In a normal overlay network, the nodes are classified as an exit node and a regular node. This is because the exit node can be chosen as a static proxy for your local connector, effectively creating a regular client (your local connector) and server (the exit node) architecture.
However, such terminology is not suitable for VeilNet due to its dynamic non-mesh topology, as the remote conflux instance forwarding your traffic to the destinations is never fixed. So we introduce the term Portal and Rift:
- Portal: VeilNet Conflux instance operates in Portal mode, will discover the host networks and enable the IP routing on the host. It serves as a gateway between VeilNet and a regular IP network. However, the traffic originated from the host, if not necessary (directly accessible by the host’s physical network interfaces), will not be forwarded via VeilNet. This is similar to the concept of “split tunnel” in conventional VPNs.
- Rift: VeilNet Conflux instance operates in Rift mode will set itself as the default gateway to all traffic. All traffic originating from the host will be forwarded via VeilNet, even if the destination is reachable by the host’s physical network interfaces. This is similar to the concept of “full tunnel” in conventional VPNs.
Portal and Community Planes #
VeilNet Conflux Portal on community planes will relay traffic for other users on the same plane, but only limited to the destination on the Internet. Other users will not be able to access your host networks due to the identity access control.
Hence, it is safe, but you do contribute your spare internet bandwidth to the community if necessary. This is how VeilNet community planes can operate for free. When your traffic is forwarded by other users, due to the Dilithium DSA and Kyber KEM, it is not possible for the data to be read or altered until it reaches the destination. This is similar to how The Onion Router (TOR) network operates, but without the layered encryption overhead and the central registry that exposes who participated in the network.
Your public IP will not be exposed to community planes. The ephemeral link created by VeilNet is tied to the Internet Service Provider gateway, not your physical machine. So your public IP, either dynamic or static, is not visible from VeilNet. This also makes VeilNet unblockable because each ISP gateway is shared by thousands of users. Blocking the gateway IP from the peer ISP will cause a large incident of potential internet outage.