VPN & Remote Access
🔥 Vibe Prompt
"Set up WireGuard VPN for remote access to internal services."
WireGuard Setup
# Install
sudo apt install wireguard
# Generate keys
wg genkey | tee private.key | wg pubkey > public.key
# Server config: /etc/wireguard/wg0.conf
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server-private-key>
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32
# Start
wg-quick up wg0
systemctl enable wg-quick@wg0
Client Config
[Interface]
PrivateKey = <client-private-key>
Address = 10.0.0.2/24
DNS = 10.0.0.1
[Peer]
PublicKey = <server-public-key>
Endpoint = vpn.example.com:51820
AllowedIPs = 10.0.0.0/24, 172.16.0.0/12, 192.168.0.0/16
PersistentKeepalive = 25
WireGuard vs OpenVPN
| Feature | WireGuard | OpenVPN | |---------|-----------|---------| | Speed | Fast (kernel) | Slower (userspace) | | Setup | Simple (2 files) | Complex (PKI) | | Security | Modern (Noise) | OpenSSL | | Roaming | Excellent | Good | | UDP only | Yes | TCP+UDP |
SSH Tunneling (Quick Access)
# Local port forward (access internal DB via bastion)
ssh -L 5432:internal-db:5432 bastion.example.com
# Now connect to localhost:5432 → internal-db:5432
# Dynamic SOCKS proxy
ssh -D 1080 bastion.example.com
# Configure browser SOCKS proxy localhost:1080
# Jump host
ssh -J bastion.example.com internal-server
Teleport (Modern Access)
tsh login --proxy=teleport.example.com --auth=okta
tsh ssh server-name
tsh db connect postgres
tsh app start grafana
Best Practices
- Use WireGuard (modern, fast, simple)
- MFA for VPN auth (e.g., OTP)
- Just-in-time access (approve per session)
- Audit all VPN access
- Disconnect idle sessions
- Use bastion/jump host pattern
Key Points
- Understand the core concepts thoroughly
- Practice with hands-on code examples
- Apply knowledge to real-world problems
- Review and reinforce through exercises
Further Learning
- Official documentation
- Open source projects on GitHub
- Community forums and discussions
- Related courses and tutorials
為什麼要學VPN 與遠端存取?
VPN 與遠端存取 是 security-network 課程的核心章節之一。
在真實世界中
VPN 與遠端存取 並不是課本上的理論——它在真實的軟體開發中頻繁出現。無論你是正在接案、準備面試,還是想要提升自己的技術深度,理解這個主題都能讓你直接受益。
你將從本章獲得
- 🎯 完整的知識體系:從核心原理到實作細節,條理分明
- 💻 可運行的程式碼:每段程式碼都是完整的,可直接執行
- 🔍 除錯技巧:常見錯誤的分析與解決方案
- 🚀 下一步指引:學完後該往哪個方向繼續深入
銜接下一章
本章為你建立了 VPN 與遠端存取 的完整知識基礎。下一章將在此基礎上,帶你探索更進階的真實世界應用場景——你將學會如何將本章所學應用到更複雜的問題中。