How to bridge tap to eth0 on raspberry pi?
I am using my raspberry pi as a openvpn cleint for my xbox 360 because at my college i get kicked off xbox live for either strict nat type or a connection limit. I can connect to the vpn just fine, i just need to know how to bridge the tap interface with the eth0 interface on the pi. Basically what i am doing is connecting the ethernet port from the pi to the xbox to share the vpn to the xbox. The pi is connecting to the internet via wifi through wlan0 although i may buy a usb ethernet nic at some point to make it more stable. This needs to be run automatically at boot from the pi so if theres a power failure it will reconnect by itself.
I used my laptop to share the vpns connection to my xbox and it works just fine so i know my theory works i just need a way to do it on the pi so i dont have to occupy my laptop with this job.
Bridging two connections is easy.I shall avoid the use of the now deprecated bridge-utils, and use iproute2 utilities instead:
ip tuntap add tap0 mode tap user root
ip link set tap0 up
ip link add br0 type bridge
ip link set tap0 master br0
ip link set dev eth0 down
ip addr flush dev eth0
ip link set dev eth0 up
ip link set eth0 master br0
ip link set dev br0 up
And now you can ssign an address to br0.
Edit:
you are right, you said something that is not right: there is a key difference between tun and tap interfaces, and tun interfaces cannot be brdiged. From Wikipedia:
TUN (namely network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets. TAP (namely network tap) simulates a link layer device and it operates with layer 2 packets like Ethernet frames. TUN is used with routing, while TAP is used for creating a network bridge.
So the error message is quite substantial, i.e. it is something that cannot be corrected.
To make tun interface work, you will need to create it (replace mode tap with mode tun above), assign it an IP address outside your LAN range, activate IP forwarding in the file /etc/sysctl.conf and restart sysctl. Routing configuration is automatic, no need to act on it. LAstly, change iptables roule as follwos, assuming your Pi is connected via eth0:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Still, while instructive, this should be done automatically by your VPN: certainly OpenVPN does that. Why doesn't you VPN take charge of that?