# Connect Securely with VPNs

The VPN section enables secure remote connectivity between devices and users through encrypted tunnels. Atra RMS VPN supports both peer-to-peer and peer-to-site connections for secure access to remote devices and networks.

# View VPN Tunnels

The main VPN interface displays all VPN tunnels under your management.

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/jLUimage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/jLUimage.png)

#### Interface Actions (Top Bar)

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/w0himage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/w0himage.png)

<div align="left" dir="ltr" id="bkmrk-action-location-purp"><table border="1"><colgroup><col width="164"></col><col width="119"></col><col width="341"></col></colgroup><thead><tr><td>Action

</td><td>Location

</td><td>Purpose

</td></tr></thead><tbody><tr><td>+CREATE Button

</td><td>Primary action area (Left)

</td><td>Click to navigate to the VPN tunnel creation form and establish a new tunnel.

</td></tr><tr><td>Refresh Button

</td><td>Primary action area(Right)

</td><td>Manually update tunnel list (also auto-refreshes every 5 seconds)

</td></tr><tr><td>Search Bar

</td><td>Search area(Right)

</td><td>Filter by tunnel name, organization or creator

</td></tr><tr><td>Filter

</td><td>Primary action area (Right)

</td><td>Filter by Creator,Organization Name and Process Status(Running/Exited)

</td></tr></tbody></table>

</div>#### Column Definitions

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/bycimage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/bycimage.png)

<div align="left" dir="ltr" id="bkmrk-column-description-v"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="150"></col><col width="286"></col><col width="188"></col></colgroup><thead><tr><td>Column

</td><td>Description

</td><td>Values

</td></tr></thead><tbody><tr><td>Tunnel Name

</td><td>Custom name assigned during creation (click to open VPN Tunnel Overview page)

</td><td>Production\_Tunnel, Office\_VPN

</td></tr><tr><td>Process

</td><td>Indicates the operational state of the

VPN server process.

</td><td>Running, Exited

</td></tr><tr><td>Tunnel Status

</td><td>Management/activity state

</td><td>Enabled, Disabled

</td></tr><tr><td>Users

</td><td>Count of users allocated to tunnel

</td><td>10

</td></tr><tr><td>Devices

</td><td>Count of devices allocated to tunnel

</td><td>5

</td></tr><tr><td>Allocated Clients

</td><td>Total users + devices in tunnel  
(Max:253 Clients allowed)

</td><td>15

</td></tr><tr><td>Organization Name &amp; Level

</td><td>name of the organization and its level under which the tunnel was created or assigned

</td><td>ATREYO Level-1

</td></tr><tr><td>Created By

</td><td>Username who created tunnel

</td><td>admin@company.com

</td></tr><tr><td>Created At

</td><td>Date/time of tunnel creation

</td><td>Dec 28, 2025, 9:30 AM

</td></tr></tbody></table>

</div>---

#### Understanding VPN States

##### Process State

The Process indicates the VPN server operational state.

<div align="left" dir="ltr" id="bkmrk-state-meaning-user%2Fd"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="75"></col><col width="187"></col><col width="312"></col></colgroup><thead><tr><td>State

</td><td>Meaning

</td><td>User/Device Impact

</td></tr></thead><tbody><tr><td>Running

</td><td>VPN tunnel is active

</td><td>✅ Users and devices CAN connect securely  
❌Users and devices CANNOT be added.

</td></tr><tr><td>Exited

</td><td>VPN tunnel is inactive

</td><td>❌ Users and devices CANNOT connect.  
✅Users and devices CAN be added.

</td></tr></tbody></table>

</div>Common Causes of "Exited":

- Administrator manually stopped the process
- Tunnel was disabled (automatically stops process)
- Inactivity timeout (no connections for extended period)
- Technical error or crash (rare)

💡 Troubleshooting: If process shows "Exited" unexpectedly, check Tunnel Status. If "Disabled", enable it. If "Enabled", manually start the process.

---

##### Tunnel Status

The Tunnel Status determines management capabilities.

<div align="left" dir="ltr" id="bkmrk-status-meaning-what-"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="83"></col><col width="226"></col><col width="315"></col></colgroup><thead><tr><td>Status

</td><td>Meaning

</td><td>What You Can Do

</td></tr></thead><tbody><tr><td>Enabled

</td><td>Tunnel is active and fully manageable

</td><td>✅ Start/Stop process  
✅ Add/remove users/devices  
✅ Edit tunnel name  
✅ View tunnel details

</td></tr><tr><td>Disabled

</td><td>Tunnel is inactive and locked down

</td><td>❌ Cannot start process  
❌ Cannot add/remove users/devices  
❌ Cannot edit tunnel  
✅ Can view details  
✅ Can delete tunnel

</td></tr></tbody></table>

</div>**When to Disable:**

- Temporarily suspend VPN access without deleting tunnel
- Maintenance period requiring no connections
- Security incident requiring immediate access cutoff
- Preparing tunnel for deletion

**Effect of Disabling:**

- Process automatically stops (becomes "Exited")
- All connected users/devices are disconnected
- No new connections possible until re-enable

---

#### Auto-Refresh Feature

🔄 **Automatic Update**: The VPN tunnel table refreshes every 5 seconds to show real-time status.

**Benefits:**

- Monitor process state changes automatically
- See when users/devices connect or disconnect
- Immediate visibility into tunnel health

**Manual Override:**

- Click Refresh button for immediate update

---

#### Table Navigation

<div align="left" dir="ltr" id="bkmrk-control-purpose-opti"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="127"></col><col width="155"></col><col width="208"></col></colgroup><thead><tr><td>Control

</td><td>Purpose

</td><td>Options

</td></tr></thead><tbody><tr><td>Rows per page

</td><td>Adjust visible tunnels

</td><td>5, 10, 15, 20,25

</td></tr><tr><td>Total Count

</td><td>Display total tunnels

</td><td>"Showing 1-5 of 25"

</td></tr><tr><td>Page Navigation

</td><td>Move between pages

</td><td>Previous, Next, Last, First

</td></tr></tbody></table>

</div>---


**What is Atra RMS VPN?**

- Secure Virtual Private Network service
- Encrypted tunnels connecting users and devices
- Remote access to devices and their local networks
- Built on OpenVPN protocol for enterprise-grade security

**Use Cases:**

- **Remote Device Access:** Connect to IIoT gateways from anywhere
- **Network Access:** Access devices on remote local networks
- **Secure Connectivity:** Encrypted communication for sensitive data
- **Troubleshooting:** Remote diagnostics without site visits

<div align="left" dir="ltr" id="bkmrk--12"></div>

# VPN Tunnel Creation Guide

Create a new VPN tunnel to enable secure remote access for users and devices.

#### Prerequisites

**Before creating VPN tunnel:**

✅ You have **"VPN Create"** permission  
✅ You have **"Devices View"** permission (required dependency)  
✅ You understand which devices/users need VPN access  
✅ You know the network topology (especially for network forwarding decisions)

---

#### Step 1: Navigate to Creation Form

1. Click **"VPN"** in left sidebar menu
2. Click **"+CREATE"** button (teal, top-left)
3. **VPN Tunnel** creation form loads

---

#### Step 2: Complete Tunnel Form

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/By4image.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/By4image.png)

##### Tunnel Name (Required)

**Naming Conventions:**

- **Length:** 3-50 characters
- **Allowed:** Letters, numbers, spaces, hyphens (-), underscores (\_)
- **Not allowed at start/end:** Hyphen, underscore
- No consecutive special characters

**Examples:**

- ✅ Production Tunnel 01
- ✅ Office\_VPN
- ✅ Remote-Access-Main
- ❌ \_Tunnel (starts with underscore)
- ❌ VPN--Tunnel (consecutive hyphens)

💡 **Naming Best Practices:**

- Indicate purpose: "Production", "Development", "Support"
- Include location if relevant: "Mumbai\_Office\_VPN"
- Use consistent naming: "Site\_Function\_Number"

---

##### Organization (Required)

Select the organization where the tunnel will be created.

**Dropdown Options:**

- Your current organization
- Child organizations under your management

**Important:**

- Only devices/users from selected organization (and its children) can be added
- Cannot add devices/users from parent organizations

---

#### Step 3: Review and Create

Before submitting, review:

✅ Tunnel name is descriptive  
✅ Correct organization selected

Form Actions:

<div align="left" dir="ltr" id="bkmrk-button-color-action-"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="81"></col><col width="95"></col><col width="220"></col></colgroup><thead><tr><td>Button

</td><td>Color

</td><td>Action

</td></tr></thead><tbody><tr><td>CREATE

</td><td>Teal

</td><td>Create tunnel and add to Atra RMS

</td></tr><tr><td>RESET

</td><td>Teal outline

</td><td>Clear all form fields

</td></tr><tr><td>CLOSE

</td><td>Red outline

</td><td>Cancel and return to VPN List

</td></tr></tbody></table>

</div>---

#### After Creation

Immediate Effects:

1. New tunnel appears in VPN Tunnel List
2. Tunnel Status: Disabled
3. Process State: Exited (not running yet)

Next Steps:

1. Start the VPN Process (see Tunnel Overview page)
2. Add devices and users to tunnel
3. Users download VPN client (if not already installed)
4. Users connect via VPN Desktop Application

# Manage and View VPN Tunnel Profiles

The Tunnel Overview page is your control center for managing an individual VPN tunnel, its process, and its connected clients.

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/3f7image.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/3f7image.png)

**Accessing Tunnel Overview**

1. Navigate to VPN section
2. Locate tunnel in VPN Tunnel List
3. Click Tunnel Name (blue/underlined link)
4. Tunnel Overview page opens

---

**Page Layout**

**Two-Panel Design:**

**Left Panel:** Tunnel details, status, and management actions  
**Right Panel:** Client management tabs (Devices and Users)

---

### Left Panel: Tunnel Details &amp; Actions

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/BWeimage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/BWeimage.png)


##### Core Status Information

<div align="left" dir="ltr" id="bkmrk-field-description-ex"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="130"></col><col width="208"></col><col width="219"></col></colgroup><thead><tr><td>Field

</td><td>Description

</td><td>Example

</td></tr></thead><tbody><tr><td>Name of Tunnel

</td><td>Custom tunnel identifier

</td><td>Production\_Tunnel\_01

</td></tr><tr><td>Status of Process

</td><td>Current VPN server state

</td><td>Running, Not-Running (Exited)

</td></tr><tr><td>VPN IP

</td><td>Gateway IP address for tunnel

</td><td>10.8.0.1

</td></tr></tbody></table>

</div>**VPN IP Significance:**

- All traffic for this tunnel routes through this IP
- First IP in tunnel's subnet
- Cannot be modified

---

##### Client Information

<div align="left" dir="ltr" id="bkmrk-field-description-li"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="141"></col><col width="279"></col><col width="204"></col></colgroup><thead><tr><td>Field

</td><td>Description

</td><td>Limit

</td></tr></thead><tbody><tr><td>Number of Users

</td><td>Total users allocated to tunnel

</td><td>No specific limit (within Max)

</td></tr><tr><td>Number of Devices

</td><td>Total devices allocated to tunnel

</td><td>No specific limit (within Max)

</td></tr><tr><td>Allocated Clients

</td><td>Sum of users + devices currently in tunnel

</td><td>Max 253

</td></tr><tr><td>Remaining Clients

</td><td>Available slots for additional users/devices

</td><td>253 - Allocated

</td></tr><tr><td>Max

</td><td>Absolute maximum clients supported

</td><td>253 (fixed)

</td></tr></tbody></table>

</div>**Example Calculation:**

**Users:** 10

**Devices:** 5

**Allocated Clients:** 15

**Remaining Clients:** 253 - 15 = 238

---

##### Tunnel Metadata

<div align="left" dir="ltr" id="bkmrk-field-information-cr"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="106"></col><col width="282"></col></colgroup><thead><tr><td>Field

</td><td>Information

</td></tr></thead><tbody><tr><td>Created By

</td><td>Username who created tunnel + date/time

</td></tr><tr><td>Organization

</td><td>Org name and level where tunnel exists

</td></tr></tbody></table>

</div>---

#### Management Actions

Three action buttons control tunnel operation:

##### Start/Stop Button

Purpose: Manually control VPN tunnel process

When Process is **"Exited"**:

- Button shows: START
- Click to start VPN process
- Process changes to "Running"
- Users/devices can now connect

When Process is **"Running"**:

- Button shows: STOP
- Click to stop VPN process
- Process changes to "Exited"
- All connections immediately drop

⚠️ Important: Stopping process disconnects all active users/devices immediately. Use during maintenance windows only.

💡 Use Case for Stopping: If you need to add/remove devices or users and process is running, you CAN do so. However, stopping first ensures clean state management.

---

##### Enable/Disable Button

**Purpose:** Control tunnel's manageability and activity

When Status is **"Enabled":**

- Button shows: DISABLE
- Click to disable tunnel
- Effect:
- Tunnel Status → Disabled
- Process automatically stops (→ Exited)
- All connections drop
- Cannot start process until re-enabled
- Cannot add/remove users/devices until re-enabled


When Status is **"Disabled"**:

- Button shows: ENABLE
- Click to enable tunnel
- Effect:
- Tunnel Status → Enabled
- Process remains stopped (must manually start)
- Can now manage users/devices
- Can start process when ready


⚠️ Critical Warning: If tunnel is Running and you click Disable:

1. Process automatically stops
2. All active connections immediately terminate
3. Users may lose work or# Atra RMS - User Guide

---

##### Delete Button

**Purpose:** Permanently remove tunnel from system

**Important Restrictions:**

⚠️ Cannot delete Enabled tunnel

- Delete button is disabled (grayed out) when Tunnel Status = Enabled
- Must first click Disable button
- Then Delete button becomes active

**Deletion Process:**

1. Ensure tunnel is Disabled
2. Click DELETE button
3. Confirmation dialog appears
4. Click CONFIRM to permanently delete
5. Tunnel and all its configuration removed

**What Gets Deleted:**

- Tunnel configuration
- User/device associations
- Process state
- Historical connection logs (may be retained for audit)

**What's NOT Affected:**

- Devices remain in system (not deleted)
- Users remain in system (not deleted)
- Other tunnels unaffected

⚠️ Deletion is Permanent: Cannot be undone. Must recreate the tunnel from scratch if needed again.

---

##### Refresh Button

Location: Top-right corner of Left Panel

Purpose: Manually update displayed information

When to Use:

- After starting/stopping process (verify state change)
- After adding/removing devices/users
- To check current connection status
- When expecting status change

💡 Note: Page auto-refreshes periodically, but manual refresh ensures immediate update.

---

### Right Panel: Client Management Tabs

The right panel manages users and devices associated with the tunnel through two tabs.

**Tab 1: Devices**  
**Tab 2: Users**

Both tabs have an **"Add"** button in the top-right corner of the tab header.

---

#### Tab 1: Devices

Displays all devices allocated to this VPN tunnel with their network configuration.

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/I6aimage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/I6aimage.png)

##### Adding Devices

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/ySGimage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/ySGimage.png)

**To Add Devices:**

1. Click **"Add Devices"** button
2. Device selection dialog opens
3. Select devices from list (checkbox for each)
4. Configure Network Forwarding for each device
5. Click Add to confirm

---

**Available Devices:**

- All devices from tunnel's organization
- Devices from child organizations

**Limit Check**: System prevents adding devices if it would exceed 253 total clients (users + devices).

---


##### Network Forwarding Setting

Critical Decision: For each device added, choose Network Forwarding state.

<div align="left" dir="ltr" id="bkmrk-state-effect-use-whe"><table border="1"><colgroup><col width="78"></col><col width="268"></col><col width="278"></col></colgroup><thead><tr><td>State

</td><td>Effect

</td><td>Use When

</td></tr></thead><tbody><tr><td>Enabled

</td><td>VPN users can access the device AND other devices on its local network

</td><td>Need to reach PLCs, sensors, or computers on device's LAN

</td></tr><tr><td>Disabled

</td><td>VPN users can ONLY access this specific device

</td><td>Only need device itself, not its local network (security/isolation)

</td></tr></tbody></table>

</div>**Example Scenarios:**

**Scenario 1: Factory with PLC Network**

- Device: IIoT Gateway in factory
- Local Network: 10 PLCs on 192.168.10.x
- Network Forwarding: ENABLED
- Result: VPN users can connect to gateway AND all 10 PLCs

**Scenario 2: Remote Sensor**

- Device: Standalone temperature sensor gateway
- Local Network: None (device only)
- Network Forwarding: DISABLED
- Result: VPN users can only access sensor gateway itself

💡 Security Best Practice: Enable Network Forwarding only when necessary. Disabled provides better isolation and security.

---

##### Devices Table Columns

<div align="left" dir="ltr" id="bkmrk-column-description-d"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="145"></col><col width="223"></col><col width="256"></col></colgroup><thead><tr><td>Column

</td><td>Description

</td><td>Details

</td></tr></thead><tbody><tr><td>Device

</td><td>Device Name, Model, and Status

</td><td>Status shows Online/Offline with timestamp

</td></tr><tr><td>Local IP

</td><td>Device's IP on its physical LAN/WAN

</td><td>Example: 192.168.1.50

</td></tr><tr><td>VPN IP

</td><td>Unique IP assigned by tunnel

</td><td>Example: 10.8.0.10

</td></tr><tr><td>Network Forwarding

</td><td>Access to device's local network

</td><td>Enabled or Disabled (toggle switch)

</td></tr></tbody></table>

</div>---

##### Device Name Link

The Device Name is a clickable link.

**Action:** Click device name  
**Result:** Opens Device Detail Page in new browser tab  
**Use Case:** Quick access to device monitoring without leaving VPN page

---

##### Local IP vs VPN IP

**Local IP:**

- IP address on device's physical network
- Example: 192.168.1.50 (factory LAN)
- Used for communication within local site
- Not accessible from internet

**VPN IP:**

- IP assigned when device added to tunnel
- Example: 10.8.0.10
- Unique within this tunnel
- Used for VPN communication
- How users connect to device through VPN

##### Connection Flow:

**User's Computer (10.8.0.25)**

 **↓ VPN Tunnel**

**VPN Gateway (10.8.0.1)**

 **↓Device VPN IP (10.8.0.10)**

 **↓ If Network Forwarding Enabled**

**Device's Local Network (192.168.1.x)**

---

##### Network Forwarding Toggle

**Enabled State:**

- Toggle switch: ON (green)
- Effect: VPN users can access device AND its local network
- Routing: Traffic forwarded through device to local network
- Access: Can reach 192.168.1.x devices (if device is on that network)

**Disabled State:**

- Toggle switch: OFF (gray)
- Effect: VPN users can ONLY access this specific device
- Routing: No traffic forwarding to local network
- Access: Can only reach device's VPN IP (10.8.0.10)

**Changing Setting:**

1. Click toggle switch
2. State changes immediately (Enabled ↔ Disabled)
3. Effect applies to all connected users

⚠️ Live Changes: You can toggle Network Forwarding while tunnel is running. Changes apply immediately without restarting the process.

---

##### Removing Devices

To Remove Device from Tunnel:

1. Locate device in table
2. Click Remove button (red, right side of row)
3. Confirmation dialog appears
4. Click CONFIRM to remove device
5. Device disappears from tunnel (but remains in system)

Effects:

- Device's VPN IP deallocated
- Allocated Clients count decreases
- Remaining Clients increases
- Device can be re-added later with different VPN IP

---

#### Tab 2: Users

Displays all users allocated to this VPN tunnel.

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/Hkfimage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/Hkfimage.png)

##### Adding Users

[![image.png](https://docs.atreyo.in/uploads/images/gallery/2026-04/scaled-1680-/T7simage.png)](https://docs.atreyo.in/uploads/images/gallery/2026-04/T7simage.png)

  
To Add Users:

1. Click **"Add Users"** button
2. User selection dialog opens
3. Select users from list (checkbox for each)
4. Click **Add User** to confirm

Available Users:

- All users from selected organization
- Users from child organizations (if any)

---

Available Users:

- All users from tunnel's organization
- Users from child organizations

Limit Check: System prevents adding users if it would exceed 253 total clients (users + devices).

---

##### Users Table Columns

\[INSERT SCREENSHOT: Users\_Table\_Columns.png\]

<div align="left" dir="ltr" id="bkmrk-column-description-e"><table border="1" style="border-collapse: collapse; border-style: solid;"><colgroup><col width="150"></col><col width="184"></col><col width="185"></col></colgroup><thead><tr><td>Column

</td><td>Description

</td><td>Example

</td></tr></thead><tbody><tr><td>Name

</td><td>User's full name

</td><td>Jane Doe, Rajesh Kumar

</td></tr><tr><td>User VPN IP

</td><td>Unique IP assigned to user

</td><td>10.8.0.25

  
</td></tr><tr><td>Status

</td><td>Shows whether the user is connected to the tunnel in the ATRA VPN client.

</td><td>Connected/Disconnected

</td></tr><tr><td>Organization Name

</td><td>User's organization

</td><td>ATREYO Level-1

</td></tr><tr><td>Email

</td><td>User's login email

</td><td>jane.doe@company.com

</td></tr></tbody></table>

</div>---

##### User VPN IP Assignment

How It Works:

- Each user gets unique VPN IP when added to tunnel
- IP automatically assigned from tunnel's subnet
- Format: 10.8.0.x (where x = 2-254)
- IP remains consistent until user removed

Usage:

- User's VPN Desktop Application connects using this IP
- Other users/devices can reach this user via this IP
- Used for logging and access control

---

##### Removing Users

To Remove User from Tunnel:

1. Locate user in table
2. Click Remove button (red, right side of row)
3. Confirmation dialog appears
4. Click CONFIRM to remove user
5. User disappears from tunnel (but remains in system)

Effects:

- User's VPN IP deallocated
- Allocated Clients count decreases
- Remaining Clients increases
- User's VPN client disconnects (if currently connected)
- User cannot reconnect to this tunnel
- User can be re-added later with different VPN IP

⚠️ Active Connections: Removing user while they're connected immediately terminates their VPN session. Warn users before removal.

# VPN Tunnel Workflow Examples

#### Example 1: Creating Production Tunnel

Scenario: Factory needs VPN access to 5 gateways and 10 users

Steps:

1. Navigate to VPN → Click CREATE
2. Name: "Factory\_Production\_VPN"
3. Organization: "Manufacturing Plant A"
4. Add 5 devices:

- Gateway\_A (Network Forwarding: ENABLED - has PLCs on LAN)
- Gateway\_B (Network Forwarding: ENABLED - has sensors on LAN)
- Gateway\_C (Network Forwarding: DISABLED - standalone)
- Gateway\_D (Network Forwarding: ENABLED - has HMI on LAN)
- Gateway\_E (Network Forwarding: DISABLED - standalone)
- Add 10 users (engineers and managers)
- Click CREATE
- Navigate to Tunnel Overview page
- Click START button (process begins running)
- Notify users to download VPN client and connect

Result: 15 allocated clients (5 devices + 10 users), 238 remaining slots

---

#### Example 2: Maintenance Procedure

Scenario: Need to add 2 new devices during maintenance window

Steps:

1. Navigate to tunnel Overview page
2. Click STOP button (stop process cleanly)
3. Wait for "Not-Running" status
4. Go to Devices tab
5. Click Add button
6. Select 2 new devices
7. Configure Network Forwarding
8. Click ADD
9. Verify devices appear in table
10. Click START button (restart process)
11. Test connections with VPN client

Result: Clean device addition without disrupting other connections

---

#### Example 3: Emergency Disable

Scenario: Security incident requires immediate VPN shutdown

Steps:

1. Navigate to tunnel Overview page
2. Click DISABLE button
3. Confirm action
4. Immediate Effect:

- Tunnel Status → Disabled
- Process → Exited
- All users disconnected
- No new connections possible
- Investigate security issue
- When resolved:

- Click ENABLE button
- Click START button
- Notify users to reconnect

Result: Complete VPN access shutdown in seconds

---

 **---⚠️ Critical Warning: If tunnel is Running and you click Disable:**

1. Process automatically stops
2. All active connections immediately terminate
3. Users may lose work or experience disruption
4. Use only during maintenance windows or emergencies

Common Use Cases:

- Temporary Suspension: Disable tunnel during security incident
- Maintenance: Disable before major configuration changes
- Preparation for Deletion: Must disable before deleting tunnel