PPTP: Configure a PPTP VPN connection

ACM5000, ACM5500 and IM4200 devices with Firmware V3.5.2 and later, include a PPTP (Point-to-Point Tunneling Protocol) server. PPTP is typically used for communications over a physical or virtual serial link. The PPP endpoints define a virtual IP address to themselves. Routes to networks can then be defined with these IP addresses as the gateway, which results in traffic being sent across the tunnel. PPTP establishes a tunnel between the physical PPP endpoints and securely transports data across the tunnel. 

The strength of PPTP is its ease of configuration and integration into existing Microsoft infrastructure. It is generally used for connecting single remote Windows clients. If you take your portable computer on a business trip, you can dial a local number to connect to your Internet access service provider (ISP) and then create a second connection (tunnel) into your office network across the Internet and have the same access to your corporate network as if you were connected directly from your office. Similarly, telecommuters can also set up a VPN tunnel over their cable modem or DSL links to their local ISP. 

To set up a PPTP connection from a remote Windows client to your Opengear appliance and local network:

1. Enable and configure the PPTP VPN server on your Opengear appliance
2. Set up VPN user accounts on the Opengear appliance and enable the appropriate authentication
3. Configure the VPN clients at the remote sites. The client does not require special software as the PPTP Server supports the standard PPTP client software included with Windows XP/ NT/ 2000/ 7 and Vista
4. Connect to the remote VPN

Enable the PPTP VPN server

• Select PPTP VPN on the Serial & Networks menu and select Enable
  
   
  
  
• Select the Minimum Authentication Required (Encrypted Authentication MS-CHAP v2 is recommended)
• Select the Required Encryption Level (Strong 40 bit or 128 bit encryption is recommended)
• In Local Address enter IP address to assign to the server's end of the VPN connection
• In Remote Addresses enter the pool of IP addresses to assign to the incoming client's VPN connections
• Enter the desired value of the Maximum Transmission Unit (MTU) for the PPTP interfaces into the MTU field (defaults to 1400)
• In the DNS Server field, enter the IP address of the DNS server that assigns IP addresses to connecting PPTP clients
• In the WINS Server field, enter the IP address of the WINS server that assigns IP addresses to connecting PPTP client
• Enable Verbose Logging to assist in debugging connection problems
• Click Apply Settings

. 
Add a PPTP user

• Select Users & Groups on the Serial & Networks menu
• Add user details and ensure the pptpd Group has been checked to allow access to the PPTP VPN server. Note: Users in this group will have their password stored in clear text.
• Keep note of the username and password for when you need to connect to the VPN connec
• Click Apply to save changes

Set up a remote PPTP Windows client

Ensure the remote VPN client PC has Internet connectivity. To create a VPN connection across the Internet, you must set up two networking connections. One connection is for the ISP, and the other connection is for the VPN tunnel to the Opengear appliance.

This procedure sets up a PPTP client in the Windows 7 Professional operating system. The steps may vary slightly depending on your network access or if you are using an alternate version of Windows. More detailed instructions are available from the Microsoft web site.

• Login to your Windows client with administrator privileges
• From the Network & Sharing Center on the Control Panel select Network Connections and create a new connection
• Select Use My Internet Connection (VPN) and enter the IP Address of the Opengear appliance
• To connect remote VPN clients to the local network, you need to know the user name and password for the PPTP account you added, as well as the Internet IP address of the Opengear appliance. If your ISP has not allocated you a static IP address, consider using a dynamic DNS service. Otherwise you must modify the PPTP client configuration each time your Internet IP address changes.