OVERVIEW
PPTP is a data-link layer protocol for wide area networks (WANs) based on the Point-to-Point Protocol (PPP) and developed by Microsoft that enables network traffic to be encapsulated and routed over an unsecured public network such as the Internet. Point-to-Point Tunneling Protocol (PPTP) allows the creation of virtual private networks (VPNs), which tunnel TCP/IP traffic through the Internet.
GWN70xx routers support PPTP Client VPN, the created VPN can be associated to a VLAN thus all the devices connected to the router will use the VPN tunnel. Please refer to the figure below.
PPTP SERVER CONFIGURATION
Any device that supports PPTP Server VPN can be used to configure the PPTP Server or use a VPN service provider that offers PPTP server VPN. In our case, we are going to use the GWN70xx router as an example to configure the PPTP Server.
Configuring PPTP Server Parameters
In our case, these are the parameters of our PPTP Server VPN, and the most important thing to remember is the PPTP Server Address as it will be used to configure the PPTP Client.
Please be aware that the interface may be different according to the manufacturer or the VPN service provider.
Creating PPTP Users
After creating the PPTP server instance, you need next to create some users to allow them to connect to the PPTP server.
It’s very important to remember the username and the password as they will be used to configure PPTP Client later on.
GWN70XX PPTP CLIENT CONFIGURATION
To configure a PPTP Client, follow the below steps:
- Go to “VPN → VPN Clients” on the GWN70xx web GUI.
- Click on
button. A popup window will appear.
Refer to the below figure showing an example of configuration and the below table showing all available options with their respective description.
Server, Username and Password are configured previously in PPTP Server VPN, refer to PPTP Server Configuration above.
Name | Enter a name for the PPTP client. |
Connection Type | Select PPTP from the drop-down list. |
Server | Enter the IP/Domain of the remote PPTP Server. |
MPPE Encryption | Enable / disable the MPPE for data encryption. By default, it’s disabled. |
Username | Enter the Username for authentication with the VPN Server. |
Password | Enter the Password for authentication with the VPN Server. |
Interface | Choose the interfaces. Note: Set forwarding rules in firewall automatically to allow traffic forwarded from VPN to the selected WAN port. If remote device is allowed to access, please set the corresponding forwarding rules in firewall. |
Destination | Choose to which destination group or WAN to allow traffic from the VPN, this will generate automatically a forwarding rule under the menu Firewall → Traffic Rules → Forward. |
IP Masquerading | This feature is a form of network address translation (NAT) which allows internal computers with no known address outside their network, to communicate to the outside. It allows one machine to act on behalf of other machines. |
Remote Subnet | Configures the remote subnet for the VPN. The format should be “IP/Mask” where IP could be either IPv4 or IPv6 and mask is a number between 1 and 32. example: 192.168.5.0/24 |
PPTP Client Configuration
Add PPTP Client VPN to Destination Network Groups
Finally, make sure to allow PPTP Client VPN on the desired network groups like VLANs.
Example: PPTP Client VPN is allowed on the Default VLAN, refer to the figure below.
Verification
- PPTP Client verification
GWN70xx router is connected to PPTP Server VPN with the Server Address 192.168.1.1.
- PPTP Server verification
PPTP VPN Server is connected with the address 192.168.1.1.
