Solved

What is native VPN for RedHad Enterprise Linux and CentOS?

Posted on 2016-08-30
6
170 Views
Last Modified: 2016-09-07
I want to configure my own VPN server in the cloud.
I wanted to use OpenVPN, but I see that it is located in extra packages for enterprise linux repository. As I know packages from extra repositories might be less secure and with bugs.

Is there any alternative for OpenVPN in RedHat Enterprise Linux in native repositories?
0
Comment
Question by:Taras Shumylo
6 Comments
 
LVL 69

Expert Comment

by:Qlemo
ID: 41777619
You should not have to fear using OpenVPN. If it were unsecure, others would have told (and fixed) that already.
0
 

Author Comment

by:Taras Shumylo
ID: 41777621
But can you tell me why they put it in Extra packages? What's the catch?
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 41777632
Usually that is because the publisher of the editions do not want to be hold responsible in any way for such packages.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 38

Accepted Solution

by:
Gerwin Jansen, EE MVE earned 250 total points
ID: 41777634
IPsec, implemented by Libreswan, is the only VPN technology recommend for use in Red Hat Enterprise Linux 7. Do not use any other VPN technology without understanding the risks of doing so.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
0
 
LVL 62

Expert Comment

by:gheist
ID: 41777663
EPEL is not RedHat product, it is part of Fedora project (with many developers on RedHat's payroll)
0
 
LVL 40

Assisted Solution

by:noci
noci earned 250 total points
ID: 41777860
tbh. IPSEC is the only one that lets connections behave as Pure IP links.
(All aspects of the IP datagrams and expectancies w.r.t. upper layers is guaranteed.)
the header grows with a sessionID and selector.

With OpenVPN you will get more overhead a few bytes for OpenVPN (comparable to IPSEC) + complete UDP or TCP header. If using OpenVPN over TCP (or TLS) then UDP (inside) will not behave as regular UDP. OpenVPN over UDP more or less behaves as IP datagrams, but might get lost sooner then IP datagrams.

But beware any tunneling protocol has it's caveats as well....
Use AES as minimal encryption. (3DES is not safe anymore, and also blowfish has a collision problem)
Require DH 2 or better DH5 for key negotiation
and at least SHA-1 as checksum but also preferably better.
(MD5 - 3DES is definitely a Bad Thing (tm)).
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question