EdgeRouter - PPTP VPN Server


Overview


Readers will learn how to configure the EdgeRouter as a PPTP (Point-to-Point Tunneling Protocol) server.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information.
 
Devices used in this article:

Table of Contents


  1. Configuring the PPTP Server
  2. Setting up the PPTP Client
  3. Related Articles

Configuring the PPTP Server


Back to Top

topology.png

The EdgeRouter PPTP VPN server provides access to the LAN (192.168.1.0/24) for authenticated PPTP clients.

CLI: Access the Command Line Interface. You can do this using the CLI button in the Web UI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Add firewall rules for the PPTP traffic to the local firewall policy.

set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description PPTP
set firewall name WAN_LOCAL rule 30 destination port 1723
set firewall name WAN_LOCAL rule 30 protocol tcp
NOTE: Make sure to not overwrite any existing firewall rules.

3. Configure the server authentication settings (replace <secret> with your desired passphrases).

set vpn pptp remote-access authentication mode local
set vpn pptp remote-access authentication local-users username <username> password <secret>
NOTE: To use RADIUS instead of local authentication, add the following two authentication commands instead:
 
set vpn pptp remote-access authentication mode radius
set vpn pptp remote-access authentication radius-server <address> key <secret>

4. Define the IP address pool that will be used by the VPN clients.

set vpn pptp remote-access client-ip-pool start 192.168.100.240
set vpn pptp remote-access client-ip-pool stop 192.168.100.249
NOTE: You can also issue addresses in the local subnet, but make sure that they do not overlap with those issued by the DHCP server.

5. Define the DNS server(s) that will be used by the VPN clients.

set vpn pptp remote-access dns-servers server-1 <address>
set vpn pptp remote-access dns-servers server-2 <address>

6. Define the WAN interface which will receive PPTP requests from clients. Configure only one of the following statements:

Your WAN interface receives an address through DHCP.

set vpn pptp remote-access dhcp-interface eth0

Your WAN interface is configured with a static address.

set vpn pptp remote-access outside-address <wan-address>

Your WAN interface receives an address through PPPoE.

set vpn pptp remote-access outside-address 0.0.0.0

7.  Lower the MTU for PPTP traffic.

set vpn pptp remote-access mtu <value>

8. Commit the changes and save the configuration.

commit ; save
NOTE: The show vpn remote-access command can be used to verify the VPN client sessions. 

Setting up the PPTP Client


Back to Top

   Windows Client


In this section, we are using a Windows 10 machine as the PPTP client. 

1. Add a new VPN connection.

Settings > Network & Internet > VPN > Add a VPN connection

VPN Provider: Windows (built-in)
Connection name: PPTP
Server name: 203.0.113.1
VPN Type: Point to Point Tunneling Protocol (PPTP)
Type of sign-in info: User name and password
User name: <username>
Password: <secret>

2. Navigate to the Windows 10 Network connections.

Settings > Network & Internet > Status > Change Adapter Options > PPTP Adapter properties

Security > Allow these protocols > Microsoft CHAP Version 2 (MS-CHAP v2)

Related Articles


Back to Top

EdgeRouter - L2TP IPsec VPN Server

EdgeRouter - OpenVPN Server

Intro to Networking - How to Establish a Connection Using SSH


We're sorry to hear that!