<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Network Security and Access on DevOps Engineer &amp; CloudAdmin</title><link>https://ru-admin.github.io/posts/network-security/</link><description>Recent content in Network Security and Access on DevOps Engineer &amp; CloudAdmin</description><generator>Hugo -- gohugo.io</generator><language>en-US</language><atom:link href="https://ru-admin.github.io/posts/network-security/index.xml" rel="self" type="application/rss+xml"/><item><title>WireGuard VPN Infrastructure</title><link>https://ru-admin.github.io/posts/network-security/vpn-services/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://ru-admin.github.io/posts/network-security/vpn-services/</guid><description>&lt;h2 id="wireguard-vpn-infrastructure"&gt;WireGuard VPN Infrastructure&lt;/h2&gt;
&lt;hr&gt;
&lt;h4 id="challenge"&gt;Challenge&lt;/h4&gt;
&lt;p&gt;A distributed team of 15+ engineers working across multiple locations needed secure, low-latency access to internal corporate infrastructure — without relying on heavyweight legacy VPN appliances. The existing setup introduced significant overhead, was difficult to maintain, and caused frequent connectivity issues for remote employees. The goal was to replace it with a lightweight, self-hosted solution that is fast, auditable, and easy to scale.&lt;/p&gt;
&lt;hr&gt;
&lt;h4 id="solution"&gt;Solution&lt;/h4&gt;
&lt;h6 id="1-technology-selection"&gt;1. Technology Selection&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Protocol evaluation: OpenVPN, WireGuard, Outline&lt;/li&gt;
&lt;li&gt;WireGuard chosen for its speed, simplicity, and modern cryptography&lt;/li&gt;
&lt;li&gt;Docker for isolation and portability&lt;/li&gt;
&lt;li&gt;Ansible for automated provisioning&lt;/li&gt;
&lt;/ul&gt;
&lt;h6 id="2-infrastructure"&gt;2. Infrastructure&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;VPS hosted in a neutral jurisdiction (Netherlands)&lt;/li&gt;
&lt;li&gt;Docker Compose for service orchestration&lt;/li&gt;
&lt;li&gt;WireGuard running in a container&lt;/li&gt;
&lt;li&gt;Nginx for the web management panel&lt;/li&gt;
&lt;li&gt;Prometheus + Grafana for monitoring&lt;/li&gt;
&lt;/ul&gt;
&lt;h6 id="3-automation"&gt;3. Automation&lt;/h6&gt;
&lt;div class="highlight"&gt;&lt;pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"&gt;&lt;code class="language-yaml" data-lang="yaml"&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;&lt;span style="color:#75715e"&gt;# Ansible playbook for deployment&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt;- &lt;span style="color:#f92672"&gt;name&lt;/span&gt;: &lt;span style="color:#ae81ff"&gt;Deploy WireGuard VPN&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; &lt;span style="color:#f92672"&gt;hosts&lt;/span&gt;: &lt;span style="color:#ae81ff"&gt;vpn_servers&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; &lt;span style="color:#f92672"&gt;roles&lt;/span&gt;:
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; - &lt;span style="color:#ae81ff"&gt;docker&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; - &lt;span style="color:#ae81ff"&gt;wireguard&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; - &lt;span style="color:#ae81ff"&gt;monitoring&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span style="display:flex;"&gt;&lt;span&gt; - &lt;span style="color:#ae81ff"&gt;backup&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/div&gt;&lt;h6 id="4-security"&gt;4. Security&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Automatic key rotation&lt;/li&gt;
&lt;li&gt;Firewall rules (UFW)&lt;/li&gt;
&lt;li&gt;Fail2ban for brute-force protection&lt;/li&gt;
&lt;li&gt;ChaCha20-Poly1305 traffic encryption&lt;/li&gt;
&lt;/ul&gt;
&lt;h6 id="5-monitoring"&gt;5. Monitoring&lt;/h6&gt;
&lt;ul&gt;
&lt;li&gt;Bandwidth and throughput metrics&lt;/li&gt;
&lt;li&gt;Downtime alerts&lt;/li&gt;
&lt;li&gt;Connection logging&lt;/li&gt;
&lt;li&gt;Automatic restart on failure&lt;/li&gt;
&lt;/ul&gt;
&lt;hr&gt;
&lt;h4 id="technologies"&gt;Technologies&lt;/h4&gt;
&lt;div class="row"&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/wireguard.svg" alt="WireGuard"&gt;&lt;div&gt;WireGuard&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/docker-original.svg" alt="Docker"&gt;&lt;div&gt;Docker&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/ansible-original.svg" alt="Ansible"&gt;&lt;div&gt;Ansible&lt;/div&gt;&lt;/div&gt;
&lt;div class="col-4 col-lg-2 pt-2" style="text-align: center;"&gt;&lt;img src="https://ru-admin.github.io/icons/prometheus-original.svg" alt="Prometheus"&gt;&lt;div&gt;Prometheus&lt;/div&gt;&lt;/div&gt;
&lt;/div&gt;
&lt;hr&gt;
&lt;h4 id="results"&gt;Results&lt;/h4&gt;
&lt;p&gt;✅ &lt;strong&gt;Uptime:&lt;/strong&gt; 99.8% over 6+ months of operation&lt;br&gt;
✅ &lt;strong&gt;Speed:&lt;/strong&gt; stable 100+ Mbps&lt;br&gt;
✅ &lt;strong&gt;Access:&lt;/strong&gt; OpenAI API, ChatGPT, GitHub Copilot, npm registry&lt;br&gt;
✅ &lt;strong&gt;Deployment time:&lt;/strong&gt; ~20 minutes per new server&lt;br&gt;
✅ &lt;strong&gt;Users:&lt;/strong&gt; 15+ developers with zero connectivity issues&lt;/p&gt;</description></item></channel></rss>