VeilNet
Login

Quick Start

Establish secure connections between AI agents, apps, workflows, VMs, and bare-metal servers with VeilNet—no VPN or allowlist sprawl.

Introduction

DevOps are responsible for the entire lifecycle of an application, from development to deployment and operation. They are the ones who are responsible for the security of the application and the infrastructure. With the bloom of AI agents, current proxy and VPN that follows explicit allowlist is no suitable for a elastic and scalable infrastructure.

VeilNet is designed to be a zero-config solution for secure connections between AI agents, applications, workflow, VMs and bare-metal servers. It creates secure and scalable networks directly from identities, no matter where the application is, how it is deployed. You could also use VeilNet to create hybrid and multi-region clusters as your infrastructure grows.

Let's get started

Step 1: Install VeilNet Conflux

VeilNet Conflux, the connector of VeilNet, is distributed as a single binary file that can be used as CLI or installed as a system service. Download the newest release from VeilNet Releases. The binary filename depends on the release asset (e.g. conflux-linux-amd64); you may rename or symlink it (e.g. to veilnet-conflux) for clarity.

# For Linux AMD64 (adjust filename to match your release asset)
chmod +x conflux-linux-amd64
mv conflux-linux-amd64 /usr/local/bin/veilnet-conflux

Step 2: Register a new conflux node

To register a new conflux node, you need to have a registration token. You can get the registration token from your VeilNet management console or the Guardian API.

sudo veilnet-conflux register -t <registration-token>

This will register a new conflux node with a random IP address from the subnet of the Realm associated with the registration token, and install the VeilNet Conflux as a system service. You can find the information of the conflux node by running:

veilnet-conflux info

This will show the information of the conflux node, including the IP address, tag, etc.

Step 3: Add a taint to the conflux node

Required: By default, Conflux nodes cannot connect with each other. You must add at least one common taint to nodes that need to communicate. Without a shared taint, nodes will not be able to talk even if registered with the same token.

veilnet-conflux taint add <taint>

Note: The Taint is quick way to set a identity for your conflux node without an Identity Provider. It is recommended to use label of purpose for your conflux node, such as web, api, database, cache, queue, search, logging, monitoring, or backup.

Note: You can add multiple taints to a conflux node. Communication between conflux nodes is allowed if the taint of one node is a subset or a superset of the taints of the other node.

Step 4: Test the connectivity

Repeat the same steps to register a new conflux node with the same registration token, and add the same taint to the conflux node. Then you should be able to ping the first conflux node from the second conflux node with its VeilNet IP address.

ping <ip-of-the-first-conflux-node>

Remove VeilNet Conflux

You can remove VeilNet Conflux by running:

sudo veilnet-conflux unregister -t <registration-token>

This will unregister the conflux node from the VeilNet network and uninstall the VeilNet Conflux service.

Debug the conflux node

You can enable the debug mode by running:

sudo veilnet-conflux register -t <registration-token> -d

This will not install the VeilNet Conflux as a system service, but run as a standalone process. It will show the logs of the conflux node in the console.

Code Generation

Protobuf and gRPC for non-Go languages

System Service

Deploy VeilNet Conflux as a systemd service

VeilNet • © 2026 All rights reserved