Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
VPN Sovereignty Fundamentals
- The reasons behind commercial VPNs logging metadata and complying with legal requests.
- OpenVPN: A mature, feature-rich protocol offering TAP/TUN flexibility.
- WireGuard: A modern, minimalistic protocol with high-performance cryptography.
- Selecting the appropriate protocol for your specific threat model.
OpenVPN Deployment
- Installing OpenVPN along with Easy-RSA PKI.
- Server configuration: cipher, HMAC, TLS-auth, and topology.
- Generation and distribution of client configurations.
- Revocation and CRL management.
WireGuard Deployment
- Installation of the kernel module and WireGuard-tools.
- Key generation and peer configuration.
- Management of wg-quick and systemd units.
- Implementing road warrior and site-to-site mesh topologies.
Authentication and Authorization
- Certificate-based authentication with OpenVPN.
- Integration with LDAP and RADIUS backends.
- Two-factor authentication using TOTP plugins.
- Access control lists and per-user IP allocation.
Routing and Network Design
- Routing strategies for full tunnel versus split tunnel.
- Configuration of push routes, DNS, and WINS.
- NAT and masquerading for egress traffic.
- Multi-WAN and policy-based routing.
Performance and Scaling
- Throughput benchmarks comparing WireGuard and OpenVPN.
- Multi-core optimization and kernel bypass techniques.
- Load balancing across multiple VPN servers.
- DDoS protection and connection rate limiting.
Monitoring and Maintenance
- Connection logging and bandwidth accounting.
- Integration of Syslog and Prometheus exporters.
- Automated certificate renewal and expiration alerts.
- Disaster recovery strategies and configuration backups.
Requirements
- Intermediate knowledge of Linux networking and firewall administration.
- Understanding of PKI, certificates, and encryption protocols.
- Familiarity with routing, NAT, and IP forwarding.
Audience
- Network administrators seeking to replace commercial VPN services.
- Remote work teams requiring sovereign and secure access.
- Organizations situated in regions subject to VPN blocking or surveillance.
14 Hours
Testimonials (2)
How trainer deliver knowledge so effectively
Vu Thoai Le - Reply Polska sp. z o. o.
Course - Certified Kubernetes Administrator (CKA) - exam preparation
Interesting labs, help from trainer
