DMVPN (Dynamic Multipoint VPN) is a routing technique we can use to build a VPN network with multiple sites without having to statically configure all devices. It’s a “hub and spoke” network where the spokes will be able to communicate with each other directly without having to go through the hub. Encryption is supported through IPsec which makes DMVPN a popular choice for connecting different sites using regular Internet connections.

Milesight Industrial Router supports DMVPN feature and works as client mode, in this manual, we will guide you how to install the DMVPN server, then connect Milesight router to the server.

Note: ensure your Milesight router has upgraded the firmware to the latest one.



Milesight Router

UR Router IP:



GRE tunnel IP: 10.0.0.XX (

GRE Key: 123456, Pre shared key: 123456


DMVPN Server configuration

Milesight Router configuration

Check connection status


DMVPN Server Configuration

Step1. Install essential environment

1. login ubuntu, execute: apt-get update

root@ubuntu:~# apt-get update

2. Install the racoon

root@ubuntu:~# apt-get install racoon

3. Install the opsec-tools.

root@ubuntu:~# apt-get install ipsec-tools

4: Install the build-essential.

root@ubuntu:~# apt-get install build-essential

5: Install the libc-ares-dev

root@ubuntu:~# apt-get install libc-ares-dev

6: Install the pkg-config 

root@ubuntu:~# apt-get install pkg-config

7: Download opennhrp-0.14.1.tar.bz2 through this URL .

8: Install the opennhrp, tar -xjvf opennhrp-0.14.1.tar.tz2 & make & make install

root@ubuntu:~# tar xjvf opennhrp-0.14.1.tar.bz2
root@ubuntu:~# cd opennhrp-0.14.1
root@ubuntu:~/opennhrp-0.14.1# ls
AUTHORS contrib doc etc libev Makefile Make.rules man MIT-LICENSE.txt NEWS nhrp patches README TODO
root@ubuntu:~/opennhrp-0.14.1# make
root@ubuntu:~/opennhrp-0.14.1# make install
install -d /usr/sbin
install nhrp/opennhrp nhrp/opennhrpctl /usr/sbin
install -d /etc/opennhrp
install etc/opennhrp.conf etc/opennhrp-script etc/ etc/ /etc/opennhrp
install -d /usr/share/man/man5 /usr/share/man/man8
install man/opennhrp.conf.5 /usr/share/man/man5
install man/opennhrp.8 man/opennhrpctl.8 man/opennhrp-script.8 /usr/share/man/man8
install -d /usr/share/doc/opennhrp
install README /usr/share/doc/opennhrp

Step2. Configure /etc/opennhrp/opennhrp.conf

root@ubuntu:/etc/opennhrp# cat opennhrp.conf
interface gre1
  multicast nhs

Step3. Configure /etc/racoon/racoon.conf

root@ubuntu:/etc/racoon# cat racoon.conf
path include "/etc/racoon/";
path pre_shared_key "/etc/racoon/psk.txt";
remote anonymous {
    exchange_mode main;
    lifetime time 10800 seconds;
    my_identifier address;
    dpd_delay 30;
    dpd_retry 3;
    dpd_maxfail 6;
    nat_traversal on;
    proposal {
            encryption_algorithm des;
            hash_algorithm sha1;
            dh_group modp768;
            authentication_method pre_shared_key;
sainfo anonymous {
    lifetime time 3600 seconds;
    compression_algorithm deflate;
    encryption_algorithm 3des;
    authentication_algorithm hmac_sha1;

Step4. Configure /etc/racoon/psk.txt

Note: configure ip address according to your router’s WAN ip address

Step5. Configure the ipsec-tools.conf

root@ubuntu:/# cat /etc/ipsec-tools.conf
#!/usr/sbin/setkey -f
 spdadd gre -P out ipsec esp/transport//require;
 spdadd gre -P in  ipsec esp/transport//require;

Step6. Create a script to start/stop the DMVPN

Note: configure the local IP address according to your server’s IP address

root@ubuntu:/# cat
    start_nhrp() {
    opennhrp -d
    stop_nhrp() {
        killall -9 opennhrp
    start_gre1() {
    ip tunnel add gre1 mode gre local key 123456 ttl 64
    ip addr add dev gre1
    ip link set gre1 up multicast on
    stop_gre1() {
        ifconfig gre1 down
        ip tunnel del gre1
    start_ipsec() {
        setkey -f /etc/ipsec-tools.conf
        racoon -f /etc/racoon/racoon.conf
    stop_ipsec() {
        setkey -F
        setkey -FP
        killall -9 racoon
    if [ "$ACTION" = "start" ];then
    if [ "$ACTION" = "stop" ];then

Step7. Start the service using the script we created

root@ubuntu:~# chmod +x
root@ubuntu:~# ./ start
opennhrp[19850]: OpenNHRP 0.14.1 starting
opennhrp[19850]: Interface lo: configured UP, mtu=0
opennhrp[19850]: Interface ens18: configured UP, mtu=1500
opennhrp[19850]: Interface gre0: config change, mtu=1476
opennhrp[19850]: Interface gretap0: config change, mtu=1462
opennhrp[19850]: Interface gre1: configured UP, mtu=1472
opennhrp[19850]: Interface gre1: GRE configuration changed. Purged 0 peers.
opennhrp[19850]: Filter code installed (21 opcodes)

Milesight Router Configuration

Enable DMVPN, save and apply setting.

Check connection status

Go to Status -> VPN on Milesight router’s Web GUI