Solved

What is native VPN for RedHad Enterprise Linux and CentOS?

Posted on 2016-08-30
6
107 Views
Last Modified: 2016-09-07
I want to configure my own VPN server in the cloud.
I wanted to use OpenVPN, but I see that it is located in extra packages for enterprise linux repository. As I know packages from extra repositories might be less secure and with bugs.

Is there any alternative for OpenVPN in RedHat Enterprise Linux in native repositories?
0
Comment
Question by:Taras Shumylo
6 Comments
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
You should not have to fear using OpenVPN. If it were unsecure, others would have told (and fixed) that already.
0
 

Author Comment

by:Taras Shumylo
Comment Utility
But can you tell me why they put it in Extra packages? What's the catch?
0
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
Usually that is because the publisher of the editions do not want to be hold responsible in any way for such packages.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 37

Accepted Solution

by:
Gerwin Jansen earned 250 total points
Comment Utility
IPsec, implemented by Libreswan, is the only VPN technology recommend for use in Red Hat Enterprise Linux 7. Do not use any other VPN technology without understanding the risks of doing so.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
EPEL is not RedHat product, it is part of Fedora project (with many developers on RedHat's payroll)
0
 
LVL 39

Assisted Solution

by:noci
noci earned 250 total points
Comment Utility
tbh. IPSEC is the only one that lets connections behave as Pure IP links.
(All aspects of the IP datagrams and expectancies w.r.t. upper layers is guaranteed.)
the header grows with a sessionID and selector.

With OpenVPN you will get more overhead a few bytes for OpenVPN (comparable to IPSEC) + complete UDP or TCP header. If using OpenVPN over TCP (or TLS) then UDP (inside) will not behave as regular UDP. OpenVPN over UDP more or less behaves as IP datagrams, but might get lost sooner then IP datagrams.

But beware any tunneling protocol has it's caveats as well....
Use AES as minimal encryption. (3DES is not safe anymore, and also blowfish has a collision problem)
Require DH 2 or better DH5 for key negotiation
and at least SHA-1 as checksum but also preferably better.
(MD5 - 3DES is definitely a Bad Thing (tm)).
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
MOVING OFFICE / SERVER 22 71
Kali Linux store / persist wireless password 3 20
Windows 10 VPN? 6 40
ethernet cat5e lenght 80m 9 32
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now