Jeremy, I don't want to get bogged down, but again you are talking about a very specific example, not generally and I am sorry your description seems a little unclear to me, especially the bit about the class A address.
A tunnel with an IP address is a routing encapsulation path. For a single PC you cam bind it logically at your PC, otherwise your router will need to have the address of the tunnels network.. Especially if an NDX is to use this, and then you will need to create a routing metric so certain traffic goes via the tunnel or alltraffic goes the tunnel.
The reason you use a private address such as 10. or 192.168. Is that it has no meaning for geolocation.
Therefore for geolocation to work the last public address to your remote device must be in the geo area, in this case for the BBC a RIPE UK address. You can then have Mutiple private (10, 172.168. 192.168) network addresses in your route to your client, ie a class A address (10) by your tunnel service provider and then a class C (192.168) for your LAN. Trace route will show this.
An alternative is point to point, but the remote client (your PC or device) must support point to point tunnels which MACs and PCs do by sometimes running clients so you do a virtual binding in the TCP/IP stack on the client (often used for encrypted consumer VPNs or corporate remote access VPNs) , but I don't think an NDX or NDS does.
I am sure you know what you are talking about. But for anyone else here is a list of beginners technical descriptions of tunnels, rather than vague in precise marketing terms sometimes used on WWW wikis that cause more harm than good. GRE tunnels is a good place to start, and they work with an NDX if your router can be suitably configured and you have a remote service offering to peer with the tunnel.
Can we leave it now on this thread so we don't take over?
We can start a seperate 'how do tunnels work for a naim network player' elsewhere if we want.