Tillered Docs
Concepts

Transparent Mode

How transparent networking preserves source IPs across Tillered Cloud tunnels

Transparent mode extends your LAN across Tillered tunnels. The original source IP and port are preserved through the tunnel so the remote side sees the real client address, as if both sites were on the same network segment.

How it works

In a standard (non-transparent) Tillered link, the exit node replaces the source address with its own when forwarding traffic to the destination. The remote service sees the exit node's IP, not the original client.

In transparent mode, the tunnel carries the original addressing end-to-end. Traffic arrives at the remote site with the real source IP and port intact. The remote network processes it as if the client were local.

This requires bidirectional tunnels so the return traffic can follow the same path back with correct addressing. Only FTN nodes support this. A TEN-to-CEN link is unidirectional, so the return path has no tunnel to preserve the source on the way back.

Network-level setting

Transparent mode is set at the network level, not per-link. Because Tillered Cloud auto-creates service links within a network, the routing model must be uniform across all links. You cannot have some links transparent and others not within the same network.

Enable transparent mode when registering an FTN node to a network.

When to use transparent mode

Transparent mode is useful when the remote side needs to know the real client identity:

  • IP-based access control: Firewall rules or application ACLs at the remote site can match on the actual client IP rather than a tunnel endpoint address
  • Accurate logging: Access logs, audit trails, and SIEM systems record the true source of each connection
  • Compliance: Regulatory requirements that mandate tracking real client addresses are satisfied without additional correlation

Requirements

  • All tunnel endpoints must be FTN nodes. TEN and CEN nodes do not support transparent mode because their links are unidirectional.
  • Both sites need appropriate routing so return traffic passes back through the FTN rather than taking a direct path that bypasses the tunnel.
  • The network must have transparent mode enabled at creation time or when the first FTN is added.

Networks

How Tillered Cloud networks group nodes and automatically build service link meshes

Troubleshooting

Resolve common Tillered Cloud provisioning, connectivity, and routing issues

On this page

How it worksNetwork-level settingWhen to use transparent modeRequirements