diff --git a/content/bypassing-ports.md b/content/bypassing-ports.md
index 8034908..f85ee28 100644
--- a/content/bypassing-ports.md
+++ b/content/bypassing-ports.md
@@ -94,11 +94,13 @@ laptop, phone, etc. to protect you from public WiFi, create only a single extra
 $ ./easyrsa build-client-full client nopass  # optional
 ```
 
-Leave off `nopass` if you want to password protect the config file when you set
-up a new client.
+Leave off `nopass` if you want to password protect the config file keys when you
+set up a new client.
 
 Create the server config file `/etc/openvpn/server.conf`:
 
+<span class="aside">Can't use port 443 here since it'll be forwarded</span>
+
 ```
 port 1194
 proto udp
@@ -144,7 +146,7 @@ ifconfig-push 10.8.0.100 255.255.255.0
 Test your config by running:
 
 ```
-sudo openvpn --config /etc/openvpn/server.conf
+$ sudo openvpn --config /etc/openvpn/server.conf
 ```
 
 If you run `ip addr` in another terminal, you should see an entry like this:
@@ -236,7 +238,7 @@ $ sudo ufw disable && sudo ufw enable
 
 Switch to your home server or client machine.
 
-Install openvpn:
+Install OpenVPN:
 
 ```
 $ sudo apt update
@@ -275,8 +277,8 @@ key-direction 1
 </tls-auth>
 ```
 
-Replace the `[server ...]` lines with the contents of that file on the VPN
-server, for example:
+Replace the `[server ...]` lines with the contents of that file on the __VPN
+server__, for example:
 
 ```
 $ sudo cat /etc/openvpn/easy-rsa/pki/ca.crt
@@ -294,6 +296,7 @@ client
 dev tun
 proto udp
 remote vpn.example.com 1194
+redirect-gateway def1
 resolv-retry infinite
 nobind
 persist-key
@@ -303,7 +306,6 @@ cipher AES-256-GCM
 auth SHA256
 comp-lzo
 key-direction 1
-redirect-gateway def1
 <ca>
 [server /etc/openvpn/easy-rsa/pki/ca.crt]
 </ca>
@@ -323,7 +325,7 @@ The `client.ovpn` file is ready to be imported into your VPN clients.
 Test your config by running:
 
 ```
-sudo openvpn --config /etc/openvpn/client.conf
+$ sudo openvpn --config /etc/openvpn/client.conf
 ```
 
 If you run `ip addr` in another terminal, you should see an entry like this:
@@ -376,5 +378,15 @@ You should now be fine to access your home server from over the internet.
 To forward additional ports, just edit the `/etc/ufw/before.rules` file like
 above.
 
+You can now point a domain to your virtual server's IP and use that to connect
+to your home server. Use a CNAME to make it easy to change later:
+
+```
+NAME                    TYPE   VALUE
+--------------------------------------------------
+vpn.example.com.        A      123.123.123.123
+myserver.example.com.   CNAME  vpn.example.com.
+```
+
 Finally, make sure any server programs are listening / bound to `10.8.0.100` or
 `0.0.0.0` so that they can get traffic from that interface.