Infrastructure Management Configuring Network Tunnels
Image
Image

Network tunnels allow you to securely connect your local infrastructure to the platform. This guide walks you through downloading the tunnel client, configuring target subnets, and generating the gateway connection tokens required to establish a secure link.

flowchart LR
    A["Platform Gateway"] <-->|Secure Token Connection| B("Tunnel Client")
    B <-->|Routes Traffic| C["Target Subnet (Local Network)"]

Setting up your tunnel

To get started, navigate to the Network Configuration panel in your dashboard.

  1. 1

    Download the Tunnel Client

    Locate the Step 1: Download Tunnel Client section. You will see a list of available binaries tailored for different operating systems and architectures (e.g., Linux, Windows, macOS). Click the button corresponding to your system to download the client.

  2. 2

    Configure the Target Subnet

    Under Step 2: Run Tunnel Client, locate the Target Subnet (CIDR) input field. Enter the network range you want the tunnel to access using standard CIDR notation (for example, 192.168.1.0/24).

  3. 3

    Generate the Connection Token

    As you type, the system validates your subnet. Once a valid CIDR block is detected, the system will display a cyan "Valid subnet, generating command..." message and automatically generate your secure gateway token.

  4. 4

    Run the Client

    Copy the generated command provided in the UI and run it in your terminal to start the tunnel client and establish the connection.

    # Example generated command
    ./tunnel-client --token <YOUR_GENERATED_TOKEN>

Subnet Validation Rules

The platform strictly validates your target subnet to ensure routing works correctly. You must provide a valid IPv4 address range in CIDR format.

RequirementDescriptionExample
FormatMust use CIDR notation (IP address followed by a slash and routing prefix).10.0.0.0/16
Valid IPsEach octet in the IP address must be between 0 and 255.192.168.1.0
PrefixThe routing prefix must be between 0 and 32./24

If you enter an invalid format or an IP address with numbers exceeding 255, the input field will display a red error message ("Invalid CIDR format" or "Invalid IP address"), and the token generation will be paused.

Token Lifecycle and Security

To keep your infrastructure secure, gateway connection tokens are generated with strict scopes and short-lived expiration windows.

How long are connection tokens valid?

Every generated token has a strict expiration time of 36 minutes (36m). You must start your tunnel client within this window. Once the client connects, the session is established, but unused tokens will quickly expire to prevent unauthorized access.

How are tunnels identified?

When a token is generated, the system automatically assigns it a unique label (e.g., threatexploit-tunnel-482910). This helps you identify and audit active tunnel connections in your infrastructure logs.

Can I route multiple subnets?

Currently, the UI token generator scopes the connection strictly to the single allowed_subnet you provide in the input field.

Need help with CIDR?

If you are unsure how to calculate your network's CIDR block, external tools like CIDR.xyz can help you visualize your IP ranges and subnet masks.