Create a nat rule allowing port 443
WAN TCP 443 (HTTPS) 192.168.2.254 443 (HTTPS) REMOTE ADMIN
Then a firewall rule locking the access down to specific IP addresses
TCP 220.127.116.11 * 192.168.2.254 443 (HTTPS) NAT REMOTE ADMIN
PPTP scares us and we try to stay away from protocols that can be weak via
short usernames and passwords.
This way you can use your web browser without issue .. The best bet however
is to always admin your m0n0wall via the VPN (Ipsec) and only use the above
if you have specific sites (like home static ip needing access to the office
firewall) that you fully control.