diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn
index 7e1ec4dcf48851ca1f1b041056d9729a69681be5..c2715a2a4a191c3b9a675bed5c070787007d1427 100755
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -11,6 +11,7 @@
 # VPN functions
 # https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
 # https://jamielinux.com/blog/force-all-network-traffic-through-openvpn-using-iptables/
+# http://www.farrellf.com/projects/software/2016-05-04_Running_a_VPN_Server_with_OpenVPN_and_Stunnel/index_.php
 #
 # License
 # =======
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index 785ea7feb27a7263cc587cf0065d40f3d0717b16..f9b02827d73cd7d13c6af1e135b30d88795624d2 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -111,6 +111,7 @@ function enable_ipv6 {
 }
 
 function firewall_disable_vpn {
+    firewall_remove VPN 1194
     iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -D INPUT -i tun+ -j ACCEPT
     iptables -D FORWARD -i tun+ -j ACCEPT
@@ -119,11 +120,10 @@ function firewall_disable_vpn {
     iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
     iptables -D OUTPUT -o tun+ -j ACCEPT
     save_firewall_settings
-
-    sed -i '/VPN=/d' $FIREWALL_CONFIG
 }
 
 function firewall_enable_vpn {
+    firewall_add VPN 1194 tcp
     iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -A INPUT -i tun+ -j ACCEPT
     iptables -A FORWARD -i tun+ -j ACCEPT
@@ -132,10 +132,6 @@ function firewall_enable_vpn {
     iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
     iptables -A OUTPUT -o tun+ -j ACCEPT
     save_firewall_settings
-
-    if ! grep -q "VPN=" $FIREWALL_CONFIG; then
-        echo "VPN=1194" >> $FIREWALL_CONFIG
-    fi
 }
 
 function configure_firewall {