Here you will find information on R&D projects and student Diploma thesis.

Lab Project Title: Secure Remote Access with OpenVPN and pfSense

Description:
This project focusedd on configuring a secure remote access VPN using OpenVPN on a pfSense (or on headless debian VM) firewall. The project included pfSense virtual machine deployment, certificates generation, user accounts creation, and OpenVPN configuration to allow remote clients to securely connect to a simulated internal network. The project emphasized practical skills in encryption, authentication, firewall rules, and VPN troubleshooting.

Objectives:

  • Understand the fundamentals of VPNs and encryption

  • Configure OpenVPN server and client on pfSense

  • Set up and test secure remote access to internal resources

  • Apply basic firewall and network segmentation rules

Tools Used: pfSense, custom debian OS (acting as router), OpenVPN, KVM/Hypervisor.

Deployment: Private cloud, Azure cloud. 

Project Title: Custom Debian-Based Router with DHCP and DNS

Description:
This project transforms a Raspberry Pi into a compact wireless router using a 4G USB modem for internet connectivity. The Pi is configured with hostapd for Wi-Fi access point functionality and dnsmasq to provide DHCP and DNS services to connected clients. Internet traffic is routed through the 4G modem using NAT and firewall rules via iptables, enabling portable, low-cost internet sharing in remote or mobile environments.

Objectives: 

  • Build a custom Linux-based router using a minimal Debian system

  • Provide core network services: DHCP, DNS, NAT, and firewall

  • Enable IP forwarding and secure routing between WAN and LAN interfaces

  • Allow client devices to receive IP addresses and access the internet via the router

  • Serve as a teaching platform for networking and system administration

Tools Used: Debian (12 or newer), isc-dhcp-server. bind9, iptables/nftables, vnstat, tcpdump (log/monitoring/alerting)

Deployment: Rasberry 4 

Project Title: Raspberry Pi as Wireless Router with 4G LTE

Description:
This project involved building a lightweight, custom router using a minimal Debian installation. The system was configured with dual network interfaces to serve as a secure gateway, offering NAT, DHCP, and DNS services to connected clients. Core components included isc-dhcp-server, dnsmasq (or bind9), and iptables/nftables for routing and firewall functionality. The result was a fully operational Debian router suitable for lab environments, small networks, or educational use.

Objectives: 

  • Configure a Raspberry Pi as a wireless router (Wi-Fi AP)

  • Use a 4G USB modem or mobile hotspot dongle for internet access

  • Provide internet access via Wi-Fi to connected devices

  • Implement NAT, DHCP, and DNS locally

  • Optional: Add firewall rules and monitoring for traffic

Tools Used: Raspberry 3.4, 4G USB dongle modem (Huawei E3372, ZTE MF79) 

SW packages: Raspberry Pi OS, isc-dhcp-server. bind9 (or dnsmasq), iptables/nftables (firewall, NAT services), tcpdump (log/monitoring/alerting), hostapd (creates Wi-Fi hotspot), 

Project Title: Open-Source Router & Firewall with pfSense

Description:
This project involved the deployment of pfSense, an open-source firewall and router operating system based on FreeBSD. pfSense was installed on dedicated hardware (bare metal) to act as a secure, full-featured network gateway. The system delivered enterprise-grade networking services such as NAT, firewalling, DHCP, DNS, and VPN. All configuration and management tasks were performed through its user-friendly web interface.

Objectives: 

  • To implement a secure and reliable firewall/router for a local network

  • To provide NAT, DHCP, and DNS services internally

  • To configure and test OpenVPN for encrypted remote access

  • To define and apply custom firewall rules and traffic filters

  • To explore pfSense’s GUI-based administration for usability

  • To evaluate advanced features like multi-WAN and high availability (optional)

As part of the pfSense router and firewall project, several built-in and optional packages were utilized to enhance network security, monitor threats, and harden the system against attacks as for example:

pf (Packet Filter) Core firewall engine used to enforce stateful inspection and block unauthorized traffic.
Snort / Suricata Intrusion Detection and Prevention Systems (IDPS) used to monitor network traffic and block malicious activity.
pfBlockerNG Used to block IPs and DNS domains from known malicious sources (GeoIP and DNSBL).
OpenVPN Provided encrypted tunnels for secure remote access to the internal network.
IPsec Enabled secure site-to-site communication between different network segments.

DNS Resolver

 Configured to prevent DNS leaks and support DNS over TLS for privacy.
Firewall Rules Granular access control policies were implemented to restrict services per network zone (e.g., LAN, DMZ, WAN).
2FA (Two-Factor Auth) Enabled on the web interface and VPN access for administrator logins.
HTTPS  GUI Access WebConfigurator access was restricted to specific IPs and encrypted using TLS certificates.
Syslog Exporting Logs were forwarded to a remote syslog server for off-device analysis and incident response.

 

Tools Used: pfSense (FreeBSD-based) , WebConfigurator, pf (Packet Filter), Built-in service DHCP, Snort / Suricata (ID/IDPS), unbound DNS Resolver (Internal DNS resolution and caching), ALTQ (Bandwidth management/Traffic Shaping), ntopng (Monitoring/Real-time traffic and usage stats).