You can manage all your VeilNet Conflux instances and instances from your team members from the VeilNet Console.
Clicking the first navigation tile on the main page inside the right panel will lead you to the page below:
We already demonstrated how to create a new registration token and obtain deployment templates in “Quickstat Guide”.
Manage Registration Token #
Here, you can also manage all your registration tokens.
Clicking the “Revoke” button will permanently disable and delete the registration token. This will not instantly stop or disconnect all VeilNet Conflux instances from the VeilNet, which are registered by the same token. However, those VeilNet Conflux instances, once disconnected, will not be able to rejoin the VeilNet.
Manage VeilNet Conflux instances #
Unlike other providers, whose connectors could be disconnected remotely, VeilNet Guardian is also connected with the control channel and can issue a “kill” command remotely to any VeilNet Conflux instance under your control. This includes:
- Owned instances: any VeilNet Conflux instances registered via a registration token under your account.
- Plane instances: any VeilNet Conflux instances connect to the VeilNet Private Plane owned by you. (Plane will be explored in another section)
To “kill” a VeilNet Conflux instance, simply click on any instances shown inside the expansion panel under any VeilNet Private Plane owned by you. Then, click the “Delete” button. This will:
- “Kill” command: This will send out a remote command to instantly stop the VeilNet Conflux instance, no matter which deployment methods had been used. This is why we made VeilNet Console as a PWA running from your device to ensure only you have the authority for issuing the “kill” command.
- Credential removal: This will also remove any credentials that have been created for the VeilNet Conflux instance, including its certificates from the control channel.
This has limitations. If the VeilNet Conflux instance is deployed as a system service, Docker container or Kubernetes HA deployment, the host may try to use the registration token to register itself again. To fully cut off, you should revoke the registration token and delete the VeilNet Conflux instances.
Local Network Management #
VeilNet Conflux is able to forward the local network of the host, and it cannot be disabled. This is contradictory to all other overlay VPN providers. However, this is a deliberate choice because:
- Non-IP routing: VeilNet routing is based on the signature of the VeilNet Conflux instance, not its private IP address. Enabling access to local networks of the host on the VeilNet Conflux instance by default does not mean other instances will be able to freely access those local networks.
- Access Control: VeilNet access control is based on user identities, not subnet or IP address. Therefore, we choose to ensure the connectivity for the IP network by default rather than manage it as a resource. Limitations on IP and subnet are meaningless to VeilNet routing and user identities, because they are not directly related.
- Compatibility: Many virtual network systems, such as Docker network and Kubernetes pod subnet, have their own network policy. Implementing another layer of policy upon the same layer 3 network will not only face potential incompatibility but also scatter the management across different systems. This will only cause confusion and a higher chance of misconfigurations.
Therefore, you will not be able to select which local network will be forwarded by VeilNet Conflux instances. The access control will be regulated via the Veil, Private Plane and Teams. We will explore these concepts in a different section.