There is a lot of stuff on the net about how useless PPTP is.

But when I read it, I am not sure if these are real for a lot of scenarios. Basically the attacker needs access to the wifi network or the ethernet cable via which you are connecting and have this during the time the connection is alive. Hacking a PPTP VPN router alone just presents you the login+password which will be as hard as you configured it.

Or is there some hack which works purely against a VPN router, with no VPN connection active?

If you just turn up in some hotel and connect via its wifi, who will be in a position to hack it? Almost nobody will know which hotel you will be in and when... Also you could take care to use a phone as a hotspot and then the stuff goes over 3G/4G which is even harder to intercept and inject packets into.

The context of my Q is this
https://forum.draytek.co.uk/viewtopic.php?f=8&t=22696&p=93329#p93310
which is for a travelling laptop, occassionally used with a VPN to access one's home or office PC. I am a bit stuck because the 2955 routers we use seem to reboot periodically if L2TP VPN is enabled - presumably because some hacking is crashing them.