I run TomatoUSB's VPN version 1.28 on a Linksys WRT54GL, and have set up the VPN client to connect to Hidemyass. It works fine, except that doing a port scan of the router from grc.com reveals various open ports, like 23, 53, and 5000. That's telnet, DNS, and UPnP. Turning off telnet is easy, but I rather need DNS and UPnP.
Some of this behavior is caused by Hidemyass. If I stop the VPN and scan using grc.com, I get the usual, all stealth report. If I connect an individual computer to Hidemyass, and request a scan from that computer, most ports report as closed, and a few as stealth. That's OK, too.
My concerns are twofold: When using the router as a VPN client, is it possible not to expose open ports via the VPN? Second, how dangerous is this exposure?