Dynamic Multipoint Virtual Private Network

Dynamic Multipoint Virtual Private Network (DMVPN)^[1] is a dynamic tunneling form of a virtual private network (VPN) supported on Cisco IOS-based routers, and Huawei AR G3 routers,^[2] and on Unix-like operating systems.

Process

DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including

ISAKMP (Internet Security Association and Key Management Protocol) peers.^[3] DMVPN is initially configured to build out a hub-and-spoke network by statically configuring the hubs (VPN headends) on the spokes, no change in the configuration on the hub is required to accept new spokes. Using this initial hub-and-spoke network, tunnels between spokes can be dynamically built on demand (dynamic-mesh) without additional configuration on the hubs or spokes.^{[citation needed}

] This dynamic-mesh capability alleviates the need for any load on the hub to route data between the spoke networks.

Technologies

RFC 2332

RFC 1701
, or multipoint GRE if spoke-to-spoke tunnels are desired

An IP-based routing protocol,
RIPv2, BGP or ODR (DMVPN hub-and-spoke only).^[4]

encrypted

per the policy configured (IPsec transform set)

Internal routing

EIGRP and BGP allow a higher number of supported spokes per hub.^[5]

Encryption

As with GRE tunnels, DMVPN allows for several encryption schemes (including none) for the encryption of data traversing the tunnels. For security reasons Cisco recommend that customers use AES.^[6]

Phases

DMVPN has three phases that route data differently.

Phase 1: All traffic flows from spokes to and through the hub.
Phase 2: Start with Phase 1 then allows spoke-to-spoke tunnels based on demand and triggers.
Phase 3: Starts with Phase 1 and improves scalability of and has fewer restrictions than Phase 2.

References

^ Cisco engineers. "Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)". Cisco. Cisco. Retrieved 24 September 2017.
^ Huawei DSVPN Configuration
ISSN 1742-6596
.

^ DMVPN Design Guide: Using a Routing Protocol Across the VPN

^ DMVPN Design Guide: Routing Protocol Configuration

^ DMVPN Design Guide: Best Practices and Known Limitations

External links

Cisco Security Solutions

IP Rotating Residential Proxy

Residential Proxies Reference

v
t
e
Virtual private networking
Communication protocols

DTLS

DirectAccess

EVPN

IPsec

L2F

L2TP

L2TPv3

PPTP

SSTP

Split tunneling

SSL/TLS

(Opportunistic: tcpcrypt)

Connection applications

FreeLAN

FreeS/WAN

Libreswan

n2n

OpenConnect

OpenIKED

Openswan

OpenVPN

Social VPN

SoftEther VPN

strongSwan

tcpcrypt

tinc

VTun

WireGuard

Shadowsocks

Enterprise software

Avast SecureLine VPN

Check Point VPN-1

LogMeIn Hamachi

Risk vectors

Content-control software

Deep content inspection

Deep packet inspection

IP address blocking

Network enumeration

Stateful firewall

TCP reset attack

VPN blocking

VPN Services
Avast

HMA

SecureLine

Kape Technologies

CyberGhost

ExpressVPN

Private Internet Access

Zenmate

McAfee

TunnelBear

Tesonet

NordVPN

NordLayer

Surfshark

Ziff Davis

IPVanish

StrongVPN

Hola

IVPN

Mozilla VPN

Mullvad

PrivadoVPN

Proton VPN

PureVPN

SaferVPN

Windscribe

Retrieved from "https://en.wikipedia.org/w/index.php?title=Dynamic_Multipoint_Virtual_Private_Network&oldid=1187881230"

[Cisco2006-1] Cisco engineers. "Dynamic Multipoint IPsec VPNs (Using Multipoint GRE/NHRP to Scale IPsec VPNs)". Cisco. Cisco. Retrieved 24 September 2017.

[2] Huawei DSVPN Configuration

[3] ISSN 1742-6596
.

[4] DMVPN Design Guide: Using a Routing Protocol Across the VPN

[5] DMVPN Design Guide: Routing Protocol Configuration

[6] DMVPN Design Guide: Best Practices and Known Limitations

[1]

[2]

[3]

[4]

[5]

[6]