NAT over OpenVPN tunnel

Quick NAT to use an existing VPN tunnel in Linux for an additional machine (Windows XP) on your LAN.

My Ubuntu notebook uses OpenVPN to access some other networks. It is also a host to various virtual machines. I wanted a Windows XP virtual machine to access resources on the remote network through my VPN tunnel.

The virtual machine uses "bridged" networking, so it has a separate IP on the LAN. So I guess the following would also work on a physically separate machine.

On the Linux VPN tunnel host:

• Declare variables for the network interfaces. $lan is your normal network adapter, $wan is the VPN tunnel virtual adapter. 
• Reset iptables
• Enable forwarding
• Configure iptables to provide NAT masquerading

lan=wlan5; wan=tun0
iptables --flush
iptables --table nat --flush
##not needed?:# iptables --delete-chain
##not needed?:# iptables --table nat --delete-chain
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE
iptables -A FORWARD -i $lan -j ACCEPT

(This is a minimal setup, without any security! Don't use this on a host visible to the Internet!)

On the Windows XP machine:

• Declare IP of your Linux VPN host, and name of your interface (can be seen with the ipconfig command)
• Set the gateway and DNS to the Linux host

SET HOST=192.168.1.44
SET IFNAME=Local Area Connection 2
route change 0.0.0.0 mask 0.0.0.0 %HOST%
netsh interface ip set dns name="%IFNAME%" static %HOST%