An iptables Command for Encrypting a Shared Device

[vpnaccountonpc 0]

I wanted to make a post giving a command that I struggled to find for using AirVPN to encrypt a shared device while using a firewall. I'm sharing a gaming console through a laptop so that I can encrypt and firewall the console. On the laptop I'm using Ubuntu 18 and OpenVPN.

The command is:
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

I'm guessing this causes the decrypted packets to return to the console as opposed to the laptop, but I don't really understand how the tun interface works.

Aside from that, make sure the tun interface is being accepted in all tables in both directions. For a bit of extra security, I'm specifying that incoming packets on the tun interface are part of ESTABLISHED or RELATED connections, except in the PREROUTING chain. (I don't remember if I removed connection tracking from PREROUTING because I had to or if it was an accident. Maybe iptables won't recognize those packets as ESTABLISHED or RELATED because they're NATted.)