PPTP

Point-to-Point Tunneling Protocol (PPTP) is one method of implementing VPN's. This is now mostly obsolete due to it's insecurity and the availability of more secure methods of setting up VPNs. It is however still of the simplest VPNs to set up.

Remote Access VPNs

Using PPTP

This method relies only on a username/password combination. Let's assume that we are using a public IP of 23.90.55.23 on interface eth1 and a desired client IP pool of 172.16.0.100-172.16.0.200 (connecting clients will be assigned an IP from this IP range).

First we need to go into configuration mode.

configure
edit vpn pptp remote-access 

The outside address (our public IP) needs to be set.

set outside‐address 23.90.55.23

Next we need to set the IP addresses to assign connecting clients.

set client-ip-pool start 172.16.0.100
set client-ip-pool stop 172.16.0.200

We also need to specify the authentication mode and set up our user/users.

set authentication mode local
set authentication local‐users <USERNAME> user password <PASSWORD>

Finally we can commit and save

commit
save

By default VyOS will try and use the most secure options, these being:

Authentication: MS-CHAP-v2
Encryption: MPPE-128
Compression: None 

This can be changed using the following command.

set vpn pptp remote-access authentication require <pap|chap|ms-chap|ms-chap-v2>