....probably obvious! OK what I am trying to do is replicate the OpenVPN set-up I had on a 24x7 running PC on TomatoVPN.... This did... 1) Allowed me to connect (mainly for testing) via the local wireless/LAN and set-up a tunnel (on the same LAN that the router is on) but I cannot get this working with TomatoVPN I need to be on my 3G dongle to connect. If I try to connect from my LAN I just get a TLS timeout error following by a TLS Handshake failed line, followed by "SIGUSR1[soft,ping-restart] received, client-instance restarting" line in my Tomato log file? 3G/external IP connects OK - but please see further issue below. 2) When I connect route all traffic from the client via the VPN for both internet and LAN endpoints. When I connect (externally) to TomatoVPN either by TUN or TAP methods the router says connected, my client (Ubuntu,Gnome Network manager) says I'm connected but I cannot get to anywhere on my LAN or internet - not even to the routers web admin page. Google just says "looking up...." in my browser then times out. Its as if it has no DNS but I am pushing the DNS details to the client by what's in the log file on the router. As it is sending 'PUSH_REPLY,dhcp-option DOMAIN abcabc,dhcp-option WINS 192.168.0.1,dhcp-option DNS 192.168.0.100,route-gateway 192.168.0.100,redirect-gateway'. For TUN I use the subnet of 10.7.0.0/24, for TAP I use a range from higher up in my 192.168.0.x subnet that I use on my router as if I use DHCP or any range other than the 192.168.0.x range the TAP connection fails.... so I assume this is correct? I also have everything ticked on the advanced page except "Allow only these clients" which should allow what I want to do and give the same options that I had in my PC's server.conf. However all I get in the log file is a number of "Authenticate/Decrypt packet error: packet HMAC authentication failed" errors followed by a number of "read UDPv4 [ECONNREFUSED]: Connection refused (code=146)" errors and then the "inactivity timeout" and "SIGUSR1[soft,ping-restart] received, client-instance restarting" error which seem to disconnect the client? I know the certs are OK as they are my original ones that I have been using with OpenVPN for more that 18 months.... So I am totally baffled why this does not seem to work, hence after nights of checking forum etc I am thinking that I must somehow be missing something somewhere.... so any help or pointers in the right direction would be greatly appreciated.