--- a/vpnc-script
+++ b/vpnc-script
@@ -95,7 +95,7 @@
 # =========== tunnel interface handling ====================================
 
 do_ifconfig() {
-	ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
+	ifconfig "$TUNDEV" "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
 }
 
 destroy_tun_device() {
@@ -490,6 +490,18 @@
 	fi
 }
 
+start_vpn_nat() {
+	iptables -A forwarding_rule -o $TUNDEV -j ACCEPT
+	iptables -A forwarding_rule -i $TUNDEV -j ACCEPT
+	iptables -t nat -A postrouting_rule -o $TUNDEV -j MASQUERADE
+}
+
+stop_vpn_nat() {
+	iptables -t nat -D postrouting_rule -o $TUNDEV -j MASQUERADE
+	iptables -D forwarding_rule -i $TUNDEV -j ACCEPT
+	iptables -D forwarding_rule -o $TUNDEV -j ACCEPT
+}
+
 #### Main
 
 if [ -z "$reason" ]; then
@@ -503,8 +515,10 @@
 		;;
 	connect)
 		do_connect
+		start_vpn_nat
 		;;
 	disconnect)
+		stop_vpn_nat
 		do_disconnect
 		;;
 	*)