My ADSL router supports a built-in VPN server, but I also make use of the DMZ feature to expose my webserver without having to forward all the ports I need.
The problem I ran into is that the VPN traffic was forwarded to the DMZ host (feature or a bug?)
My resolution has been to port forward the VPN traffic back to the router. This involves adding forwarding to port 1723 TCP for PPTP control and 43 GRE (added as the ‘other’ protocol) and pointed both to the LAN IP of the router.