For WRT54LG for example: Is it possible to have a vpn tap connection mapped to a physical lan-port while the other physical ports on the router function as the local lan with dhcp, wireless and internet coming from local WAN connection. Anything plugged into the VPN tap port should receive IP address and internet from the dhcp server in the other end of the vpn-tunnel and not be able to access the local lan or internet in any way. Vise versa the local lan on the other ports should not be aware of the vpn-tap connection. In the current tomato firmwares I've tried, it seems that the vpn tap connection is automatically linked to the br0 lan interface, regardless of VLAN settings etc. Any help appreciated!