diff --git a/Shorewall-docs2/OPENVPN.xml b/Shorewall-docs2/OPENVPN.xml
index 13291754a..b4f5b072e 100644
--- a/Shorewall-docs2/OPENVPN.xml
+++ b/Shorewall-docs2/OPENVPN.xml
@@ -464,7 +464,10 @@ iface br0 inet static
         <title>Firewall (Server) configuration.</title>
 
         <para>/etc/openvpn/server-bridge.conf defines a bridge and reserves IP
-        addresses 192.168.1.64-192.168.1.71 for VPN clients.</para>
+        addresses 192.168.1.64-192.168.1.71 for VPN clients. Note that the
+        bridge server only uses local IP address 192.168.3.254. We run two
+        instances of OpenVPN; this one and a second tunnel-mode instance for
+        remote access (see </para>
 
         <programlisting>dev tap0
 
@@ -490,8 +493,7 @@ comp-lzo
 user nobody
 group nogroup
 
-ping 15
-ping-restart 45
+keepalive 15 45
 ping-timer-rem
 persist-tun
 persist-key
@@ -536,12 +538,16 @@ mute-replay-warnings
 verb 3</programlisting>
 
         <para>/etc/openvpn/wireless.up changes the default gateway to
-        192.168.1.254</para>
+        192.168.1.254:</para>
 
         <programlisting>ip route replace default via 192.168.1.254 dev tap0</programlisting>
 
         <para>/etc/openvpn/wireless.down restores the default gateway to
-        192.168.3.254</para>
+        192.168.3.254. Note that this command requires privilege and hence we
+        do not include "user nobody" and "group nobody" in
+        /etc/openvpn/wireless.conf.</para>
+
+        <para>/etc/openvpn/wireless.down:</para>
 
         <programlisting>ip route replace default via 192.168.3.254 dev eth0</programlisting>
       </section>