GetConfig().PublicKeyPath = o.GetStringDefault("PUBLIC_KEY_PATH", "./pem/public.pem")
-	conf.GetConfig().PrivateKeyPath = o.GetStringDefault("PRIVATE_KEY_PATH", "./pem/private.pem")
-	conf.GetConfig().DHTEndpointPort = o.GetInt64Default("DHT_ENDPOINT_PORT", 80)
+	conf.GetConfig().PSKPath = o.GetStringDefault("PSK_PATH", "./psk/psk")
+	conf.GetConfig().PublicKeyPath = o.GetStringDefault("PEER_PUBLIC_KEY_PATH", "./pem/public.pem")
+	conf.GetConfig().PrivateKeyPath = o.GetStringDefault("PEER_PRIVATE_KEY_PATH", "./pem/private.pem")
+	conf.GetConfig().DHTEndpointPort = o.GetInt64Default("DHT_ENDPOINT_PORT", 4001)
 	// Beego init
 	beego.BConfig.AppName = appname
 	beego.BConfig.Listen.HTTPPort = o.GetIntDefault("port", 8080)