FTY we have taken the decision to deprecate and remove PPTP from Koozali SME v10.
This follow decisions by Apple to remove it from Macs, and at some stage I am sure Microsoft will follow suit.
The reasons are plastered all over the internet and have been for a long time.
People like it because it is 'fast'. And that is the reason it is so insecure - it has extremely weak encryption.
It has more holes than a colander, and there are alternatives that are much better which you will be able to install on v10.
For roaming clients we suggest you look at either OpenVPN, or the weaker but somewhat simpler Ipsec/L2tpd.
OpenVPN is very good and very strong, but it needs a downloadable client and SSL certificates (which can be generated by PHPKi).
Ipsec/L2tpd support is built into most phones, and only requires passwords. The encryption is not as strong as OpenVPN, but better than PPTP. Its major drawback is with multiple connections form the same IP/gateway. It does work quite well.
I may look at Ipsec v2 for mobile clients, but the big issue here is that newer versions of Libreswan (the default ipsec implementation for RHEL/CentOS currently) that support it have too high a level of encryption for most mobiles.....
I may also try and look at the new Wireguard protocol, but like OpenVPN it does not have a built in mobile client as yet.
In general development we still have a few more services to migrate to systemd at which point we'll look at rolling a Beta.
If you want to know more, or better still want to help, please contact us and come and chat on Rocket.Chat.