Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

What is native VPN for RedHad Enterprise Linux and CentOS?

Posted on 2016-08-30
6
Medium Priority
?
222 Views
Last Modified: 2016-09-07
I want to configure my own VPN server in the cloud.
I wanted to use OpenVPN, but I see that it is located in extra packages for enterprise linux repository. As I know packages from extra repositories might be less secure and with bugs.

Is there any alternative for OpenVPN in RedHat Enterprise Linux in native repositories?
0
Comment
Question by:Taras Shumylo
6 Comments
 
LVL 71

Expert Comment

by:Qlemo
ID: 41777619
You should not have to fear using OpenVPN. If it were unsecure, others would have told (and fixed) that already.
0
 

Author Comment

by:Taras Shumylo
ID: 41777621
But can you tell me why they put it in Extra packages? What's the catch?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41777632
Usually that is because the publisher of the editions do not want to be hold responsible in any way for such packages.
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 38

Accepted Solution

by:
Gerwin Jansen, EE MVE earned 1000 total points
ID: 41777634
IPsec, implemented by Libreswan, is the only VPN technology recommend for use in Red Hat Enterprise Linux 7. Do not use any other VPN technology without understanding the risks of doing so.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
0
 
LVL 62

Expert Comment

by:gheist
ID: 41777663
EPEL is not RedHat product, it is part of Fedora project (with many developers on RedHat's payroll)
0
 
LVL 40

Assisted Solution

by:noci
noci earned 1000 total points
ID: 41777860
tbh. IPSEC is the only one that lets connections behave as Pure IP links.
(All aspects of the IP datagrams and expectancies w.r.t. upper layers is guaranteed.)
the header grows with a sessionID and selector.

With OpenVPN you will get more overhead a few bytes for OpenVPN (comparable to IPSEC) + complete UDP or TCP header. If using OpenVPN over TCP (or TLS) then UDP (inside) will not behave as regular UDP. OpenVPN over UDP more or less behaves as IP datagrams, but might get lost sooner then IP datagrams.

But beware any tunneling protocol has it's caveats as well....
Use AES as minimal encryption. (3DES is not safe anymore, and also blowfish has a collision problem)
Require DH 2 or better DH5 for key negotiation
and at least SHA-1 as checksum but also preferably better.
(MD5 - 3DES is definitely a Bad Thing (tm)).
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question