What is the OSI Layer model?

It is an abstracted view of a computer network, like for example your local computer network at home or in the office, or on a larger scale, the Internet. There are 7 layers that describe their own specific function in the whole. The first 3 are really the important ones that Access Server works with:

  1. Physical, or Bit - The cables and equipment that transfer bits of data from one device to another.
  2. Data link, or Frame - Frames of data that reliably carry data between two devices connected by a physical medium.
  3. Network, or Packet - Structuring and managing a multi-node network, with addressing, routing, and traffic control.

For a full list see the Wikipedia article about the description of OSI layers.

The Access Server by default operates on Layer 3 routed mode, where it functions like a router would, for the most part. You connect to it using our OpenVPN client software, and traffic intended for specific IP addresses can be routed through the VPN tunnel. You can for example allow 192.168.70.0/24 through, but leave all the other subnets and IP addresses on the client side. Or you can redirect all Internet-directed traffic from the VPN client through the VPN tunnel and through the VPN server. The point is you have control over which traffic goes through the VPN tunnel, and which traffic doesn't.

It is also possible for Access Server to operate in Layer 2 bridging mode, where it functions like a network switch or hub would, for the most part. You connect to it using our OpenVPN client software, and your client computer becomes bridged to the network that the Access Server is on. It connects you directly, so to speak. You have little to no control over what traffic goes through the VPN tunnel then. You can either enable or disable sending Internet-directed traffic from the VPN client through the VPN tunnel but that's about all the control you have over the traffic that flows through here. It also means broadcast traffic will be able to pass unimpeded through the link. For some older legacy software this may be necessary, but it is also quite ugly in the sense that if you have for example a 100 VPN clients connected, and 1 VPN client sends 1 megabyte of broadcast traffic through the VPN tunnel, then that gets re-broadcast by the Access Server to the other 99 VPN clients. That's a lot of data at once. It is for these reasons that we very strongly recommend to stick to the default Layer 3 mode. If however you are determined and knowledgeable enough to use Layer 2 bridging mode then you can find the instructions on how to switch to Layer 2 bridging mode here.