Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
VPN Sovereignty Fundamentals
- Reasons why commercial VPNs log metadata and comply with legal requests.
- OpenVPN: A mature, feature-rich solution with flexible TAP/TUN support.
- WireGuard: A modern, minimalistic protocol offering high-performance cryptography.
- Selecting the appropriate protocol for your specific threat model.
OpenVPN Deployment
- Installing OpenVPN utilizing Easy-RSA PKI.
- Server configuration: cipher selection, HMAC, TLS-auth, and topology.
- Generation and distribution of client configurations.
- Management of revocation and Certificate Revocation Lists (CRL).
WireGuard Deployment
- Installation of the kernel module and WireGuard-tools.
- Key generation and peer configuration.
- Management of wg-quick and systemd units.
- Implementing road warrior and site-to-site mesh topologies.
Authentication and Authorization
- Certificate-based authentication with OpenVPN.
- Integration with LDAP and RADIUS backends.
- Two-factor authentication using TOTP plugins.
- Implementation of access control lists and per-user IP allocation.
Routing and Network Design
- Differentiating between full tunnel and split tunnel routing.
- Configuration of push routes, DNS, and WINS.
- NAT and masquerading for egress traffic.
- Multi-WAN and policy-based routing strategies.
Performance and Scaling
- Throughput benchmarks comparing WireGuard and OpenVPN.
- Multi-core optimization and kernel bypass techniques.
- Load balancing across multiple VPN servers.
- DDoS protection and connection rate limiting.
Monitoring and Maintenance
- Connection logging and bandwidth accounting.
- Integration of Syslog and Prometheus exporters.
- Automated certificate renewal and expiration alerts.
- Disaster recovery plans and configuration backups.
Requirements
- Intermediate proficiency in Linux networking and firewall administration.
- Solid understanding of PKI, certificates, and encryption protocols.
- Familiarity with routing, NAT, and IP forwarding.
Audience
- Network administrators replacing commercial VPN services.
- Remote work teams requiring sovereign and secure access.
- Organizations located in regions with VPN blocking or surveillance.
14 Hours
Testimonials (2)
How trainer deliver knowledge so effectively
Vu Thoai Le - Reply Polska sp. z o. o.
Course - Certified Kubernetes Administrator (CKA) - exam preparation
Interesting labs, help from trainer
