What is native VPN for RedHad Enterprise Linux and CentOS?

I want to configure my own VPN server in the cloud.
I wanted to use OpenVPN, but I see that it is located in extra packages for enterprise linux repository. As I know packages from extra repositories might be less secure and with bugs.

Is there any alternative for OpenVPN in RedHat Enterprise Linux in native repositories?
Taras ShumyloAsked:
Who is Participating?
 
Gerwin Jansen, EE MVEConnect With a Mentor Topic Advisor Commented:
IPsec, implemented by Libreswan, is the only VPN technology recommend for use in Red Hat Enterprise Linux 7. Do not use any other VPN technology without understanding the risks of doing so.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html
0
 
QlemoBatchelor and DeveloperCommented:
You should not have to fear using OpenVPN. If it were unsecure, others would have told (and fixed) that already.
0
 
Taras ShumyloAuthor Commented:
But can you tell me why they put it in Extra packages? What's the catch?
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
QlemoBatchelor and DeveloperCommented:
Usually that is because the publisher of the editions do not want to be hold responsible in any way for such packages.
0
 
gheistCommented:
EPEL is not RedHat product, it is part of Fedora project (with many developers on RedHat's payroll)
0
 
nociConnect With a Mentor Software EngineerCommented:
tbh. IPSEC is the only one that lets connections behave as Pure IP links.
(All aspects of the IP datagrams and expectancies w.r.t. upper layers is guaranteed.)
the header grows with a sessionID and selector.

With OpenVPN you will get more overhead a few bytes for OpenVPN (comparable to IPSEC) + complete UDP or TCP header. If using OpenVPN over TCP (or TLS) then UDP (inside) will not behave as regular UDP. OpenVPN over UDP more or less behaves as IP datagrams, but might get lost sooner then IP datagrams.

But beware any tunneling protocol has it's caveats as well....
Use AES as minimal encryption. (3DES is not safe anymore, and also blowfish has a collision problem)
Require DH 2 or better DH5 for key negotiation
and at least SHA-1 as checksum but also preferably better.
(MD5 - 3DES is definitely a Bad Thing (tm)).
0
All Courses

From novice to tech pro — start learning today.