Readers will learn how to configure the EdgeRouter as a PPTP (Point-to-Point Tunneling Protocol) server.
NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Knowledge of the Command Line Interface (CLI) and basic networking knowledge is required. Please see the Related Articles below for more information.
Device used in this article:
Table of Contents
Configuring the PPTP Server
The EdgeRouter PPTP VPN server provides access to the LAN (192.168.1.0/24) for authenticated PPTP clients.
CLI: Access the Command Line Interface. You can do this using the CLI button in the Web UI or by using a program such as PuTTY.
1. Enter configuration mode.
2. Add firewall rules for the PPTP traffic to the local firewall policy.
set firewall name WAN_LOCAL rule 30 action accept
set firewall name WAN_LOCAL rule 30 description PPTP
set firewall name WAN_LOCAL rule 30 destination port 1723
set firewall name WAN_LOCAL rule 30 protocol tcp
NOTE: Make sure to not overwrite any existing firewall rules.
3. Configure the server authentication settings, in this example we are using local authentication.
set vpn pptp remote-access authentication mode local
set vpn pptp remote-access authentication local-users username <username> password <secret>
Use RADIUS instead of local authentication.
set vpn pptp remote-access authentication mode radius
set vpn pptp remote-access authentication radius-server <address> key <secret>
4. Define the IP address pool that will be used by the VPN clients.
set vpn pptp remote-access client-ip-pool start 192.168.100.240
set vpn pptp remote-access client-ip-pool stop 192.168.100.249
NOTE: You can also issue addresses in the local subnet, but make sure that they do not overlap with those issued by the DHCP server.
5. Define the DNS server(s) that will be used by the VPN clients.
set vpn pptp remote-access dns-servers server-1 <address>
set vpn pptp remote-access dns-servers server-2 <address>
6. Define the WAN interface which will receive PPTP requests from clients. Configure only one of the following statements:
Your WAN interface receives an address through DHCP.
set vpn pptp remote-access dhcp-interface eth0
Your WAN interface is configured with a static address.
set vpn pptp remote-access outside-address <wan-address>
Your WAN interface receives an address through PPPoE.
set vpn pptp remote-access outside-address 0.0.0.0
7. Lower the MTU for PPTP traffic.
set vpn pptp remote-access mtu <value>
8. Commit the changes and save the configuration.
commit ; save
Setting up the PPTP Client
In this section, we are using a Windows 10 machine as the PPTP client.
1. Add a new VPN connection.
Settings > Network & Internet > VPN > Add a VPN connection
VPN Provider: Windows (built-in)
Connection name: PPTP
Server name: 203.0.113.1
VPN Type: Point to Point Tunneling Protocol (PPTP)
Type of sign-in info: User name and password
User name: <username>
2. Navigate to the Windows 10 Network connections.
Settings > Network & Internet > Status > Change Adapter Options > PPTP Adapter properties
Security > Allow these protocols > Microsoft CHAP Version 2 (MS-CHAP v2)