One embodiment of the present invention provides a system that provides virtual transport layer security on a virtual network to facilitate peer-to-peer communications. The system creates a first pipe that functions as a one-way input channel into a first peer. Next, the system associates a first peer identifier with the first pipe and advertises the availability of this first pipe. A second peer connects to this first pipe to communicate with the first peer. The system also creates a second pipe at the second peer, and a second peer identifier is associated with this second pipe. The first peer connects to this second pipe to communicate with the second peer. The first pipe and the second pipe form a virtual connection through which the first peer and the second peer can communicate securely.