Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
VPN Sovereignty Fundamentals
- Reasons why commercial VPNs log metadata and comply with legal requests.
- OpenVPN: A mature, feature-rich protocol offering TAP/TUN flexibility.
- WireGuard: A modern, minimal protocol with high-performance cryptography.
- Selecting the appropriate protocol for your specific threat model.
OpenVPN Deployment
- Installing OpenVPN with Easy-RSA PKI.
- Server configuration: cipher, HMAC, TLS-auth, and topology.
- Generation and distribution of client configurations.
- Management of revocation and CRL.
WireGuard Deployment
- Installation of the kernel module and WireGuard-tools.
- Key generation and peer configuration.
- Utilization of wg-quick and systemd unit management.
- Configuration of road warrior and site-to-site mesh topologies.
Authentication and Authorization
- Certificate-based authentication with OpenVPN.
- Integration of LDAP and RADIUS backends.
- Implementation of two-factor authentication using TOTP plugins.
- Configuration of access control lists and per-user IP allocation.
Routing and Network Design
- Understanding full tunnel vs split tunnel routing.
- Configuration of push routes, DNS, and WINS.
- Implementation of NAT and masquerading for egress traffic.
- Management of Multi-WAN and policy-based routing.
Performance and Scaling
- Comparison of throughput benchmarks between WireGuard and OpenVPN.
- Optimization for multi-core processors and kernel bypass.
- Implementation of load balancing across multiple VPN servers.
- Strategies for DDoS protection and connection rate limiting.
Monitoring and Maintenance
- Management of connection logging and bandwidth accounting.
- Integration of Syslog and Prometheus exporter.
- Automation of certificate renewal and expiration alerts.
- Establishment of disaster recovery and configuration backup procedures.
Requirements
- Intermediate knowledge of Linux networking and firewall administration.
- Understanding of PKI, certificates, and encryption protocols.
- Familiarity with routing, NAT, and IP forwarding.
Target Audience
- Network administrators looking to replace commercial VPN services.
- Remote work teams requiring sovereign, secure access.
- Organizations located in regions with VPN blocking or surveillance.
14 Hours
Testimonials (2)
How trainer deliver knowledge so effectively
Vu Thoai Le - Reply Polska sp. z o. o.
Course - Certified Kubernetes Administrator (CKA) - exam preparation
Interesting labs, help from trainer
