Systems, methods, and software can be used for securing in-tunnel messages. One example of a method includes establishing a tunneling connection between a server and an endpoint. The method further includes receiving a packet from the server over the tunneling connection. The method yet further includes determining that the packet comprises a tunneling control message based on at least one address in the packet. Based on the determination of a received packet comprising a tunneling control message, the method can ensure the security of in-tunnel messages based on an indication in the tunneling control message.