The rapid growth of the Internet economy has already led to increasing demand for enterprises in establishing network connections with multiple branches in large scale, even global scale. The original VPNs constructed on centralized gateway mode are gradually turning to the VPN system using peer-to-peer technology. The existing peer-to-peer VPN technology built on the two-party key exchange method is more suitable for pairwise communication. However, considering that the tunnel keys are mutually independent in a multi-node communication, the cumulative computation delays of encryption under different tunnels will raise the difficulty in synchronous message-passing. Aiming at this problem, in this study, a peer-to-peer VPN framework called GroupVPN is proposed, which improves the efficiency of multicast communication by designing a non-centralized and highly scalable multicast key distribution protocol. The proposed framework adds a group management layer over the security tunnel layer in order to facilitate dynamic group management and efficient key distribution. This new protocol is applicable for realizing the efficient key distribution for arbitrary group in two mechanisms:designation and revocation by combining broadcast encryption (BE) under public-key group-oriented cryptography infrastructure. In addition, security analysis indicates that this protocol could meet the security requirements of data privacy, data integrity, and identities' authenticity under the strong Deffie-Hellman (SDH) assumption. Experimental analysis also shows that the communication and key-storage overheads of this protocol are actually independent of group size, and the communication delay is more limited by the phase of session key distribution for improving the performance.