diff --git a/apps/rego-tunnel/vpn_scripts/start.sh b/apps/rego-tunnel/vpn_scripts/start.sh
index 6a265a2..f5f7d4e 100755
--- a/apps/rego-tunnel/vpn_scripts/start.sh
+++ b/apps/rego-tunnel/vpn_scripts/start.sh
@@ -67,15 +67,10 @@ get_container_ip() {
   iptables -C FORWARD -d "$WINDOWS_IP" -j ACCEPT 2>/dev/null || \
   iptables -A FORWARD -d "$WINDOWS_IP" -j ACCEPT
 
-  # Start socat to forward SSH from Windows VM
-  pkill -f "socat.*:22" 2>/dev/null || true
-  socat TCP-LISTEN:22,fork,reuseaddr TCP:"$WINDOWS_IP":22 &
-  echo "[rego-tunnel] socat SSH forwarder started on port 22"
-
-  # Start socat to forward SOCKS5 proxy from Windows VM
-  pkill -f "socat.*1080" 2>/dev/null || true
-  socat TCP-LISTEN:1080,fork,reuseaddr TCP:"$WINDOWS_IP":1080 &
-  echo "[rego-tunnel] socat SOCKS5 forwarder started on port 1080"
+  # Forward port 2222 to VM's SSH (22) for VM access
+  pkill -f "socat.*:2222" 2>/dev/null || true
+  socat TCP-LISTEN:2222,fork,reuseaddr TCP:"$WINDOWS_IP":22 &
+  echo "[rego-tunnel] SSH to VM available on port 2222"
 
   # Add DNAT rules for port forwarding
   add_dnat() {
@@ -84,10 +79,8 @@ get_container_ip() {
     iptables -t nat -A PREROUTING -d "$CONTAINER_IP" -p tcp --dport "$port" -j DNAT --to-destination "$WINDOWS_IP:$port"
   }
 
-  # SSH access
+  # IBM i standard ports (via VM portproxy)
   add_dnat 22
-
-  # IBM i standard ports
   add_dnat 23
   add_dnat 446
   add_dnat 448
@@ -103,7 +96,7 @@ get_container_ip() {
   for port in $(seq 36000 36010); do add_dnat $port; done
 
   echo "[rego-tunnel] iptables DNAT rules configured"
-  echo "[rego-tunnel] SOCKS5 proxy available at $CONTAINER_IP:1080"
+  echo "[rego-tunnel] Port forwarding ready via $CONTAINER_IP"
 ) &
 
 return 0
diff --git a/apps/rego-tunnel/vpn_scripts/vpn-login.js b/apps/rego-tunnel/vpn_scripts/vpn-login.js
index 0eac063..a35851a 100755
--- a/apps/rego-tunnel/vpn_scripts/vpn-login.js
+++ b/apps/rego-tunnel/vpn_scripts/vpn-login.js
@@ -274,28 +274,17 @@ async function main() {
   await sleep(2000);
   ws.close();
 
-  // Verify VPN connection before starting SOCKS5
+  // Verify VPN connection
   const vpnConnected = await verifyVpnConnection();
 
   if (!vpnConnected) {
     log("ERROR: VPN connection could not be verified");
-    log("SOCKS5 proxy NOT started");
     process.exit(1);
   }
 
-  // Start SOCKS5 proxy only after VPN verified
-  log("Starting SOCKS5 proxy on port 1080...");
-  run("taskkill /F /IM node.exe /FI \"WINDOWTITLE eq socks5\"");
-  spawn("node", ["" + require("path").join(require("os").homedir(), "vpn_scripts", "socks5.js") + ""], {
-    detached: true,
-    stdio: "ignore",
-    windowsHide: true
-  }).unref();
-
   console.log("");
   console.log("========================================");
-  console.log("     CONNECTED!");
-  console.log("     SOCKS5 proxy: 172.30.0.16:1080");
+  console.log("     VPN CONNECTED!");
   console.log("     Entering watchdog mode...");
   console.log("========================================");
   console.log("");
@@ -439,13 +428,6 @@ async function reconnectVpn() {
   const verified = await verifyVpnConnection();
   if (verified) {
     log("Reconnection successful!");
-    // Restart socks5
-    run("taskkill /F /IM node.exe /FI \"WINDOWTITLE eq socks5\"");
-    spawn("node", ["" + require("path").join(require("os").homedir(), "vpn_scripts", "socks5.js") + ""], {
-      detached: true,
-      stdio: "ignore",
-      windowsHide: true
-    }).unref();
     return true;
   }