Anyone know anything about bridging in Linux and how it works with OpenVPN?

I've inherited an OpenVPN server at work that is used for a very small number of people for remote access because the SonicWall doesn't have a Linux client. I'm one of them; that was the main reason I inherited it.

I had to move it because the box it was on needed to be used for something else and it was way overpowered anyway. So I ran up a little virtual machine on another box to set it up. So far so good. Except the bridging is broken and I can't figure out why. Everything else works: it connects and the tunnel is made. I can ssh into the OpenVPN box itself and can then ssh elsewhere, but not directly from my link.

Eventually I tracked it to traffic is flowing from the virtual connection (tap0) to the physical ethernet port (eth1 on this box), but not back the other way.

The famous ip_forward switch is off - but I've tried it on. Bridging doesn't go through the code that needs it. I've added the iptables rules that the OpenVPN docs say to add, but removing them doesn't change anything: packets still flow from tap0 to eth1 but not back the other way.

The only anomoly I can see, and I can't test this remotely, unfortunately, is that when the box comes up, the OpenVPN server starts before the bridge. I have to stop OpenVPN, start the bridge and then start OpenVPN again. It seems to leave tap0 with an IP address, which it shouldn't have in the bridge, but removing doesn't change anything either.

Any other ideas?

Wade.