Skip to content


A tunnel represents a private virtual connection established among two or more endpoints across a shared infrastructure by employing protocol encapsulation. Common encapsulation techniques include Generic Routing Encapsulation (GRE), IP-in-IP, and IPSec. NetBox supports modeling both peer-to-peer and hub-and-spoke tunnel topologies.

Device and virtual machine interfaces are associated to tunnels by creating tunnel terminations.



A unique name assigned to the tunnel for identification.


The operational status of the tunnel. By default, the following statuses are available:

  • Planned
  • Active
  • Disabled

Custom tunnel statuses

Additional tunnel statuses may be defined by setting Tunnel.status under the FIELD_CHOICES configuration parameter.


The administrative group to which this tunnel is assigned (optional).


The encapsulation protocol or technique employed to effect the tunnel. NetBox supports GRE, IP-in-IP, and IPSec encapsulations.

Tunnel ID

An optional numeric identifier for the tunnel.

IPSec Profile

For IPSec tunnels, this is the IPSec Profile employed to negotiate security associations.