VeilNet
DownloadLogin

Ephemeral Link

How Ephemeral Links operate inside VeilNet Conflux.

Ephemeral Link

An Ephemeral Link is the short-lived hop-level connection created by the Tether layer whenever a Route needs to forward a data message to its next node.
It is not a persistent tunnel, not a long-lived session, and not part of a mesh. It is simply a temporary transport bond that exists long enough to deliver the current batch of encrypted Stream data.

Once the batch is forwarded, the link becomes idle and is silently discarded. No teardown procedure is required.

How Ephemeral Links Are Created

When a Route selects a next hop, the Tether prepares the necessary transport channels to that specific node. If an existing WebRTC channel is available, it is reused; otherwise, a new channel is negotiated.

The result of this negotiation is the Ephemeral Link:
a direct, short-lived connection that only exists for this one hop in the Route. It carries the encrypted data message, verifies packet authenticity via PLA, and disappears the moment it is no longer needed.

Because Conflux may re-route or adjust its path at any time, Ephemeral Links are continuously created, used, and dissolved as network conditions evolve. No persistent information is stored between uses.

Why Ephemeral Links Are Ephemeral

Route decisions in VeilNet are dynamic. The RL engine may select a different next hop based on congestion, channel quality, or available tethers. Ephemeral Links allow these changes to occur instantly without leaving behind stale tunnels or maintaining long-term associations between nodes.

A hop exists only for the duration of its usefulness.
This design keeps the network agile, stateless, and free from the scalability issues of mesh VPNs.

Why Ephemeral Links Are Unblockable

Ephemeral Links inherit their un-blockability from two properties of their design:

1. They use standard WebRTC traffic

The link appears to the ISP as normal encrypted WebRTC data.
There is no fixed port, no static key, and no identifiable VPN handshake. Any ISP rule broad enough to block these links would also block:

  • Zoom / Teams / Meet
  • WebRTC-based games
  • Browser RTC features
  • Streaming platforms

Blocking Ephemeral Links would require breaking the modern web.

2. The link binds to the ISP's public gateway, not the device

A critical part of VeilNet's unobservability is that Ephemeral Links bind to the public gateway address of the ISP, not to any device-level identifier.

To the ISP, the link looks like ordinary WebRTC traffic originating from the shared gateway NAT address used by many customers.
This means:

  • the link cannot be isolated from other customers
  • the device cannot be fingerprinted
  • no flow can be attributed to VeilNet specifically
  • no targeted blocking rule can be created
  • enforcing a block would disrupt all users on that gateway

For an ISP to “block VeilNet,” it would need to block or rate-limit the gateway's entire outbound WebRTC traffic — which is operationally impossible without affecting thousands of unrelated users.

This property makes Ephemeral Links functionally unblockable.

Data Flow

How data flows through VeilNet Conflux.

Community Realm

Introduction to VeilNet Community Realm.