How to Configure PPTP VPN on Windows, Linux, Mikrotik

PPTP VPN is a fast network protocol that guarantees a stable conversation over the Internet, especially for gaming and streaming usages.

Using PPTP VPN is a simple option (not safe) to change your IP address.

To Set up PPTP VPN on Windows Server, go to Server Manager and follow the below steps:

• Install Routing and Remote Access Server Role.
• Configure Routing and Remote Access Service.
• Define Network Interface and IP pool.
• Configure User Access.
• Configure Windows Firewall.

To Configure PPTP VPN on Linux, follow the below steps:

• Install PPTPD on the Linux distribution you are using.
• Edit IP Settings.
• Choose a new Username & Password.
• Enable Network Forwarding.
• Configure Routing and Firewall.

Mikrotik PPTP VPN Configuration requires the steps below:

• Add IP Pool.
• Create PPP profile.
• Access grant for users and devices to VPN.
• Enable PPTP Server.
• Create rules in the firewall and NAT.

Steps to Configure PPTP VPN on Windows Server

On a Windows VPS, the main instructions to set up a PPTP VPN on Windows Server 2016, 2012 R2, and older versions are the same as Windows 2019.

Step 1: Add VPN Roles and Features

To set up a PPTP VPN on a Windows Server 2019, start by adding the Routing and Remote Access role.

To do this:

• Open Start.
• Search for Server Manager and click on it.
• Click the Manage menu, select the Add Roles and Features option, and click the Next button.

• Select the Role-based or feature-based installation option on the windows below and click the Next button.

• Choose the Select a server from the server pool option, select a name for the server, and click the Next button.

• Tick the Remote Access option and click the Next button 3 times.

• Tick the DirectAccess and VPN (RAS) option and select the Add Features button.
• Click the Next button 3 times.

• On the below Windows, click the Install button and then the close button.

Step 2: Configure PPTP VPN server on Windows Server

• Open Start.
• Search for Server Manager and click on it.
• Click the Manage menu to select Routing and Remote Access option.

• To select the Configure and Enable Routing and Remote Access option, right-click the server names shown below:

• On the below windows, choose the Custom configuration option and click the Next button.

• On the below windows, choose the VPN access option, click the Next button, and then the Finish button.
• Click the Start service button and right-click the server name to select the Properties option.

• On the below windows, select IPv4 tab.

• You are recommended to check the Static address pool option under the ‘’IPv4 address assignment’’ section.
• Click the Add button to specify a start IP address and an end IP address.
• When you are finished, click on OK, Apply, and again on OK button.

• On the below window, right-click ”Remote Access Logging & Policies” and select the Launch NPS option.

• On the below window, select the Network Policies option.
• Double-click the Connections to Microsoft Routing and Remote Access server policy.

• On the below window, select the Grant access. Grant access if the connection request matches this policy option.

• When you are done, Close the Network Policy Server console by clicking the Apply button and then OK button.

Your new VPN server is now created on Windows Server.

Now, you are ready to connect to the PPTP VPN client on your server.

Before that, let’s see how to allow users to be connected and also allow firewall to the connections.

Step 3: Configure Firewall to allow VPN connections on Windows Server

In this step, you will allow VPN connections through the firewall to complete the configuration and receive connections remotely from other computers.

• Open Start and search for Allow an app through Windows Firewall and open it.
• Click the Change settings button.
• Check if the Routing and Remote Access is allowed on Private and Public.
• Click the OK button.

Step 4: Configure VPN to allow users access on Windows Server

To let a user access the network using a VPN connection, follow the below steps:

• Open Start.
• Search for Server Manager and click on it.
• Select the Active Directory Users and Computers option.
• Click on Users and double-click the user you prefer to allow remote access.
• Click the Dial-in tab.
• Under the ”Network Access Permission” section, select the Allow access option.

• Click the Apply button and the OK button.

Additional Note:

1. To add other users, repeat the paths of this step.
2. To make configuring VPN access for users easier, you may also create groups if you need to configure access for many users.
3. To connect through the Internet to the VPN, you need to set up port forwarding on the router to enable VPN access and allow VPN connections.

How to Configure PPTP VPN on Linux

After buying Linux VPS, you are ready to set up a PPTP VPN on it and access your network remotely.

SSH to connect to your Linux command line and follow the below steps to configure PPTP VPN on a Linux server easily.

Step 1: Install PPTPD on Linux distros

On CentOS 6 and CentOS 7:

yum install -y  ppp perl nano iptables

cd /usr/local/src

wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm 

rpm -Uhv pptpd-1.4.0-1.el6.x86_64.rpm

On Ubuntu:

apt-get update

apt-get install -y  pptpd

Step 2: Change IP Settings

Open your considered text editor and run:

remoteip 192.168.0.101-200 # Replace with your VPS IP

Step 3: Add Username and Password

To add your preferred username and password, run:

usernameForuser1 *  setpassword1here  *

Step 4. Enable network Forwarding

Use the command below to enable network forwarding in /etc/sysctl.conf:

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf

To apply the recent changes, type:

sysctl -p

Step 5. Set up Routing and Firewall

Run the below commands to configure routing and firewall:

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT

iptables -A INPUT -i eth0 -p gre -j ACCEPT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT

iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

On CentOS 6 and CentOS 7:

service iptables save

service iptables restart

Step 6. Start PPTP VPN Server on Linux

When configuring PPTP VPN is done, you can use the commands below to start it on your Linux distribution:

On CentOS:

service pptpd restart

To start automatically upon reboot:

chkconfig pptpd on

On Ubuntu:

systemctl restart pptpd

To start automatically upon reboot:

systemctl enable pptpd

After a successful configuration, you will be connected to the PPTP VPN server through its IP address and the username and password you have chosen.

Set up PPTP VPN on Mikrotik Router

To configure Mikrotik as a PPTP VPN server, you need to have Mikrotik VPS running and follow the below steps.

You can use both command line and winbox to configure PPTP VPN on Mikrotik.

Step 1: Add Pool of IP-Addresses

In this step, an IP Pool is required:

• Go to IP>Pool, click on ‘’+’’, and enter a name and IP range of your choice.
• Click the OK button.

Once the IP pool is ready for the PPTP server, a PPP profile must be configured.

Step 2: Create Profile

• Click on ‘’PPP’’ and open the “Profiles” tab.
• Configure one of the defaults or create a new profile from scratch.
• To make a new profile, click on ”+”.
• Enter a name of your choice, Local Address, and Remote Address.
• Select the IP pool you created.

• Enter the addresses of the DNS servers that you will use.
• Go to the ‘’Protocols’’ tab and set ‘’Use Encryption’’ to yes.
• Go to ‘’Limits’’ tab and set ‘’Only One’’ to yes.
• Click the OK button.

Step 3: Create a User/Computer for the VPN

To let users and computers access to VPN:

• Go to ‘’Secrets’’ tab and click on ‘’+’’
• Enter credentials of your choice and profile.
• Choose the PPP profile you created.

Step 4: Enable PPTP Server

• Go to the ‘’Interface’’ tab and click on ‘’PPTP Server’’
• Check ‘’Enable’’ and select the profile you made.
• Check all the authentication options.
• Click the OK button.

Step 5: Accept Incoming Connections in the Firewall

• Create rules in the firewall and NAT.
• Go to IP>Firewall.
• Click on ‘’+’’

Set:

• Chain: input.
• Protocols: tcp.
• DST. Port: 1723.
• Action: accept.
• Click on ‘’Action’’ tab.
• Click on ‘’Comment’’ tab.
• Input PPTP VPN and click OK.

Step 6: Enable NAT in the Firewall for Internet Access

Make sure you put the rule at higher priority (above ‘’drop’’ rules)

• Go to ‘’NAT’’ tab and click ‘’+’’

Set:

• Chain: srcnat.
• Out. Interface: ether1.
• Action: masquerade.
• Click the OK button.

Now, you should have VPN connections to your server with Internet access.

Step 7: Setup binding interface (Optional)

This will enable you to apply particular policies on the interface/user and, if necessary, set the binding interface in firewall rules.

• Click on ‘’+’’ and select ‘’PPTP Server Binding’’

• Enter a name of your choice and the user you consider to control.

• Click the OK button.

MikroTik Router is ready to serve PPTP VPN Connections.

Final Notes

Since PPTP VPN is not secure, you are recommended to use it in cases the security is not essential. Such as:

• Hiding your IP address.
• Change your location.
• Unblocking streaming channels.
• Accessing gaming servers.

Otherwise, try to study other VPN protocols to choose the best one according to your preferences.