On Thu, Dec 26, 2013 at 7:05 AM, Matej Kovacic <matej.kovacic@owca.info> wrote:
... this might be of interest to you: https://code.google.com/p/badvpn/ ... The VPN part of this project implements a Layer 2 (Ethernet) network between the peers (VPN nodes).
i love the concept of L2 VPNs; so pure in theory. (AppleTalk and IPX over WAN? no problem!) in practice they need a lot of careful implementation and configuration. the attack surface for tap vs. tun is very different; many services handling broadcast traffic assume a trusted local network environment. all of the security features listed on the wiki are related to transport / authentication rather than endpoint service considerations. this should be remedied. looks interesting! perhaps i can play around with it soon... best regards,