VPN Setup
Configure secure VPN tunnels for remote access and site connectivity.
WireGuard
Generate keys
wg genkey | tee privatekey | wg pubkey > publickey
Server config (/etc/wireguard/wg0.conf)
[Interface] Address = 10.0.0.1/24 ListenPort = 51820 PrivateKey = <server-private-key>
[Peer] PublicKey = <client-public-key> AllowedIPs = 10.0.0.2/32
Enable
wg-quick up wg0 systemctl enable wg-quick@wg0
OpenVPN
Install
apt install openvpn easy-rsa
Generate certificates
cd /etc/openvpn/easy-rsa ./easyrsa init-pki ./easyrsa build-ca ./easyrsa gen-req server nopass ./easyrsa sign-req server server ./easyrsa gen-dh
AWS Site-to-Site VPN
aws ec2 create-vpn-gateway --type ipsec.1
aws ec2 create-customer-gateway
--type ipsec.1
--bgp-asn 65000
--public-ip <on-prem-ip>
aws ec2 create-vpn-connection
--type ipsec.1
--customer-gateway-id cgw-xxx
--vpn-gateway-id vgw-xxx
Best Practices
-
Use WireGuard for modern deployments
-
Implement MFA for VPN access
-
Regular key rotation
-
Monitor VPN connections
-
Segment VPN access by role
Related Skills
-
zero-trust - Modern access patterns
-
ssl-tls-management - Certificate management