diff --git a/Readme.md b/Readme.md
index 8e81ddfe..322a37df 100644
--- a/Readme.md
+++ b/Readme.md
@@ -107,8 +107,8 @@ poetry run python -m oonidata mkobs --clickhouse clickhouse://localhost/ --data-
 Here is the list of supported observations so far:
 * [x] WebObservation, which has information about DNS, TCP, TLS and HTTP(s)
 * [x] WebControlObservation, has the control measurements run by web connectivity (is used to generate ground truths)
-* [ ] CircumventionToolObservation, still needs to be designed and implemented
-  (ideally we would use the same for OpenVPN, Psiphon, VanillaTor)
+* [ ] TunnelObservation, still needs to be designed and implemented
+  (ideally we would use the same for OpenVPN, WireGuard, Psiphon, VanillaTor)
 
 ### Response body archiving
 
diff --git a/oonidata/src/oonidata/models/dataformats.py b/oonidata/src/oonidata/models/dataformats.py
index 0cc41b72..d55131b9 100644
--- a/oonidata/src/oonidata/models/dataformats.py
+++ b/oonidata/src/oonidata/models/dataformats.py
@@ -381,7 +381,7 @@ class OpenVPNHandshake(BaseModel):
     port: int
     transport: str
     provider: str
-    openvpn_options: Optional[dict] = None
+    openvpn_options: Optional[Dict[str, str]] = None
     status: OpenVPNConnectStatus
     t0: float
     t: float
diff --git a/oonidata/src/oonidata/models/observations.py b/oonidata/src/oonidata/models/observations.py
index 45fd8873..d4e86b07 100644
--- a/oonidata/src/oonidata/models/observations.py
+++ b/oonidata/src/oonidata/models/observations.py
@@ -397,3 +397,67 @@ class HTTPMiddleboxObservation(MeasurementMeta):
     hfm_diff: Optional[str] = None
     hfm_failure: Optional[str] = None
     hfm_success: Optional[bool] = None
+
+
+@add_slots
+@dataclass
+class OpenVPNHandshakeObservation:
+    timestamp: datetime
+
+    ip: str
+    port: int
+    transport: str
+
+    success: bool
+    failure: Failure
+
+    protocol: str
+    variant: Optional[str] = None
+
+    # TCP related observation
+    tcp_failure: Optional[Failure] = None
+    tcp_success: Optional[bool] = None
+    tcp_t: Optional[float] = None
+
+    # OpenVPN handshake observation
+    openvpn_handshake_failure: Optional[Failure] = None
+    openvpn_handshake_success: Optional[bool] = None
+    openvpn_handshake_t: Optional[float] = None
+
+    # timing info about the handshake packets
+    openvpn_handshake_hr_client_t: Optional[float] = None
+    openvpn_handshake_hr_server_t: Optional[float] = None
+    openvpn_handshake_clt_hello_t: Optional[float] = None
+    openvpn_handshake_srv_hello_t: Optional[float] = None
+    openvpn_handshake_key_exchg_n: Optional[int] = None
+    openvpn_handshake_got_keys__t: Optional[float] = None
+    openvpn_handshake_gen_keys__t: Optional[float] = None
+
+
+
+
+@add_slots
+@dataclass
+class TunnelEndpointObservation(MeasurementMeta):
+    __table_name__ = "obs_tunnel"
+    __table_index__ = ("measurement_uid", "observation_id", "measurement_start_time")
+
+    measurement_start_time: datetime
+
+    ip: str
+    port: int
+    transport: str
+
+    # definition of success will need to change when/if we're able to gather metrics
+    # through the tunnel.
+    success: bool
+    failure: Failure
+
+    protocol: str
+    family: str
+
+    # indicates obfuscation or modifications from the main protocol family.
+    variant: Optional[str] = None
+
+    # any metadata about the providers behind the endpoints.
+    provider: Optional[str] = None
\ No newline at end of file