Hi everyone.

I'm afraid that this problem is defeating me and I would be most grateful for any pointers.

I have two NIC's (eth0 and eth1) on my machine.

eth0 is connected to my router and provides internet access with an IP address from my broadband provider.

I am running OpenVPN that establishes a tunnel (tun0) that has a different IP address that is overseas.

What I would like to do is to bridge tun0 and eth1 so that I can connect another device to the tunnelled traffic.

I suspect that the answer lies in iptables but having visited lots of websites, it all seems more than a little unclear to me.

I have tried using bridge-utils however that only seems to work between eth0 and eth1, it does not work with tun0. If I create br0 it avoids the tunnel and passes traffic direct from my normal IP address, not the vpn IP address.

Can anybody point me in the right direction?

Thanks!

tun0 is a layer 3 tunnel interface. It doesn't do layer 2 (Ethernet or whatever) at all, which means it can't be bridged.

What you can do, is route traffic through the PC with the tunnel interface. Other devices on your network would send packets to that PC, which would then forward them through the tunnel.

For that to work, you must either:

• have the PC with the VPN tunnel serve as a gateway for every other device needing to reach the remote network (or the entire network, for that matter), OR
• create a route entry for the remote network on your current gateway router, pointing to the PC with the VPN tunnel, OR
• manually create routes any device needing access to the remote network.

That will cover traffic flowing from your network to the remote network, but what about return traffic? You can't expect the router(s) at the remote end to know about your internal network, so you'd also have to configure NAT on the PC with the tunnel interface.

The following iptables command will "hide" (NAT) all outgoing traffic behind the address of the tunnel interface:

1 members found this post helpful.