+ 0 Votes Reponse To Answer robo_dev 1 year ago The point to 'the pattern is full' meaning that a point-to-point VPN device, such as a Cisco router or VPN concentrator does not accept multiple connections. If you define a VPN tunnel in such as device at location "a" to another device in "location b", it is impossible for a second VPN tunnel connection to be made to the VPN device at either location. Even if the attacker had the correct shared secret, certificate, and IP address (not likely!), there is no second connection that can be made. in reading your question, I made one huge mistake....I did not notice you were talking about CHAP and MITM attacks.... When we talk about 'secure VPN' solutions, that would be a IPSEC/L2TP VPN, using AES encryption and SHA256 hashing algorithm and something OTHER that CHAP or MS-CHAP authentication (such as shared-secret or digital certificate) That would be a Cisco ASA-5505 security appliance connecting to a Cisco ASA-5505 security appliance, configured to use AES-256 encryption and SHA-256 or even SHA-384 hashing and a certificate is used for authentication. That is a secure point-to-point VPN solution, and this cannot be hacked by any currently known method or technology. The hacks you hear about are: Microsoft VPN using PPTP and MS CHAP V2. Microsoft PPTP VPN technology is not all that secure, and specifically the MS CHAP V2 protocol is very very hacked...like since 2007. Partly to answer your original question, putting a Microsoft VPN inside a Microsoft VPN is like putting a small leaky boat inside a a larger leaky boat. It may keep you afloat longer, but for the extra work and time, instead buy one very seaworthy boat instead. From a security standpoint, that is like comparing the lethality of a F-15 fighter jet to an old man with a rolled-up newspaper.....not the same thing!