VeilNet
Login

Quick Start

Establish secure connections between AI agents, apps, workflows, VMs, and bare-metal servers with VeilNet—no VPN or allowlist sprawl.

Introduction

DevOps are responsible for the entire lifecycle of an application, from development to deployment and operation. They are the ones who are responsible for the security of the application and the infrastructure. With the bloom of AI agents, current proxy and VPN that follows explicit allowlist is no suitable for a elastic and scalable infrastructure.

VeilNet is designed to be a zero-config solution for secure connections between AI agents, applications, workflow, VMs and bare-metal servers. It creates secure and scalable networks directly from identities, no matter where the application is, how it is deployed. You could also use VeilNet to create hybrid and multi-region clusters as your infrastructure grows.

Let's get started

Step 1: Install VeilNet Conflux

VeilNet Conflux, the connector of VeilNet,is distributed as a single binary file that can be used as CLI or installed as a system service. You could download the newest release from VeilNet Releases. After downloading the binary file, simple make it executable and move it to a desired location.

# For Linux AMD64
chmod +x conflux-linux-amd64
mv conflux-linux-amd64 /usr/local/bin/conflux-linux-amd64

Step 2: Register a new conflux node

To register a new conflux node, you need to have a registration token. You could get the registration token from your VeilNet management console.

sudo conflux-linux-amd64 register -t <registration-token>

This will register a new conflux node with a random IP address from the subnet of the Realm associated with the registration token, and install the VeilNet Conflux as a system service. You can find the information of the conflux node by running:

conflux-linux-amd64 info

This will show the information of the conflux node, including the IP address, tag, etc.

Step 3: Add a taint to the conflux node

By default, the conflux node is not allowed to communicate with other conflux nodes. You need to add a taint to the conflux node to allow it to communicate with other conflux nodes.

conflux-linux-amd64 taint add <taint>

Note: The Taint is quick way to set a identity for your conflux node without an Identity Provider. It is recommended to use label of purpose for your conflux node, such as web, api, database, cache, queue, search, logging, monitoring, or backup.

Note: You can add multiple taints to a conflux node. Communication between conflux nodes is allowed if the taint of one node is a subset or a superset of the taints of the other node.

Step 4: Test the connectivity

Repeat the same steps to register a new conflux node with the same registration token, and add the same taint to the conflux node. Then you should be able to ping the first conflux node from the second conflux node with its VeilNet IP address.

ping <ip-of-the-first-conflux-node>

Remove VeilNet Conflux

You can remove VeilNet Conflux by running:

sudo conflux-linux-amd64 unregister -t <registration-token>

This will unregister the conflux node from the VeilNet network and uninstall the VeilNet Conflux service.

Debug the conflux node

You can enable the debug mode by running:

sudo conflux-linux-amd64 register -t <registration-token> -d

This will not install the VeilNet Conflux as a system service, but run as a standalone process. It will show the logs of the conflux node in the console.

Advanced Integration

Advanced VeilNet Conflux configuration

System Service

Deploy VeilNet Conflux as a systemd service

VeilNet • © 2026 All rights reserved