[follows on from part one bacause a post cannot be greater than 3000chrs]

Now we set-up the IPPBX:

Logon to the 2820 IPPBX

In SIP Account Settings Make sure that Remote Registration from WAN is enabled. This is an essential first step. If you don't do this, you can't set VPN settings for the extensions.

In Extensions, create your extensions
Again, I found that using numeric entries rather than alphanumerics worked well.

Let's say you're setting up extension 200 to match the example above

Enable the extension - it doesn't do this by default. Doh!
Remote Registration: Make sure the VPN checkbox is enabled and the WAN box disabled or you'll leave yourself open to hackers
Type: SIP
Extension Number 200 [as per example above]
Display Name 200
Authentication - Yes
Use display name as Auth ID - Yes
Password - in my example, a 4-digit number, say 1234. I couldn't get anything complex with letters to work
Enable PPTP via WAN - Yes

Save

In the IPPBX, PBX Status, Extension Monitor screen you should see it now connected. This is also where to look to unlock an extension that's been locked thru too many bad passwords if you have enabled that feature [see below]. A good security feature.

Tip!
I found it really helpful on the Vigor Phone in PhoneSettings, Speeddial, to match one of the BLF lights to extension 200. This way, it lights up when you are registered. And it also allows you to see what's going on. What I could see was that when you turn on the phone it registers immediately for a few seconds, then goes off as the PPTP connection gets established. And then it registers again, this time under PPTP - and you're done.

Once set-up, the final thing is to turn on Security precautions on the SIP accounts on the IPPBX to prevent probing accounts and hackers attacking.
On the IPPBX, in PBX System I set
Limit SIP Request WAN to one per second
Automatic Block Extention after 1 wrong password
If you have fixed IP addresses at all your sites, then you can set the ACL. This is a great way of preventing probing attacks.