Connect two Yamaha RTX via VPN with dynamic global IP

Connect two Yamaha RTX via VPN with dynamic global IP (of course, one side must have a fixed global IP)
http://www.rtpro.yamaha.co.jp/RT/docs/ipsec/dialup_vpn.html

PPTP VPN on Yamaha RTX

This is to set Yamaha RTX as PPTP server waiting for connection from clients.

# pp select anonymous
anonymous# pp bind tunnel2
anonymous# pp auth request mschap
anonymous# pp auth username
anonymous# ppp ipcp ipaddress on
anonymous# ppp ipcp msext on
anonymous# ppp ccp type mppe-any
anonymous# ip pp mtu 1280
anonymous# pptp service type server
anonymous# pp enable anonymous
anonymous# pptp service on
anonymous# tunnel select 2
tunnel2# tunnel encapsulation pptp
tunnel2# tunnel enable 2
tunnel2# save
セーブ中... CONFIG0 終了

Reference
http://www.rtpro.yamaha.co.jp/RT/docs/example/pptp/pptp_example1.html

Filtering packet at tunnel on Yamaha RTX

Filter setting from Web UI is only possible for PP, but via command line filtering tunnel is also possible, for example:

ip filter 201010 pass * 172.31.31.0/24 icmp * *
ip filter 201011 pass * 172.31.31.0/24 established * *
ip filter 201012 pass * 172.31.31.0/24 tcp * ident
ip filter 201013 pass * 172.31.31.86/32 * * *
ip filter 201014 pass 10.0.10.254/32 172.31.31.0/24 * * *
ip filter 201015 pass 172.31.31.0/24 * * * *

tunnel select 2
tunnel encapsulation ipip
tunnel endpoint address 172.25.111.3
ip tunnel tcp mss limit auto
ip tunnel secure filter in 201010 201011 201012 201013 201014 201015
tunnel enable 2

This is, use "ip tunnel secure" instead of "ip pp secure" and put this line after "tunnel select".