This is a real world example explaining how we actually connect our office branches with RBridge. Of course we wanted to go with a maximum of security and confidentiality, therefore we generated true random key material for each pair of RBridges and are running a RBRXNL (RBridge Xtreme Node License).
Not changing the default cipher we are implicitly using ChaCha20, which is faster, has a very good reputation and is more uncommon (for the case that AES-256 becomes too weak or is getting broken – if it isn’t already, who really knows …).
Here’s the link to the method and the true random number generator we use: Generating True Random Key Material with the Quantis USB Device .
The remaining part is very easy:
- We set up two devices, one for each location.
- In that particular case we have named the devices “C” and “D”.
- We added a user “rbridge”, but that’s just a matter of taste.
- The name of the true random key material file is /home/rbridge/keymaterialCD.bin and identical on both devices.
The configuration file on each device is the same except the information for licensing purposes. Implicitly we are using our default registry (absolutely no security related information is revealed towards the registry).
The configuration file /etc/rbridge.conf looks as follows (only the licence key is different):
serial= XNL-InlabNetworks lickey= 84846058e4654ee11cb350xxxxxxxxxx interface= eth0 true_random_keymaterial= /home/rbridge/keymaterialCD.bin machash= CD key= CD registry_linkname= CD
The final step is to start RBridge automatically with cron as explained here: Installation, Package Information and Deinstallation of RBridge .
Just moving the devices, restarting and – voilà – the two Ethernet LANs are securely connected through NAT on both sides (IPv4 or IPv6 is automatically chosen).