VPN tunnels¶
VPN tunnels are where you record the encrypted links between sites or peers — the tunnel itself, the groups that organize tunnels, and reusable crypto profiles you can share across many tunnels.
You build it in three layers: tunnel groups (how you organize tunnels), IPSec profiles (reusable crypto settings), and the tunnels themselves.
Add a tunnel group¶
A group bundles related tunnels together — for example by region, customer, or purpose.
- Open VPN → Tunnel groups in the sidebar and click Add group.
- Give it a name and a slug (a short URL-friendly identifier).
- Optionally add a description.
- Save.
Add an IPSec profile¶
An IPSec profile captures a set of crypto settings once so you can reuse it on every tunnel that shares that policy — no retyping the same parameters.
- Open VPN → IPSec profiles and click Add IPSec profile.
- Give it a name.
- Fill in the crypto parameters:
| Field | What it records |
|---|---|
| IKE version | 1 or 2. |
| Encryption | the encryption algorithm. |
| Authentication | the authentication/hashing algorithm. |
| DH group | the Diffie-Hellman group for key exchange. |
| PFS group | the Perfect Forward Secrecy group (optional). |
| SA lifetime | how long a security association stays valid. |
- Save.
Nothing is pre-filled
Danbyte ships no sample groups, profiles, or tunnels — you create exactly the ones your network uses.
Add a tunnel¶
- Open VPN → Tunnels and click Add tunnel.
- Give it a name (must be unique).
- Pick the encapsulation — IPSec (tunnel or transport), GRE, IP-in-IP, or WireGuard.
- Set a status and, optionally, a tunnel ID.
- Optionally put it in a group. For IPSec encapsulations, you can also pick an IPSec profile — that field only appears when the encapsulation is IPSec.
- Save.
Terminate a tunnel¶
A tunnel is inert until its ends are bound. Each termination attaches one end of the tunnel to a device interface or a VM interface (exactly one), with:
- a role — peer (point-to-point), or hub / spoke for hub-and-spoke topologies;
-
an optional outside IP — the underlay / public address the tunnel rides on. The tunnel's inside addresses attach to the terminating interface the normal way.
-
Open the tunnel's detail page → Terminations tab.
- Add termination, pick the device (or VM) and its interface, set the role, and optionally the outside IP.
A point-to-point tunnel has two peer terminations; a hub-and-spoke design has one hub and many spokes.
Tunnel status¶
| Status | Meaning |
|---|---|
| Planned | Designed but not yet built. |
| Active | Up and carrying traffic. |
| Disabled | Configured but turned off. |
Groups and profiles in use can't be deleted
If a group or IPSec profile still has tunnels attached, Danbyte blocks the delete. Reassign or remove those tunnels first.
L2VPN overlays¶
Alongside point-to-point tunnels, Danbyte models L2VPNs — layer-2 overlay services such as EVPN, VXLAN, VPWS, and VPLS. An L2VPN records the overlay itself; terminations attach it to the VLANs and interfaces that carry it.
Add an L2VPN¶
- Open VPN → L2VPNs and click Add L2VPN.
- Fill in the form:
| Field | What it records |
|---|---|
| Name and slug | A label and a URL-friendly identifier (slug unique per tenant). |
| Type | The overlay technology — VXLAN, VXLAN-EVPN, MPLS-EVPN, PBB-EVPN, VPWS, VPLS, EPL, EVPL, SPB, or TRILL. |
| Identifier | The overlay identifier — a VNI or VC-ID (optional). |
| Status | Your own status catalog, same as elsewhere. |
| Import / export route targets | BGP route targets, picked from your existing route targets. |
- Save.
Terminate an L2VPN¶
Like a tunnel, an L2VPN is inert until it's attached to something. Each termination binds it to exactly one endpoint — a VLAN, a device interface, or a VM interface — from the L2VPN's detail page.
- An endpoint can terminate at most one L2VPN — Danbyte blocks a second.
- Point-to-point types (VPWS, EPL, EVPL) typically get two terminations; multipoint types (VPLS, the EVPN family) get as many as the overlay spans.
Tags & custom fields¶
Need to track something extra — a peer IP, a pre-shared-key reference, a contract ID? Add a custom field for tunnels (or L2VPNs) and it appears on every form. See Tags & custom fields.