Configure the PPTP settings
This topic shows how you enable PPTP, configure basic settings, and access control.
-
Go to Remote Access > PPTP > Global.
-
Enable PPTP.
Click the switch to turn on PPTP remote access.
The switch turns amber and you can edit the page.
-
Specify the following settings:
Authentication via: Select the authentication method.
PPTP remote access supports Local and RADIUS authentication. For users using other authentication methods, remote access through PPTP won’t work.
You can use RADIUS authentication if you have defined a RADIUS server on the Definitions & Users > Authentication Servers > Servers page. The RADIUS server must support MS-CHAPv2 challenge-response authentication. The server can pass back parameters such as the client's IP address and DNS/WINS server addresses. The PPTP module sends the following string as NAS-ID to the RADIUS server: pptp. When you select RADIUS authentication, local users can’t authenticate through PPTP.
Cross Reference: The configuration of the Microsoft IAS RADIUS server and the configuration of RADIUS within WebAdmin is described in the Sophos UTM administration guide under Definitions & Users.
Users and groups: When you select Local, select the users or groups who should be able to use PPTP remote access.
Assign IP addresses by: During connection establishment, endpoint devices get an IP address. The IP address can be taken from a predefined IP address pool or it can be requested from a DHCP server.
Option Description IP address pool Pool network: By default, UTM assigns IP addresses from the private IP address space 10.242.1.x/24. This network is called VPN Pool (PPTP). To use a different network, change the definition of the VPN Pool (PPTP) on the Definitions & Users > Network Definitions page, or create another IP address pool by clicking the Plus icon. Note: If you want that PPTP-connected users are allowed to access the internet, you must additionally define appropriate masquerading or NAT rules.
DHCP server DHCP server: You must specify an DHCP server that runs on a physically different system. The local DHCP server won’t work. Via interface: Define the interface through which the DHCP server is connected. The DHCP server doesn’t have to be directly connected to that interface, it must be just reachable, for instance through a router.
-
Click Apply to save your settings.
The switch turns green. PPTP is active now.
Cross Reference: For more information about remote access, go to Remote Access in the UTM administration guide.