Add additional tunnel encapsulation choices: PPTP, L2TP, EoIP, SSTP #10453

New Issue

Closed

opened 2025-12-29 21:31:41 +01:00 by adam · 4 comments

adam commented 2025-12-29 21:31:41 +01:00

Owner

Copy Link

Originally created by @jmcguir on GitHub (Nov 7, 2024).

Originally assigned to: @jmcguir on GitHub.

NetBox version

v4.1.4

Feature type

Change to existing functionality

Triage priority

I volunteer to perform this work (if approved)

Proposed functionality

I'd like to add PPTP, L2TP, and EoIP as Tunnel Encapsulation Choices. PPTP, and L2TP are standards based tunnel protocols while EoIP is a MikroTik proprietary protocol and SSTP is a Microsoft proprietary protocol.

PPTP: https://datatracker.ietf.org/doc/html/rfc2637
L2TP: https://datatracker.ietf.org/doc/html/rfc2661
EoIP: https://help.mikrotik.com/docs/spaces/ROS/pages/24805521/EoIP
SSTP: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/c50ed240-56f3-4309-8e0c-1644898f0ea8

As far as I can tell the only change here would be to add these fourto the choices.py here: https://github.com/netbox-community/netbox/blob/develop/netbox/vpn/choices.py

Use case

This lets users model more accurately their VPN tunnels. Right now the choices don't have an other so you have to use an incorrect Encapsulation choice.

Database changes

No response

External dependencies

No response

Originally created by @jmcguir on GitHub (Nov 7, 2024). Originally assigned to: @jmcguir on GitHub. ### NetBox version v4.1.4 ### Feature type Change to existing functionality ### Triage priority I volunteer to perform this work (if approved) ### Proposed functionality I'd like to add PPTP, L2TP, and EoIP as Tunnel Encapsulation Choices. PPTP, and L2TP are standards based tunnel protocols while EoIP is a MikroTik proprietary protocol and SSTP is a Microsoft proprietary protocol. PPTP: https://datatracker.ietf.org/doc/html/rfc2637 L2TP: https://datatracker.ietf.org/doc/html/rfc2661 EoIP: https://help.mikrotik.com/docs/spaces/ROS/pages/24805521/EoIP SSTP: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sstp/c50ed240-56f3-4309-8e0c-1644898f0ea8 As far as I can tell the only change here would be to add these fourto the choices.py here: https://github.com/netbox-community/netbox/blob/develop/netbox/vpn/choices.py ### Use case This lets users model more accurately their VPN tunnels. Right now the choices don't have an other so you have to use an incorrect Encapsulation choice. ### Database changes _No response_ ### External dependencies _No response_

adam added the status: acceptedtype: featurecomplexity: low labels 2025-12-29 21:31:41 +01:00

adam closed this issue 2025-12-29 21:31:41 +01:00

adam commented 2025-12-29 21:31:42 +01:00

Author

Owner

Copy Link

@chbally commented on GitHub (Nov 7, 2024):

Please also add WireGuard:
WireGuard: https://datatracker.ietf.org/doc/html/rfc8922#name-wireguard
and if possible OpenVPN:
OpenVPN: https://datatracker.ietf.org/doc/html/rfc8922#name-openvpn

I think even if is kind of IP in IP lots of people would appreciate these two protokolls in Netbox:
https://github.com/netbox-community/netbox/discussions/14683

@chbally commented on GitHub (Nov 7, 2024): Please also add WireGuard: WireGuard: https://datatracker.ietf.org/doc/html/rfc8922#name-wireguard and if possible OpenVPN: OpenVPN: https://datatracker.ietf.org/doc/html/rfc8922#name-openvpn I think even if is kind of IP in IP lots of people would appreciate these two protokolls in Netbox: https://github.com/netbox-community/netbox/discussions/14683

adam commented 2025-12-29 21:31:42 +01:00

Author

Owner

Copy Link

@jmcguir commented on GitHub (Nov 12, 2024):

If approved I'd be happy to add WireGuard and OpenVPN to a PR I'm willing to write.

@jmcguir commented on GitHub (Nov 12, 2024): If approved I'd be happy to add WireGuard and OpenVPN to a PR I'm willing to write.

adam commented 2025-12-29 21:31:43 +01:00

Author

Owner

Copy Link

@jeremystretch commented on GitHub (Dec 6, 2024):

Let's not turn this into a wishlist for every potential tunneling protocol.

L2TP is a standard protocol with its own IP protocol number (115); I see no issue adding this.

Likewise, PPTP is a standard protocol which runs atop GRE using TCP/1723. This also makes sense to add.

EoIP appears to be a vendor-proprietary implementation of GRE. From the documentation provided, I see no justification for declaring this as a discrete tunnel type.

As far as I'm aware, SSTP is employed for client access and does not support site-to-site VPN tunneling. If this is the case, it does not make sense IMO to add it as a site-to-site tunnel encapsulation type.

Wireguard is a relatively newer VPN technology that utilizes multiple UDP ports beginning at 51820. As noted here we need to be careful not to imply that this change implements support for the configuration of Wireguard VPNs, but I have no issue with adding it as an encapsulation option.

Likewise, OpenVPN is a complete VPN solution; we can add it as a tunnel encapsulation option provided the scope of this change does not seek to implement support for specific configuration options.

To summarize, I believe this PR should be limited to adding the following tunnel encapsulation choices:

• L2TP
• PPTP
• Wireguard
• OpenVPN

@jeremystretch commented on GitHub (Dec 6, 2024): Let's not turn this into a wishlist for every potential tunneling protocol. L2TP is a standard protocol with its own IP protocol number (115); I see no issue adding this. Likewise, PPTP is a standard protocol which runs atop GRE using TCP/1723. This also makes sense to add. EoIP appears to be a vendor-proprietary implementation of GRE. From the documentation provided, I see no justification for declaring this as a discrete tunnel type. As far as I'm aware, SSTP is employed for client access and does not support site-to-site VPN tunneling. If this is the case, it does not make sense IMO to add it as a site-to-site tunnel encapsulation type. Wireguard is a relatively newer VPN technology that utilizes multiple UDP ports beginning at 51820. As noted [here](https://github.com/netbox-community/netbox/pull/18097#issuecomment-2507635866) we need to be careful not to imply that this change implements support for the _configuration_ of Wireguard VPNs, but I have no issue with adding it as an encapsulation option. Likewise, OpenVPN is a complete VPN solution; we can add it as a tunnel encapsulation option provided the scope of this change does not seek to implement support for specific configuration options. To summarize, I believe this PR should be limited to adding the following tunnel encapsulation choices: * L2TP * PPTP * Wireguard * OpenVPN

adam commented 2025-12-29 21:31:43 +01:00

Author

Owner

Copy Link

@jmcguir commented on GitHub (Dec 6, 2024):

Thanks for your input Jeremy. I'll revise my PR with this feedback.

@jmcguir commented on GitHub (Dec 6, 2024): Thanks for your input Jeremy. I'll revise my PR with this feedback.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

21102-fix-graphiql-explorer

update-changelog-comments-docs

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

v4.5.0

v4.4.10

v4.4.9

v4.5.0-beta1

v4.4.8

v4.4.7

v4.4.6

v4.4.5

v4.4.4

v4.4.3

v4.4.2

v4.4.1

v4.4.0

v4.3.7

v4.4.0-beta1

v4.3.6

v4.3.5

v4.3.4

v4.3.3

v4.3.2

v4.3.1

v4.3.0

v4.2.9

v4.3.0-beta2

v4.2.8

v4.3.0-beta1

v4.2.7

v4.2.6

v4.2.5

v4.2.4

v4.2.3

v4.2.2

v4.2.1

v4.2.0

v4.1.11

v4.1.10

v4.1.9

v4.1.8

v4.2-beta1

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.11

v4.0.10

v4.0.9

v4.1-beta1

v4.0.8

v4.0.7

v4.0.6

v4.0.5

v4.0.3

v4.0.2

v4.0.1

v4.0.0

v3.7.8

v3.7.7

v4.0-beta2

v3.7.6

v3.7.5

v4.0-beta1

v3.7.4

v3.7.3

v3.7.2

v3.7.1

v3.7.0

v3.6.9

v3.6.8

v3.6.7

v3.7-beta1

v3.6.6

v3.6.5

v3.6.4

v3.6.3

v3.6.2

v3.6.1

v3.6.0

v3.5.9

v3.6-beta2

v3.5.8

v3.6-beta1

v3.5.7

v3.5.6

v3.5.5

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.10

v3.4.9

v3.5-beta2

v3.4.8

v3.5-beta1

v3.4.7

v3.4.6

v3.4.5

v3.4.4

v3.4.3

v3.4.2

v3.4.1

v3.4.0

v3.3.10

v3.3.9

v3.4-beta1

v3.3.8

v3.3.7

v3.3.6

v3.3.5

v3.3.4

v3.3.3

v3.3.2

v3.3.1

v3.3.0

v3.2.9

v3.2.8

v3.3-beta2

v3.2.7

v3.3-beta1

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.11

v3.1.10

v3.2-beta2

v3.1.9

v3.2-beta1

v3.1.8

v3.1.7

v3.1.6

v3.1.5

v3.1.4

v3.1.3

v3.1.2

v3.1.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.1-beta1

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.12

v3.0-beta2

v2.11.11

v2.11.10

v3.0-beta1

v2.11.9

v2.11.8

v2.11.7

v2.11.6

v2.11.5

v2.11.4

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.10

v2.10.9

v2.11-beta1

v2.10.8

v2.10.7

v2.10.6

v2.10.5

v2.10.4

v2.10.3

v2.10.2

v2.10.1

v2.10.0

v2.9.11

v2.10-beta2

v2.9.10

v2.10-beta1

v2.9.9

v2.9.8

v2.9.7

v2.9.6

v2.9.5

v2.9.4

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.9-beta2

v2.8.9

v2.9-beta1

v2.8.8

v2.8.7

v2.8.6

v2.8.5

v2.8.4

v2.8.3

v2.8.2

v2.8.1

v2.8.0

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.7

v2.7.6

v2.7.5

v2.7.4

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.12

v2.6.11

v2.6.10

v2.6.9

v2.7-beta1

Solcon-2020-01-06

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.13

v2.5.12

v2.6-beta1

v2.5.11

v2.5.10

v2.5.9

v2.5.8

v2.5.7

v2.5.6

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.9

v2.5-beta2

v2.4.8

v2.5-beta1

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.7

v2.4-beta1

v2.3.6

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.10

v2.3-beta2

v2.2.9

v2.3-beta1

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.6

v2.2-beta2

v2.1.5

v2.2-beta1

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.10

v2.1-beta1

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v2.0-beta3

v1.9.6

v1.9.5

v2.0-beta2

v1.9.4-r1

v1.9.3

v2.0-beta1

v1.9.2

v1.9.1

v1.9.0-r1

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.3

v1.7.2-r1

v1.7.1

v1.7.0

v1.6.3

v1.6.2-r1

v1.6.1-r1

1.6.1

v1.6.0

v1.5.2

v1.5.1

v1.5.0

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.7-r1

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3-r1

v1.0.3

1.0.0

Labels

Clear labels

beta

breaking change

complexity: high

complexity: low

complexity: medium

needs milestone

netbox

pending closure

plugin candidate

pull-request

Mirrored from GitHub Pull Request

severity: high

severity: low

severity: medium

status: accepted

status: backlog

status: blocked

status: duplicate

status: needs owner

status: needs triage

status: revisions needed

status: under review

topic: GraphQL

topic: Internationalization

topic: OpenAPI

topic: UI/UX

topic: cabling

topic: event rules

topic: htmx navigation

topic: industrialization

topic: migrations

topic: plugins

topic: scripts

topic: templating

topic: testing

type: bug

type: deprecation

type: documentation

type: feature

type: housekeeping

type: translation

No Label complexity: low status: accepted type: feature

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#10453