You may find that rebooting it will be enough.

reloading it now, hope got good luck ..

still the same:(

alternatively, how can i create an vpn username & password on the router instead?

PPTP is not a supported technology these days, so usually does not work on most router software.

If you like a like of pain, try this old Configuration Wizard I wrote, which can generate the code to enable PPTP on the router itself.

http://www.ifm.net.nz/cookbooks/configwizard.html

i think i will Remove all nat statments and configure static nat before nat overload.

i'm onsite now, how can i shut down the outside interface please?

currently:

interface GigabitEthernet0/0/0
description ##internet##
ip address wan_ip 255.255.255.252
ip nat outside
negotiation auto

"shutting down the outside interface" works, saved thank you :)

but still can't connect vpn from ouside, internal VPN works, when i show ip nat translation, couldn't find any gre connections, guess have to setup gre port forwarding, but  "ip nat inside source static gre LanVPNSvr_IP public_ip   returns error " invalid input detected at > mark" :(

cisco4321data(config)#do clear ip nat translation *
cisco4321data(config)#ip nat inside source static tcp LanVPNSvr_ip 1723 WAN_IP 1723 extendable
%Port 1723 is being used by system

"$port udp 4500 is being used by the system" error happens too :( 

Have you got any "crypto" lines in your config, that might be enabling IPSec?

no "crypto" lines

shut down wan interface doesn't work on port forward config udp4500, still says being used by the system, how can :(?

command went ok with "access-list 101 permit gre host wan_ip host lan_ip" and " access-list 101 permit ip any any", but still can't port forward GRE

cisco4321data#sh run
Building configuration...

Current configuration : 2356 bytes
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname cisco4321data
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 xxx
enable password xxx
!
no aaa new-model
!
!
!
!
!
!
!
!
!

ip name-server 8.8.8.8
ip name-server 8.8.4.4

!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid XXX sn XXX
!
!
redundancy
mode none
!
!
!
ip tftp source-interface GigabitEthernet0
!
!
!
!
interface GigabitEthernet0/0/0
description ##internet##
ip address WAN_IP 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description ##local network##
ip address 192.168.16.254 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.0.200 255.255.255.0
ip access-group 101 in
negotiation auto
!
ip default-gateway Gateway_Public_IP
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip nat inside source static tcp VPN_SVR_IP 47 WAN_IP 47 extendable
ip nat inside source static tcp VPN_SVR_IP 80 WAN_IP 80 extendable
ip nat inside source static tcp VPN_SVR_IP 443 WAN_IP extendable
ip nat inside source static udp VPN_SVR_IP 500 WAN_IP 500 extendable
ip nat inside source static tcp VPN_SVR_IP 1723 WAN_IP 1723 extendable
ip nat inside source static tcp 192.168.16.203 8888 WAN_IP 8888 extendable
ip nat inside source static tcp 192.168.16.203 46908 WAN_IP 46908 extendable
ip nat inside source static tcp 192.168.16.210 48394 WAN_IP 48394 extendable
ip nat outside source static tcp 192.168.16.250 9996 WAN_IP 9996 extendable
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Gateway_Public_IP
!
!
access-list 1 permit 192.168.16.0 0.0.0.255
access-list 101 permit gre host WAN_IP host VPN_SVR_IP
access-list 101 permit ip any any
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 1300term
login
!
!
end

cisco4321data#