Solved

What is native VPN for RedHad Enterprise Linux and CentOS?

Posted on 2016-08-30
6
140 Views
Last Modified: 2016-09-07
I want to configure my own VPN server in the cloud.
I wanted to use OpenVPN, but I see that it is located in extra packages for enterprise linux repository. As I know packages from extra repositories might be less secure and with bugs.

Is there any alternative for OpenVPN in RedHat Enterprise Linux in native repositories?
0
Comment
Question by:Taras Shumylo
6 Comments
 
LVL 68

Expert Comment

by:Qlemo
ID: 41777619
You should not have to fear using OpenVPN. If it were unsecure, others would have told (and fixed) that already.
0
 

Author Comment

by:Taras Shumylo
ID: 41777621
But can you tell me why they put it in Extra packages? What's the catch?
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 41777632
Usually that is because the publisher of the editions do not want to be hold responsible in any way for such packages.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 37

Accepted Solution

by:
Gerwin Jansen earned 250 total points
ID: 41777634
IPsec, implemented by Libreswan, is the only VPN technology recommend for use in Red Hat Enterprise Linux 7. Do not use any other VPN technology without understanding the risks of doing so.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
0
 
LVL 61

Expert Comment

by:gheist
ID: 41777663
EPEL is not RedHat product, it is part of Fedora project (with many developers on RedHat's payroll)
0
 
LVL 40

Assisted Solution

by:noci
noci earned 250 total points
ID: 41777860
tbh. IPSEC is the only one that lets connections behave as Pure IP links.
(All aspects of the IP datagrams and expectancies w.r.t. upper layers is guaranteed.)
the header grows with a sessionID and selector.

With OpenVPN you will get more overhead a few bytes for OpenVPN (comparable to IPSEC) + complete UDP or TCP header. If using OpenVPN over TCP (or TLS) then UDP (inside) will not behave as regular UDP. OpenVPN over UDP more or less behaves as IP datagrams, but might get lost sooner then IP datagrams.

But beware any tunneling protocol has it's caveats as well....
Use AES as minimal encryption. (3DES is not safe anymore, and also blowfish has a collision problem)
Require DH 2 or better DH5 for key negotiation
and at least SHA-1 as checksum but also preferably better.
(MD5 - 3DES is definitely a Bad Thing (tm)).
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OpenVPN Access Server in EC2 Connectivity Issues 1 28
Error Message during CentOS 7 Minimal Install 3 33
how to rebuild XFS volume from LV 19 28
Linux VM 6 18
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now