1) On the host system, add a tap1 interface

ip tuntap add mode tap tap1
ifconfig tap1 up

2) Setup a bridge
brctl addbr br0
brctl addif br0 tap1
#let’s see the bridge:
brctl show
brctl showmacs br0

3) Setup an LXC container with the following settings in the /var/lib/lxc/my-ubuntu/config file: = 00:22:3e:da:58:6c
lxc.utsname = my-ubuntu


4) You can setup NAT now:
echo “1” > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

NOTE: Before you setup conteiner’s interfaces properly it might take too much time to start the container, If so then on the container host cd to /etc/network and change dhcp mode to manual for eth0

Troubleshooting tools:
tcpdump -i br0
tshark -i br0

General info about tun/tap:

How to configure a bridge

NAT How-to:

LXC containers:


It’s a small recipe to setup openvpn access from Ubuntu via pfSense router.

———————————- pfSense Setup ———————————————

1) Setup openvpn on pfSense router according to this nice video-tutorial:

————————– Ubuntu openVPN Client Setup ——————————-

2) On the last step from the video tutorial, instead of downloading windows-exe-file, download zip Archive (see screenshot)


3) install openvpn on you Ubuntu host:

sudo apt-get install openvpn

4) unzip downloaded on step 2) archive to /etc/openvpn

5) You should be able to see *.ovpn file rename it to my_client.conf file

6) Edit /etc/default/openvpn file

Locate #AUTOSTART=”all”

Remove “#” from this string

======================= NOTE =========================

instead of :


you can specify:


So only my_client.conf vpn connection will be used. Please notice: it’s simply “my_client”, and not “my_client.conf”

If you leave it as AUTOSTART=”all”, then all the *.conf connections will be started

=============== NOTE ENDS ========================

7. Start VPN connection with the following command:

sudo service openvpn start

You will be asked for username and password, use the same credentials specified on step 1)

8. It takes some time to establish connection, but aftewards, you should be able to see them with the following command:

$ ifconfig

The output should be like this:

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr: P-t-P: Mask:
RX packets:94 errors:0 dropped:0 overruns:0 frame:0
TX packets:106 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:14833 (14.8 KB) TX bytes:17900 (17.9 KB)

9. Try pinging a host from your VPN network

10. When you no longer need VPN connection, run this command:

sudo service openvpn stop

11. Please let me know if you think something is missing in this tutorial

12. Some additional links:   (Russian lang)