The following lines were added (+) and removed (-):
Due to the limitations of WAP and certain unavoidable vulnerabilities in the budget WDS bridge AP market, one has to be practical about their approach to security. Don't risk using WDS to bridge directly to your LAN where you have a server with sensitive and confidential data. In scenario where you have a main office with a wired LAN and you wish to connect a remote office you could place a router between the WDS AP and Switch/HUB on your main office LAN having that HUB also serve DHCP addresses on the new subnet in the main office, which could be considered a DMZ subnet. Set up the wireless bridge between the two offices. Clients at the remote office will grab a DHCP address from the router off the DMZ and not have direct access to the secure LAN at the main office. Using VPN any workstation at the remote office would have to authenticate as a VPN client to tunnel though the router to the secure LAN at the main office.This scenario using VPN almost makes it seem silly to "bridge" to an alternate subnet. Why not then create a wireless link between two routers so the remote side is on a separate subnet? One reason is the p2p bridge does prevent additional clients from connecting to either AP. Remember, we only want the AP's to connect to each other.