Because IPSec encapsulates IP packets only, while the other layer 2 protocols of the ISO/OSI model are not transported from one LAN to another. The idea of encapsulating the Ethernet frames inside a SSL tunnel leads us to thinking of site-to-site VPNs as a virtual network cable, which using Internet connects two remote stations in data link layer. Since we are dealing in fact with an Ethernet connection, with characteristics similar to that of a cable that connects two local switches, any protocol can be transported, including VLAN 802.1q. • If the ZeroShell site-to-site VPNs are in fact similar to an Ethernet connection, can I bridge one or more VPNs with one or more Ethernet interfaces? Yes, you can. The result is like a virtual level 2 switch which extends via Internet, however its ports seem to belong to the same virtual switch, even if thousands of kilometres apart. • My company is composed of a head office with a very fast Internet connection and peripheral offices that connect t