Point-to-Point Tunneling Protocol (PPTP) is one method of implementing VPN's. This is now mostly obsolete due to it's insecurity and the availability of more secure methods of setting up VPNs. It is however still of the simplest VPNs to set up.

Remote Access VPNs

Using PPTP

This method relies only on a username/password combination. Let's assume that we are using a public IP of on interface eth1 and a desired client IP pool of (connecting clients will be assigned an IP from this IP range).

First we need to go into configuration mode.

edit vpn pptp remote-access 

The outside address (our public IP) needs to be set.

set outside‐address

Next we need to set the IP addresses to assign connecting clients.

set client-ip-pool start
set client-ip-pool stop

We also need to specify the authentication mode and set up our user/users.

set authentication mode local
set authentication local‐users <USERNAME> user password <PASSWORD>

Finally we can commit and save


By default VyOS will try and use the most secure options, these being:

Authentication: MS-CHAP-v2
Encryption: MPPE-128
Compression: None 

This can be changed using the following command.

set vpn pptp remote-access authentication require <pap|chap|ms-chap|ms-chap-v2>