So... I switched everyone over to L2TP VPN. Works great except slower then PPTP because less / no encryption I assume.
L2TP is more consistent with a wide variety of connecting devices over 3G/4G , ADSL, Fiber, NBN etc... Android, iPhone, Mac, Windows...

But some here still just stuck on PPTP and they are to lazy to change so I had to keep it alive and working. Funny thing is that it stopped working for a few.
I did make significant config changes and the new ppp profiles... But now the PPTP profile was not working for all like before. So went into full on debug mode..

I was able to replicate the issue from my windows machine and a Samsung phone
And this is the singular message that consistently came up for me in the logs : 'mppe required but peer refused'

So anyway; In windows I went into advanced options for the PPTP VPN connection and selected no encryption from the drop down menu; once I did that it worked no problem,
same thing with the Android phone.. but alas this is to much overhead for me and time wasting to setup special config instructions for each user with the issue.

I needed it to just work out the box by default from any device capable of PPTP. I tried a few settings from which I found in forum posts with the same or similar issue on PPTP and none worked.. for example only allow 'mschap2 authentication' on PPTP server... etc..

So anyway, after fiddling around I finally found a setting that worked...

In the ppp profiles on the specific profile protocols tab, set 'Use Encryption' = 'yes' ( rOS 6.42.6) - I tried all in there and 'default' radio which is the default did NOT work

Once I did that, all my PPTP troubles were resolved and I could see the connections were showing MPPE 128 encryption.
So no need for me to change any default settings on Windows or Phones for PPTP... Thought I would post my findings..

Oh, anything I might be missing to make L2TP VPN faster (AES-128 cbc(aes)+ hmac(sha1))... AES IN?

To make L2TP VPN faster... I'm afraid the only way is to replace the Routerboard acting as a VPN access server by a device with hardware-assisted encryption such as hAP ac² or some larger model (1100).

With said device is this automatic or is additional configuration needed? RB2011?