diff --git a/apps/cistech-tunnel/shared/host-routing.sh b/apps/cistech-tunnel/shared/host-routing.sh
index ce57328..fa48b65 100644
--- a/apps/cistech-tunnel/shared/host-routing.sh
+++ b/apps/cistech-tunnel/shared/host-routing.sh
@@ -10,7 +10,7 @@ ACTION="${1:-start}"
 # Fixed configuration (we assigned these)
 CONTAINER_IP="172.30.0.10"
 BRIDGE_NAME="br-cistech-vpn"
-TARGET_IP="${TARGET_IP:-10.3.1.0}"
+TARGET_IP="${TARGET_IP:-10.3.1.0/24}"
 LAN_SUBNET="192.168.0.0/23"
 LAN_INTERFACES="eth0 eth1 wlan0"
 LOG_FILE="/var/log/cistech-routing.log"
@@ -29,7 +29,6 @@ remove_routes() {
 
     # Remove any existing route to TARGET_IP
     ip route del "$TARGET_IP" 2>/dev/null || true
-    ip route del "$TARGET_IP/24" 2>/dev/null || true
 
     log "Stale routes removed"
 }
@@ -41,7 +40,7 @@ apply_routes() {
     log "Applying host routing rules..."
     log "  Container IP: $CONTAINER_IP"
     log "  Bridge: $BRIDGE_NAME"
-    log "  Target IP: $TARGET_IP"
+    log "  Target Network: $TARGET_IP"
     log "  LAN interface: ${lan_if:-unknown}"
 
     # Enable IP forwarding
@@ -49,7 +48,7 @@ apply_routes() {
     log "IP forwarding enabled"
 
     # Add route to TARGET_IP via container
-    ip route replace "$TARGET_IP/24" via "$CONTAINER_IP" dev "$BRIDGE_NAME"
+    ip route replace "$TARGET_IP" via "$CONTAINER_IP" dev "$BRIDGE_NAME"
     log "Route added: $TARGET_IP via $CONTAINER_IP dev $BRIDGE_NAME"
 
     # Allow forwarding in DOCKER-USER chain for all LAN interfaces
@@ -84,7 +83,7 @@ remove_all() {
     log "Removing all routing rules..."
 
     # Remove route
-    ip route del "$TARGET_IP/24" via "$CONTAINER_IP" dev "$BRIDGE_NAME" 2>/dev/null || true
+    ip route del "$TARGET_IP" via "$CONTAINER_IP" dev "$BRIDGE_NAME" 2>/dev/null || true
 
     # Remove iptables rules for all LAN interfaces
     for lan_if in $LAN_INTERFACES; do