I am trying to setup raspberry pi as VPN-WiFi access point connecting to AWS VPC (AWS Client VPN Endpoint). I followed

1. Raspberry Pi as an access point
2. Raspberry Pi WiFi Bridge

But facing difficulties getting this running.

I have raspberry pi connected to ethernet which gets local ip (10.24.11.231) from DHCP, This network is control by IT. I ssh to this IP to login to pi.

I was able to get the eth0 and wlan0 working. Also reach to AWS VPC IP from Raspberry Pi. But can't reach AWS VPC IP if I connect to Raspberry Pi wifi access point. I think this because not all traffic going through through tun0

So I tried

pi@raspberrypi:~ $ sudo brctl show
bridge name bridge id           STP enabled interfaces
br0         8000.b827eb8e38ee   no          eth0
                                        wlan0
pi@raspberrypi:~ $ sudo brctl addif br0 tun0
can't add tun0 to bridge br0: Invalid argument

This is what routing table looks

pi@raspberrypi:~ $ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.20.1.65      128.0.0.0       UG    0      0        0 tun0
10.2.0.0        0.0.0.0         255.255.0.0     U     0      0        0 tun0
10.20.1.64      0.0.0.0         255.255.255.224 U     0      0        0 tun0
10.24.11.0      0.0.0.0         255.255.255.0   U     203    0        0 br0
52.43.170.236   10.24.11.1      255.255.255.255 UGH   0      0        0 br0
128.0.0.0       10.20.1.65      128.0.0.0       UG    0      0        0 tun0

10.2.0.0/16 is VPN network

any idea whats wrong here ?

Is there a way just bridge wlan0 & tun0. That would be the ideal solution, because I just need to access AWS VPC resources from Raspberry Pi Access Point.