Strongsvan flashed in the comments.
I want to warn and warn:
the client built into Windows and MacOS is good, BUT - the built-in clients in these OSes do not know how to have a DH key length greater than 1024 and you will have to limit your server and create a less secure connection. (Read the security section on the strongswan website). For strongswan, there is no out-of-the-box support for linux and android - you will install the client anyway.
and from first hand experience: create different backends for Linux, MacOS and Windows. Separate clients - it's all about different client-side implementations. As an example, MacOS wants a user login in the form ([email protected]) ​​which is optional in WIndows and Linux (in *nix, the server part does not differ from the client part in general :D )
If you use self-signed certificates - one way or another you will have to import to the client the one that signed the VPN server certificate or use obviously insecure psk

cisco didn’t just give up the pptp hole, issuing certificates makes your work a little more difficult, but at the same time greatly increases your security. Choose for yourself what is more important for you security or automate your work a little