diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 7bae8d7..a86eebc 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -790,7 +790,7 @@
 
 #-----------------------------------------------------------------------------
 # TUN/TAP
-# For TUN/TAP support emerge net-misc/openvpn or sys-apps/usermode-utilities
+# For TUN/TAP support install iproute2, openvpn or usermode-utilities
 #
 # You must specify if we're a tun or tap device. Then you can give it any
 # name you like - such as vpn
@@ -801,6 +801,9 @@
 #tuntap_tap0="tap"
 #config_tap0="192.168.0.1/24"
 
+# Use something like this to pass custom options to iproute2 during
+# tunnel creation. This sets the user and group ownership of the node.
+#iproute2_tun1="user foo group bar"
 # For passing custom options to tunctl use something like the following.  This
 # example sets the owner to adm
 #tunctl_tun1="-u adm"
diff --git a/net/tuntap.sh b/net/tuntap.sh
index ac505ab..45a80fe 100644
--- a/net/tuntap.sh
+++ b/net/tuntap.sh
@@ -6,7 +6,7 @@ tuntap_depend()
 	before bridge interface macchanger
 }
 
-_config_vars="$_config_vars tunctl"
+_config_vars="$_config_vars iproute2 openvpn tunctl"
 
 _is_tuntap()
 {
@@ -44,28 +44,36 @@ tuntap_pre_start()
 	# Set the base metric to 1000
 	metric=1000
 
-	local o_opts= t_opts= do_openvpn=false do_tunctl=false
+	local i_opts= o_opts= t_opts=
+	local do_iproute2=false do_openvpn=false do_tunctl=false
+	eval i_opts=\$iproute2_${IFVAR}
 	eval o_opts=\$openvpn_${IFVAR}
 	eval t_opts=\$tunctl_${IFVAR}
 
-	if [ -n "${o_opts}" ] && type openvpn >/dev/null 2>&1; then
+	if [ -n "${i_opts}" ] && type ip >/dev/null 2>&1; then
+		do_iproute2=true
+	elif [ -n "${o_opts}" ] && type openvpn >/dev/null 2>&1; then
 		do_openvpn=true
 	elif [ -n "${t_opts}" ] && type tunctl >/dev/null 2>&1; then
 		do_tunctl=true
+	elif type ip >/dev/null 2>&1; then
+		do_iproute2=true
 	elif type openvpn >/dev/null 2>&1; then
 		do_openvpn=true
 	elif type tunctl >/dev/null 2>&1; then
 		do_tunctl=true
 	fi
 
-	if ${do_openvpn}; then
+	if ${do_iproute2}; then
+		ip tuntap add dev "${IFACE}" mode "${tuntap}" ${i_opts}
+	elif ${do_openvpn}; then
 		openvpn --mktun --dev-type "${tuntap}" --dev "${IFACE}" \
 			${o_opts} >/dev/null
 	elif ${do_tunctl}; then
 		tunctl ${t_opts} -t "${IFACE}" >/dev/null
 	else
-		eerror "Neither openvpn nor tunctl has been found, please install"
-		eerror "either \"openvpn\" or \"usermode-utilities\"."
+		eerror "Neither iproute2, openvpn nor tunctl has been found, please install"
+		eerror "either \"iproute2\" \"openvpn\" or \"usermode-utilities\"."
 	fi
 	eend $? && _up && service_set_value tuntap "${tuntap}"
 }
@@ -75,7 +83,9 @@ tuntap_post_stop()
 	_is_tuntap || return 0
 
 	ebegin "Destroying Tun/Tap interface ${IFACE}"
-	if type tunctl >/dev/null 2>&1; then
+	if type ip > /dev/null 2>&1; then
+		ip tuntap del dev ${IFACE} mode $(service_get_value tuntap)
+	elif type tunctl >/dev/null 2>&1; then
 		tunctl -d "${IFACE}" >/dev/null
 	else
 		openvpn --rmtun \