I want to connect an external WiFi access point plugged into my laptop to a VPN that is established by my laptop. I am not sure how to do this. I am most of the way there, but lack the knowledge of what I need to do to complete the last step.

Here is what I currently have in place, that is working:

(1) Laptop comes up and uses either wlan0 (internal wireless) or eth0 (CAT5 cable) to connect to a network

(2) Laptop brings up secondary WiFi access point, an external usb dongle, wlan1, using hostapd/dnsmasq. At this point, clients can connect to this secondary WiFi access point and subsequently access the internet. I have tested this and it works. But I am not sure exactly HOW it works, because I did not manually set up any bridge between wlan1 and wlan0 (or eth0). I thought I would need to do this manually, but apparently not, since clients connected to wlan1 can successfully access the internet.

(3) Laptop establishes VPN to home over the network connection, which brings up interface tap0 (or tun0, depending on which type of VPN I decided to use). I use OpenVPN for this, have been for some time, and it works perfectly.

Here is what config I have in place, that makes (1), (2) and (3) work (I just list the added or changed lines):

Hardware
---
TPLINK TL-WN722N external usb WiFi adapter

/etc/hostapd/hostapd.conf
---
interface=wlan1
driver=nl80211
ssid=my-ssid
channel=1
hw_mode=g
ieee80211n=1
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_passphrase=my-password
macaddr_acl=0
auth_algs=1
country_code=US
ieee80211d=1

/etc/network/interfaces
---
auto wlan1
allow-hotplug wlan1
iface wlan1 inet static
hostapd /etc/hostapd/hostapd.conf
address 10.192.4.1
netmask 255.255.255.0

/etc/dnsmasq.conf
---
interface=lo,wlan1
no-dhcp-interface=lo
dhcp-range=10.192.4.3,10.192.4.50,255.255.255.0,12h

/etc/NetworkManager.conf
---
[keyfile]
unmanaged-devices=mac:c4:e9:84:xx:xx:xx (the MAC address of the TPLINK device)

/etc/rc.local
---
iptables -t nat -A POSTROUTING -s 10.192.4.0/24 ! -d 10.192.4.0/24 -j MASQUERADE

/etc/openvpn/client.conf
---
No real need to list the details here, because it works 100% perfectly.


Below is the new functionality I want to add after the above basic stuff:

(4) How do I connect wlan1 to tap0 (or tun0, depending type of VPN in use)? Do I need to create a bridge on the laptop? How?

(5) Optional, but preferable, everything would be as automated as possible. e.g., When I plug in the usb external WiFi adapter, wlan1 comes up automatically (it apparently does so now, but I had some error which I forgot the details of and need to re-test and troubleshoot - I believe it was a DHCP or DNS issue, but I can't remember). Manual workaround - use "ifup wlan1" and "ifdown wlan1". Also, when I bring up the VPN (this will always be manual), any bridging necessary to connect wlan1 to the VPN would be automatic (assuming wlan1 was already up when the VPN was brought up). Or, if the VPN is already up when I hot plug the external usb WiFi adapter, any bridging to the VPN would be automatic there as well.

Can anyone give me pointers to where I should research on how to accomplish (4) and (5)?

Thanks in advance!

To traverse from one interface to another you need to have FORWARDing turned on.

To turn it on right away use:
To make it permanent you need to edit /etc/sysctl.conf and add or change the following:

Thanks. Yes, I already have that enabled. But I do not think that alone will allow packets to move between wlan1 and tap0 without additional configuration (bridging?)

You could try THIS

That looks like a good tutorial. Thanks for posting the link to it!

yw. Hope it helps.