You should always place your VPN server behind a firewall. A firewall is designed to block all unused IP ports. This prevents attacks on your network by malicious Internet users. Another function of a firewall is to hide the computer names and IP addresses used on your private network from Internet users.

If you already have a firewall in place, you'll have to enable the ports that are used by virtual private networking before the VPN server will be accessible from across the Internet. Remember that virtual private networking relies on the PPTP. PPTP uses TCP port 1723 and ID number 47. Therefore, you must enable port 1723 and ID 47 (in some cases listed as Protocol 47) before you can use virtual private networking.
If these addresses aren't enabled, all VPN traffic will be stopped at the firewall and will never even reach your VPN server, not to mention the rest of your network.

Network Address Translation (NAT) in your router allows two or more computers in your home or office to share your modem's Internet connection by multiplexing their traffic onto one IP address.
All traffic sent from your router to the Internet appears to be coming from the same IP address. When response traffic comes back from the Internet to your router, NAT needs to determine which of your PCs should receive that traffic. That isn't a problem with common Internet applications like web browsing and file transfer, but it's a big problem for VPNs. The router is able to NAT properly while the PPTP tunnel is being set up, but after tunnel setup, PPTP uses Generic Routing Encapsulation (GRE), and the router may not be able to figure out what to do with incoming GRE.

A router that supports VPN pass-through is required. A VPN pass-through knows how to handle this situation correctly.
PPTP uses port 1723 and protocol 47, that's protocol 47, not port 47. You need to do port forwarding of 1723 to the internal vpn server. Then you need to allow pptp throuhput.
If that does not work, your isp may not be allowing traffic of that type to get to you.

To setup your VPN on a Linksys modem/router follow these steps:
NOTE: Please be sure to have the most up-to-date firmware before proceeding, you can get a firmware update by going to www.linksys.com/download.

1. To setup port triggering open up your browser and type 192.168.1.1/Filters.htm into the "Address Bar" and hit [Enter].
2. You will be prompted for a username and password. By default there is no username, and the password is admin. Once you type in the password click OK
3. Once logged in you should be at the "Filters" tab.
4. Make sure IPSec Passthrough and/or PPtP Passthrough is enabled, depending on the type of VPN connection you're using. If you're unsure please enable both.
5. Click Apply then Continue
6. Click on the Forwarding tab
7. Once the "Forwarding" section opens, click the Port Triggering button.
8. A new window will appear, and you'll need to set up ports 1723, and 500. The following is what the Port Triggering should look like:

   Application Name Trigger Port Range Incoming Port Range
   1: VPN 47 ~ 47 1723 ~ 1723
   2: VPN 50 ~ 50 500 ~ 500

9. Once you've done this hit Apply, then Continue.
10. After the settings have been applied, your VPN is setup, connect through your VPN software.

With a D-link Router

1. To setup port triggering open up your browser and type 192.168.1.1 into the "Address Bar" and hit [Enter]
2. Click on Advanced tab
3. Click on the LAN Clients tab, In order to setup Port Forwarding a LAN Clients entry will need to be made. The valid IP address list should contain the IP address of the server. The modem/router IP address will be 192.168.1.1 so the server is usually the next address of 192.168.1.2, the name is that of the server.
4. Ensure Port Forwarding is set for VPN with both PPTP and IPSEC rules applied. The ports that are associated with these rules can be viewed by selecting the rule and clicking on View
5. Ensure that in Access Control these VPN rules are NOT selected