Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
Fundamentals of VPN Sovereignty
- Reasons why commercial VPNs log metadata and comply with legal requests.
- OpenVPN: a mature, feature-rich protocol with TAP/TUN flexibility.
- WireGuard: a modern, minimalistic protocol offering high-performance cryptography.
- Selecting the appropriate protocol for your specific threat model.
OpenVPN Deployment
- Installing OpenVPN alongside Easy-RSA for PKI.
- Server configuration: ciphers, HMAC, TLS-auth, and topology.
- Generation and distribution of client configurations.
- Managing revocations and Certificate Revocation Lists (CRL).
WireGuard Deployment
- Installing the kernel module and WireGuard tools.
- Generating keys and configuring peers.
- Utilizing wg-quick and systemd unit management.
- Implementing road warrior and site-to-site mesh topologies.
Authentication and Authorization
- Certificate-based authentication using OpenVPN.
- Integrating LDAP and RADIUS backends.
- Enabling two-factor authentication via TOTP plugins.
- Managing access control lists and per-user IP allocation.
Routing and Network Architecture
- Distinguishing between full tunnel and split tunnel routing.
- Configuring pushed routes, DNS, and WINS.
- Implementing NAT and masquerading for egress traffic.
- Managing multi-WAN and policy-based routing.
Performance and Scalability
- Comparing throughput benchmarks between WireGuard and OpenVPN.
- Optimizing for multi-core systems and kernel bypass.
- Implementing load balancing across multiple VPN servers.
- Applying DDoS protection and connection rate limiting.
Monitoring and Maintenance
- Tracking connection logs and bandwidth accounting.
- Integrating Syslog and Prometheus exporters.
- Automating certificate renewal and setting expiration alerts.
- Planning disaster recovery and performing configuration backups.
Requirements
- Intermediate knowledge of Linux networking and firewall administration.
- Understanding of PKI, certificates, and encryption protocols.
- Familiarity with routing, NAT, and IP forwarding.
Target Audience
- Network administrators transitioning from commercial VPN services.
- Remote work teams requiring sovereign and secure access.
- Organizations operating in regions subject to VPN blocking or surveillance.
14 Hours
Testimonials (2)
How trainer deliver knowledge so effectively
Vu Thoai Le - Reply Polska sp. z o. o.
Course - Certified Kubernetes Administrator (CKA) - exam preparation
Interesting labs, help from trainer
