Network Connectivity Guide
Overview
Network Connectivity allows you to route any node's tool execution through a custom network configuration — such as a VPN tunnel — directly from the node's configuration panel. This is useful when tools need to reach internal infrastructure, restricted targets, or require traffic to originate from a specific network.
Network configurations are stored at the organization level and can be reused across any node in any workflow.
Use Cases
- Running reconnaissance tools against internal or air-gapped networks
- Scanning targets that restrict access by IP or geographic region
- Ensuring tool traffic exits through a controlled egress point
- Applying consistent network routing across multiple nodes in a workflow
Setting Up a Network Configuration
Accessing the Network Tab
- Click on any node in your workflow canvas to open its configuration panel
- Navigate to the Network tab
- Use the dropdown to select an existing configuration, or create a new one below
Creating a New Configuration
- Under Add new Network configuration, set the Network type to
VPN - Select the Network provider — currently OpenVPN (
ovpn) is supported - Enter a Name to identify this configuration across your organization
- Upload your
.ovpnfile (max 100 KB) - Click Create configuration
The configuration is now available to any node in your organization.
Assigning a Configuration to a Node
Select an existing configuration from the dropdown at the top of the Network tab. The node will use it on the next execution. To remove the assignment, click the × button next to the selected config name.
Configuration Options
| Field | Description |
|---|---|
| Network type | Type of connectivity — currently VPN |
| Network provider | VPN protocol — currently OpenVPN |
| Name | Display name for the configuration |
| VPN file | .ovpn profile file (max 100 KB) |
Editing and Deleting Configurations
To update a configuration, select it from the dropdown — its details will populate the form below. Make your changes and click Edit configuration. The Edit configuration button is only active when there are unsaved changes.
To remove a configuration permanently, click Delete config. Nodes that reference a deleted configuration will fail validation until a new one is assigned.
Security
VPN configuration files are encrypted at rest using AES-256-GCM. The plaintext content is never stored in the database — it is only decrypted in memory at execution time, inside the isolated environment where the tool runs. Files are validated before use to block potentially dangerous directives.
How It Works
When a node with a network configuration is executed:
- The encrypted VPN profile is securely delivered to the execution worker
- The worker decrypts it in memory and establishes an OpenVPN tunnel in an isolated container
- The node's tool execution is routed through that tunnel for the duration of the run
- Once the node completes, the tunnel is torn down
If multiple nodes in the same workflow share the same configuration, the VPN tunnel is reused automatically — avoiding redundant connection overhead.
Best Practices
- Name configurations clearly: Use names that describe the network or purpose (e.g.,
corp-internal-vpn,eu-exit-node) - Reuse across nodes: Assign the same configuration to multiple nodes when they all require the same routing — the connection will be shared
- Keep files small: A well-formed
.ovpnprofile should be well under the 100 KB limit; large files are usually a sign of embedded certificates that should be referenced by path instead - One config per target network: Create separate configurations for different target environments rather than modifying and overwriting a shared one
Troubleshooting
| Issue | Resolution |
|---|---|
| Node fails with a network error | Verify the .ovpn file is valid and the VPN endpoint is reachable |
| Configuration not appearing in the dropdown | Refresh the panel — configs are cached and may need a reload |
| Upload rejected | Check the file size (max 100 KB) and that the file has a .ovpn extension |
| Edit button stays disabled | No changes have been detected — modify at least one field to enable saving |
Coming Soon
- Local Agent: Route traffic through an agent running inside your own infrastructure, without requiring a VPN file upload
Updated: 2026-02-24