An alternative to NAT in certain situations, is to use Proxy ARP. In fact, if you are already behind a NAT firewall, this may be preferable as it allows you to use a subset of the addresses in the subnet to which the host belongs, rather than having to set up a new subnet to NAT to/from.
This is done by allocating some of the address space to the internal network set up by the TAP device and then broadcasting the ARP addresses through Proxy ARP, on the external network. The way this is done is host-dependent and must currently be set up manually. The details can be found in the documentation for your platform-of-choice, if available.
The high-level details are as-follows (using commands on Linux for illustration):
In theory, that should be sufficient to get it working; the interfaces should "learn" how to route the packets. But other steps may be required if not working. For instance, you might have to explicitly set the proxy ARP addresses on the external interface, if they don’t get set automatically (ip neighbor add <address> dev <interface>). Linux documentation indicates this should not be needed, but I have seen some cases where it doesn’t seem to work. Default routes may also need to be set explicitly (ip route add <addresses> via <address> dev <interface>).
NDP is the IPv6 generalization of ARP. The above instructions should apply, with commands used for IPv6 instead (ip -6). If your router doesn’t have a route to your host, this may be needed to use IPv6 networking.