Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Fundamentals of VPN Sovereignty
- Why commercial VPNs log metadata and comply with legal requests.
- OpenVPN: mature, feature-rich, offering TAP/TUN flexibility.
- WireGuard: modern, minimal, high-performance cryptography.
- Selecting the appropriate protocol for your threat model.
OpenVPN Deployment
- Installing OpenVPN with Easy-RSA PKI.
- Server configuration: cipher, HMAC, TLS-auth, and topology.
- Generating and distributing client configurations.
- Managing revocation and Certificate Revocation Lists (CRL).
WireGuard Deployment
- Installing the kernel module and WireGuard-tools.
- Generating keys and configuring peers.
- Using wg-quick and managing systemd units.
- Implementing road warrior and site-to-site mesh topologies.
Authentication and Authorisation
- Certificate-based authentication with OpenVPN.
- Integrating LDAP and RADIUS backends.
- Implementing two-factor authentication with TOTP plugins.
- Configuring access control lists and per-user IP allocation.
Routing and Network Design
- Routing strategies: full tunnel versus split tunnel.
- Configuring push routes, DNS, and WINS.
- Applying NAT and masquerading for egress traffic.
- Implementing multi-WAN and policy-based routing.
Performance and Scaling
- Comparing WireGuard and OpenVPN throughput benchmarks.
- Optimising for multi-core systems and kernel bypass.
- Load balancing across multiple VPN servers.
- Implementing DDoS protection and connection rate limiting.
Monitoring and Maintenance
- Logging connections and accounting for bandwidth usage.
- Integrating Syslog and Prometheus exporters.
- Automating certificate renewal and setting expiration alerts.
- Establishing disaster recovery plans and configuration backups.
Requirements
- Intermediate knowledge of Linux networking and firewall administration.
- Understanding of PKI, certificates, and encryption protocols.
- Familiarity with routing, NAT, and IP forwarding.
Target Audience
- Network administrators replacing commercial VPN services.
- Remote work teams requiring sovereign, secure access.
- Organisations operating in regions with VPN blocking or surveillance.
14 Hours
Testimonials (2)
How trainer deliver knowledge so effectively
Vu Thoai Le - Reply Polska sp. z o. o.
Course - Certified Kubernetes Administrator (CKA) - exam preparation
Interesting labs, help from trainer
