Secure Bridge (VPN)

Use Secure Bridge (VPN) when the data source lives on a local machine, inside a private office network, or behind a firewall you do not want to open to the internet.

What the VPN workflow does

creates an organization-specific private mesh
lets you add approved devices with one-time setup keys
gives each connected device a private VPN address
lets you grant only the TCP ports that AnalytAI should reach

This is managed from Organization > VPN.

Initialize the organization VPN

Open Organization.
Go to VPN.
If the organization is not initialized yet, click Initialize.

After initialization, the page can create device setup instructions for that organization.

Add and connect a device

In VPN, click Add Device.
Enter a device name.
Choose the key expiration window.
Click Create.
Copy the one-time command shown by AnalytAI.
Run that command on the target machine after installing NetBird.

Grant access to the service port

After the device joins the mesh, grant the port AnalytAI should use:

Find the device under Connected Devices.
In Setup Ports, enter the TCP port.
Click Grant Access.

Examples:

PostgreSQL: 5432
MySQL: 3306
Tally XML server: 9000

Use the VPN address in your connector

Once the device is online and the port is granted:

use the device VPN IP or DNS label as the host in the connector form
keep the database or service listening on the granted private port
test the connection from the project setup flow

When to use this instead of a direct connection

Use the VPN route when:

the database runs on a laptop, desktop, or local server
the source is only reachable inside a private office network
you do not want to expose database ports publicly
Tally or another local service must stay on a machine you control