I have noticed that ZeroShell creates the VPN LAN-to-LAN using a tunnel encrypted with SSL which encapsulates the Ethernet frames instead of using the more widely known IPSec protocol. Why is this?
Because IPSec encapsulates IP packets only, while the other layer 2 protocols of the ISO/OSI model are not transported from one LAN to another. The idea of encapsulating the Ethernet frames inside a SSL tunnel leads us to thinking of site-to-site VPNs as a virtual network cable, which using Internet connects two remote stations in data link layer. Since we are dealing in fact with an Ethernet connection, with characteristics similar to that of a cable that connects two local switches, any protocol can be transported, including VLAN 802.1q. • If the ZeroShell site-to-site VPNs are in fact similar to an Ethernet connection, can I bridge one or more VPNs with one or more Ethernet interfaces? Yes, you can. The result is like a virtual level 2 switch which extends via Internet, however its ports seem to belong to the same virtual switch, even if thousands of kilometres apart. • My company is composed of a head office with a very fast Internet connection and peripheral offices that connect t
