Hi everyone I presently use privateinternetaccess as a vpn provider on the tomato router and have all my devices on my network connect to the internet this way. This works perfectly. I am trying to get my rdp (remote destop working but cannot when the vpn is running) I think I need to modify the firewall script. Here is a little info on my network asdl modem connects to internet adsl wan to tomato wan ip is 192.168.2.10 192.168.2.1 is the default gateway and dns. I have port forwarded 3389 tcp to the tomato router 192.168.2.10 In the tomato router dhcp setup to give out addresses as 192.168.123.100 and the tomatos ip is 192.168.123.254. I have set up port forwarding to route tcp 3389 to 192.168.123.103 (pc with rdp) When vpn is disabled I can access this pc perfectly. With the vpn on in the router I cannot access rdp at all So I have searched and seems to have found the answer but it still does not work. Put this in the script section under firewall. iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 3389 -j DNAT --to-destination 192.168.123.103 iptables -I FORWARD -p tcp -d 192.168.123.103 --dport 3389 -j ACCEPT I am unsure what to do next. If anyone can help that would be great. I am using teamviewer now but would rather rdp.