RBridge is a virtual, encrypted Ethernet cable.
It connects two distinct Ethernet LANs just as plugging a very long network cable over the distance, from one switch to the other.
As soon as two remote switches are connected with RBridge, all devices on one side can communicate with the devices on the other side as they would all be located in the same Ethernet LAN.
Operating with true random key material and ChaCha20 encryption makes it the most secure Layer 2 site-to-site VPN solution available on the market.
RBridge easily traverses NAT devices like typical DSL routers on one or both sides.
RBridge comes with its own protocol level packet fragmentation and reassembly mechanism. This avoids any problems commonly occurring with standard UDP fragmentation (like flawed device implementations and firewalls blocking UDP fragments).
RBridge deployment is almost “plug and play”, just a few parameters need to be set to establish an encrypted Layer 2 site-to-site Ethernet link.
RBridge is free of charge for the Raspberry Pi.
This is RBridge running on a Raspberry Pi 3 Model B+ connected to the other peer over IPv6:
Typical application examples are:
RBridge is available for the following operating systems:
Additionally, a generic “tarball” distribution allows installation on any other x86_64/AMD64 Linux distribution.
RBridge bears the quality certificate “IT Security made in Germany” (ITSMIG) issued by the “IT Security Association Germany” (teletrust): Unrestricted by political requirements, we guarantee that RBridge is free from any undocumented loopholes, undocumented backdoors and any other undocumented interception mechanisms.
Yes, RBridge may be secretly installed becoming a backdoor to a LAN. This can be either a threat or some kind of valuable interception feature, depending on the viewpoint and role. To mitigate this as a threat, RBridge provides a mechanism to scan a local Ethernet LAN for unwanted RBridge installations. The use of this functionality requires no license and is free to be used (see the “rbridge -s” command). If this is a concern to you, you may consider to add this to your internal network security scans.