How to bridge tap to eth0 on raspberry pi?

networking linux wireless-networking vpn openvpn

I am using my raspberry pi as a openvpn cleint for my xbox 360 because at my college i get kicked off xbox live for either strict nat type or a connection limit. I can connect to the vpn just fine, i just need to know how to bridge the tap interface with the eth0 interface on the pi. Basically what i am doing is connecting the ethernet port from the pi to the xbox to share the vpn to the xbox. The pi is connecting to the internet via wifi through wlan0 although i may buy a usb ethernet nic at some point to make it more stable. This needs to be run automatically at boot from the pi so if theres a power failure it will reconnect by itself.

I used my laptop to share the vpns connection to my xbox and it works just fine so i know my theory works i just need a way to do it on the pi so i dont have to occupy my laptop with this job.


Bridging two connections is easy.I shall avoid the use of the now deprecated bridge-utils, and use iproute2 utilities instead: 

 ip tuntap add tap0 mode tap user root
 ip link set tap0 up
 ip link add br0 type bridge
 ip link set tap0 master br0
 ip link set dev eth0 down
 ip addr flush dev eth0 
 ip link set dev eth0 up
 ip link set eth0 master br0
 ip link set dev br0 up

And now you can ssign an address to br0.

Edit:

you are right, you said something that is not right: there is a key difference between tun and tap interfaces, and tun interfaces cannot be brdiged. From Wikipedia:

TUN (namely network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets. TAP (namely network tap) simulates a link layer device and it operates with layer 2 packets like Ethernet frames. TUN is used with routing, while TAP is used for creating a network bridge.

So the error message is quite substantial, i.e. it is something that cannot be corrected.

To make tun interface work, you will need to create it (replace mode tap with mode tun above), assign it an IP address outside your LAN range, activate IP forwarding in the file /etc/sysctl.conf and restart sysctl. Routing configuration is automatic, no need to act on it. LAstly, change iptables roule as follwos, assuming your Pi is connected via eth0:

  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Still, while instructive, this should be done automatically by your VPN: certainly OpenVPN does that. Why doesn't you VPN take charge of that?

Related

Close the Find/Replace dialog in Notepad++ with a keyboard shortcut?
What are some tips on reducing the disk space used by Windows 7?
How to connect via RDP to my Hyper-V machine?
How to bring application to front every 15 minutes on Mac OS X Lion?
Dual Boot Windows 7 + Linux on 2 separate SSD + Data HDD
WINDOWS: Taking Back/Restoring Default Ownership Permissions of directory
Screensaver with active desktop [duplicate]
Applications losing focus for a few seconds in Windows 7 [duplicate]
Command to run an application with Administrator privileges, but NOT AS administrator (prompt with UAC)
Task Scheduler Idle task not triggered on the correct time window
How to stop Firefox's version 64.0 from showing the update nag screen?
Windows.old folder loaded with Vista - Is it needed?