Point-to-Point Tunneling Protocol (PPTP) is one method of implementing VPN's. This is now mostly obsolete due to it's insecurity and the availability of more secure methods of setting up VPNs. It is however still of the simplest VPNs to set up.
Remote Access VPNs
This method relies only on a username/password combination. Let's assume that we are using a public IP of 220.127.116.11 on interface eth1 and a desired client IP pool of 172.16.0.100-172.16.0.200 (connecting clients will be assigned an IP from this IP range).
First we need to go into configuration mode.
configure edit vpn pptp remote-access
The outside address (our public IP) needs to be set.
set outside‐address 18.104.22.168
Next we need to set the IP addresses to assign connecting clients.
set client-ip-pool start 172.16.0.100 set client-ip-pool stop 172.16.0.200
We also need to specify the authentication mode and set up our user/users.
set authentication mode local set authentication local‐users <USERNAME> user password <PASSWORD>
Finally we can commit and save
By default VyOS will try and use the most secure options, these being:
Authentication: MS-CHAP-v2 Encryption: MPPE-128 Compression: None
This can be changed using the following command.
set vpn pptp remote-access authentication require <pap|chap|ms-chap|ms-chap-v2>