First: thanks for your efforts, Tomato is brilliant. I'm using Shibby's build 097 on RT-N16. I have the PPTP server working (and DNS through the router works for iPad running latest iOS without using public DNS servers) but an access restriction rule which blocks on certain words/sites, and which works for lan traffic, doesn't work for traffic coming through the PPTP server. Not sure if is a bug or jtwiw, or do I need to add something else to the rule for it to work? I can block traffic from the pptp server by specifying the clients IP address 172.19.0.1 so at least some of the access restriction rules are being applied to this traffic.
Here is a shortened version of the rule which should block all http requests containing any of the keywords except for those from the specific IP addresses listed:
nvram set rrule3="1|-1|-1|127|!>192.168.2.57>192.168.2.98>192.168.2.92||facemoods
s3x|0|Block facemoods and all s3x/prn"