Overview

What is RBridge ?

RBridge is a virtual, encrypted Ethernet cable.

It connects two distinct Ethernet LANs just as plugging a very long network cable over the distance, from one switch to the other.

As soon as two remote switches are connected with RBridge, all devices on one side can communicate with the devices on the other side as they would all be located in the same Ethernet LAN.

Operating with true random key material and ChaCha20 encryption makes it the most secure Layer 2 site-to-site VPN solution available on the market.

RBridge easily traverses NAT devices like typical DSL routers on one or both sides.

RBridge comes with its own protocol level packet fragmentation and reassembly mechanism. This avoids any problems commonly occurring with standard UDP fragmentation (like flawed device implementations and firewalls blocking UDP fragments).

RBridge deployment is almost “plug and play”, just a few parameters need to be set to establish an encrypted Layer 2 site-to-site Ethernet link.

RBridge is free of charge for the Raspberry Pi.


This is RBridge running on a Raspberry Pi 3 Model B+ connected to the other peer over IPv6:


What is it good for ?

Typical application examples are:

  • connecting a remote or home office LAN to the main company network
  • accessing datacenter networks for remote administration (permanently or on demand)
  • moving datacenter machines physically (and the network afterwards)
  • physically distributing target servers in load-balanced HA setups
  • implementing Layer 3 DSR for BalanceNG load balancing
  • transport of other Ethernet protocols that are otherwise not routable over IP
  • legal hidden access to LANs under surveillance

Which operating systems are supported ?

RBridge is available for the following operating systems:

  • RHEL 6+7
  • CentOS 6+7
  • Debian Linux
  • Ubuntu Linux
  • macOS 10.14
  • Debian on Raspberry Pi (Raspbian)

Additionally, a generic “tarball” distribution allows installation on any other x86_64/AMD64 Linux distribution.

Technical Data at a Glance:

  • SHA-2 256 for message authentication
  • ChaCha20 or AES-256 CTR for encryption
  • Replay attack prevention with time stamps
  • True random key material support for highest possible confidentiality and privacy
  • Post-quantum resistant (symmetric pre-shared encryption only)
  • Own protocol level fragmentation / reassembly
  • Tunneling over UDP only, no “TCP meltdown” effects possible
  • Backdoor free

IT Security made in Germany

RBridge bears the quality certificate “IT Security made in Germany” (ITSMIG) issued by the “IT Security Association Germany” (teletrust): Unrestricted by political requirements, we guarantee that RBridge is free from any undocumented loopholes, undocumented backdoors and any other undocumented interception mechanisms.


Yes, RBridge may be secretly installed becoming a backdoor to a LAN. This can be either a threat or some kind of valuable interception feature, depending on the viewpoint and role. To mitigate this as a threat, RBridge provides a mechanism to scan a local Ethernet LAN for unwanted RBridge installations. The use of this functionality requires no license and is free to be used (see the “rbridge -s” command). If this is a concern to you, you may consider to add this to your internal network security scans.