Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Fundamentals of VPN Sovereignty
- Reasons why commercial VPNs log metadata and comply with legal requests.
- OpenVPN: a mature, feature-rich solution with TAP/TUN flexibility.
- WireGuard: a modern, minimal, high-performance cryptographic protocol.
- Selecting the appropriate protocol for your specific threat model.
Deploying OpenVPN
- Installing OpenVPN with Easy-RSA PKI.
- Server configuration: cipher, HMAC, TLS-auth, and topology.
- Generating and distributing client configurations.
- Revocation and CRL management.
Deploying WireGuard
- Installing the kernel module and WireGuard-tools.
- Generating keys and configuring peers.
- Managing wg-quick and systemd units.
- Implementing road warrior and site-to-site mesh topologies.
Authentication and Authorization
- Certificate-based authentication with OpenVPN.
- Integrating LDAP and RADIUS backends.
- Enabling two-factor authentication with TOTP plugins.
- Managing access control lists and per-user IP allocation.
Routing and Network Design
- Distinguishing between full tunnel and split tunnel routing.
- Configuring pushed routes, DNS, and WINS.
- Setting up NAT and masquerading for egress traffic.
- Implementing Multi-WAN and policy-based routing.
Performance and Scaling
- Comparing throughput benchmarks of WireGuard vs OpenVPN.
- Optimizing for multi-core systems and kernel bypass.
- Balancing loads across multiple VPN servers.
- Implementing DDoS protection and connection rate limiting.
Monitoring and Maintenance
- Logging connections and accounting for bandwidth usage.
- Integrating Syslog and Prometheus exporters.
- Automating certificate renewal and setting up expiration alerts.
- Planning disaster recovery and backing up configurations.
Requirements
- Intermediate knowledge of Linux networking and firewall administration.
- Understanding of PKI, certificates, and encryption protocols.
- Familiarity with routing, NAT, and IP forwarding.
Target Audience
- Network administrators looking to replace commercial VPN services.
- Remote work teams requiring sovereign secure access.
- Organizations located in regions with VPN blocking or surveillance.
14 Hours
Testimonials (2)
How trainer deliver knowledge so effectively
Vu Thoai Le - Reply Polska sp. z o. o.
Course - Certified Kubernetes Administrator (CKA) - exam preparation
Interesting labs, help from trainer
