my tomato router as an openvpn server. its WAN ip: PPPoE, so I have to use DDNS like xxx.3322.org LAN ip: 192.168.1.1 it supports NAT. vpn client ip: 192.168.1.101 (tap mode). vpn client has its own wan ip assigned by mobile operator but it doesn't support NAT. Now it's OK for vpn client to access internet or 192.168.1.0/24 via openvpn server, and also OK for 192.168.1.0/24 to access vpn client (192.168.1.101). But it doesn't work (accessing vpn client over internet) after setting up a NAT rule to 192.168.1.101 on tomato router like the following Code: Chain wanin (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 192.168.1.101 tcp dpt:12345 Is there any ideas? thx.