Readers will learn how to create a PPTP VPN server with local user and RADIUS authentication.
Choose Authentication Mode
You can use only one authentication mode, local or radius.
set vpn pptp remote-access authentication mode (local or radius)
To authenticate using the RADIUS server, use the following command:
set vpn pptp remote-access authentication radius-server 10.1.0.121 key testing123
To authenticate to a local user on the EdgeRouter, use the following command:
set vpn pptp remote-access authentication local-users username wizard password toto set vpn pptp remote-access authentication local-users username fred password flintstone
Note: It is recommended to have the client-ip-pool range outside of the existing DHCP pool on the LAN.
- To define an address pool to hand out to clients, use the following commands:
set vpn pptp remote-access client-ip-pool start 172.16.44.100 set vpn pptp remote-access client-ip-pool stop 172.16.44.110
- To define the outside-address to listen on for clients, use the following command: (Not required, but if not set, the router will listen on all interfaces for PPTP)
set vpn pptp remote-access outside-address 10.1.0.124
- You can also set the PPTP server to listen on a WAN interface configured with DHCP
set vpn pptp remote-access dhcp-interface eth0
Note: If web pages are loading slowly or inconsistently, you can attempt to adjust the MTU setting for your environment. This is only needed in certain environments.
You have the option to change the MTU:
set vpn pptp remote-access mtu 1024
You have the option to define a name server to use:
set vpn pptp remote-access dns-servers server-1 126.96.36.199 set vpn pptp remote-access dns-servers server-2 188.8.131.52
The remote users will be trying to establish a PPTP session with the server running on the router, so for the local firewall rule we must allow the following:
- PPTP - TCP port 1723
- GRE - protocol 47