diff --git a/deploy_env/group_vars/all.yml b/deploy_env/group_vars/all.yml
index 812d39c..e04a4a9 100644
--- a/deploy_env/group_vars/all.yml
+++ b/deploy_env/group_vars/all.yml
@@ -21,7 +21,7 @@ wannat_global:
         run_type: 0
         config_type: 1
         wannat_ip: "192.168.40.161"
-        wannat_port: 3544
+        wannat_port: 3545
         natgw_bind_port: 3544
         device: "eth0"
         vpn_client_ip_cidr: "10.10.120.0/24"
diff --git a/roles/natgw/templates/natgw.service.j2 b/roles/natgw/templates/natgw.service.j2
index ea2f3eb..6baa924 100644
--- a/roles/natgw/templates/natgw.service.j2
+++ b/roles/natgw/templates/natgw.service.j2
@@ -7,13 +7,20 @@ Type=notify
 WorkingDirectory=/opt/tsg/wannat/natgw
 ExecStart=/opt/tsg/wannat/natgw/wannat_natgw
 
-ExecStartPost=/bin/sh -c "sysctl -w net.ipv4.ip_forward=0"
-ExecStartPost=/bin/sh -c "ifconfig tun_natgw 192.168.1.254/24 up"
+#ExecStartPost=/bin/sh -c "sysctl -w net.ipv4.ip_forward=0"
+#pptp vpn mode must set ipv4.ip_forward=1
+ExecStartPost=/bin/sh -c "sysctl -w net.ipv4.ip_forward=1"
+ExecStartPost=/bin/sh -c "ifconfig tun_natgw 100.64.1.254/24 up"
 ExecStartPost=/bin/sh -c "ethtool -K tun_natgw gro off"
 ExecStartPost=/bin/sh -c "ethtool -K tun_natgw gso off"
 ExecStartPost=/bin/sh -c "ethtool -K tun_natgw tso off"
+
+ExecStartPost=/bin/sh -c "ethtool -K {{wannat_global.natgw.device}} gro off"
+ExecStartPost=/bin/sh -c "ethtool -K {{wannat_global.natgw.device}} gso off"
+ExecStartPost=/bin/sh -c "ethtool -K {{wannat_global.natgw.device}} tso off"
+
 ExecStartPost=/bin/sh -c "ip rule add from {{wannat_global.common.vpn_client_ip_cidr}} table 1001"
-ExecStartPost=/bin/sh -c "ip route add default via 192.168.1.253 table 1001"
+ExecStartPost=/bin/sh -c "ip route add default via 100.64.1.253 table 1001"
 #ExecStartPost=/bin/sh -c "iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP"
 
 TimeoutSec=300s