Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Enable VPN forward for OpenVPN on Mac OS X El Capitan
#
# https://roelant.net/2015/share-your-vpn-mac-el-capitan.html
sleep 15
#
/usr/sbin/sysctl -w net.inet.ip.fw.enable=1
/usr/sbin/sysctl -w net.inet.ip.forwarding=1
/usr/sbin/sysctl -w net.inet6.ip6.forwarding=1
pfctl -d
pfctl -f /Users/lex/Dropbox/openvpn/pf.conf -e
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd >
<plist version="1.0">
<dict>
<key>Label</key>
<string>net.openvpn.enable-vpn-forward-nat</string>
<key>ProgramArguments</key>
<array>
<string>/Users/lex/Dropbox/openvpn/enable-vpn-forward-nat.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
lan="{10.8.0.0/24}"
ext_if=en0
vpn_if="utun0"
nat on $ext_if from $lan to any -> ($ext_if)
nat on $vpn_if from $lan to any -> ($vpn_if)
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
anchor "com.apple.server-firewall/*"
load anchor "com.apple.server-firewall" from "/etc/pf.anchors/com.apple.server-firewall"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.