Self-hosted network engineering, taught end-to-end.
A self-paced course on Linux network administration, WireGuard, and the production details most tutorials skip. Written modules, video walkthroughs, downloadable configs. One-time payment, lifetime access.
Pay once, get everything. No subscription, no recurring charges, no upsells.
- 7 written modules covering threat models, VPS selection, WireGuard, traffic engineering, multi-region egress, monitoring, and maintenance
- Video walkthrough of every setup, end-to-end
- Downloadable scripts, configs, kill-switch templates
- Free updates pushed to the same hosted modules
- 30-day refund policy, no questions asked
SECURE CHECKOUT VIA STRIPE · 30-DAY REFUND
What you'll learn.
Threat model and product selection
Pick the right tool for the real threats: public WiFi, ISP DPI, opaque commercial VPN providers, supply-chain compromise.
Evaluating VPS providers for production
Logging policies, hardware, network quality, ToS analysis. Walks through DMIT, BandwagonHost, RackNerd, Vultr, Hetzner side by side.
WireGuard from first principles
Crypto primitives, the handshake, key generation, route configuration, MTU tuning. Build a working tunnel from scratch.
Advanced TLS and DPI-resistant transport
REALITY, Hysteria, naiveproxy. How modern TLS-in-TLS transports avoid statistical classification by inline DPI.
Multi-region egress and IP management
Residential vs datacenter egress, IP rotation, failover. When to use Webshare/IPRoyal, when to roll your own.
Monitoring, kill switches, leak prevention
Prometheus + Grafana dashboards, DNS/IPv6/WebRTC leak tests, automatic failover, alerting that doesn't lie.
Maintenance playbook
Patching cadence, key rotation, peer churn, decommissioning. The boring work that keeps a stack alive past month three.
Engineers who want to run their own infrastructure.
Developers, sysadmins, DevOps engineers, and homelab enthusiasts who want to operate their own network stack instead of relying on third-party providers. Comfort with the Linux command line is assumed.
Not for you if: you want a one-click consumer VPN app. RouteHarden does not operate a VPN service. You will be configuring servers you own.
Read Module 01 first — it's free.
The threat-model module is the most important decision you make before any of this matters. Read it in 10 minutes, no signup required. Or subscribe to the newsletter for occasional course updates and free articles.
One good post per week.
Network hardening, traffic engineering, and self-hosted infrastructure. No spam, unsubscribe anytime.
Questions.
Is this a SaaS or a course?
It's a self-paced educational course. You receive written modules, video walkthroughs, and downloadable configurations. RouteHarden does not host or operate any network services on your behalf — you run everything on infrastructure you control.
Do you provide 1:1 support?
No. This is a self-serve digital product. The written and video material is detailed enough that motivated readers can complete every setup on their own. For community help, the broader /r/selfhosted, /r/HomeLab, and /r/sysadmin subreddits are excellent.
Refund policy
Full refund within 30 days of purchase, no questions asked. Email hello@routeharden.com.
Will the course be updated?
Yes. As tooling evolves (new WireGuard releases, transport protocols, VPS provider changes), modules are revised and you get the updated version at the same URL you originally paid for.
Who is this for?
Developers, sysadmins, DevOps engineers, and homelab enthusiasts who want to operate their own network infrastructure instead of trusting a third-party provider. Some Linux command-line comfort is assumed.