Enable VPN forward for OpenVPN on Mac OS X El Capitan

enable-von-forward-nat.sh

#
# https://roelant.net/2015/share-your-vpn-mac-el-capitan.html
sleep 15
#
/usr/sbin/sysctl -w net.inet.ip.fw.enable=1
/usr/sbin/sysctl -w net.inet.ip.forwarding=1
/usr/sbin/sysctl -w net.inet6.ip6.forwarding=1

pfctl -d
pfctl -f /Users/lex/Dropbox/openvpn/pf.conf -e

net.openvpn.enable-vpn-forward-nat.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd >
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>net.openvpn.enable-vpn-forward-nat</string>
    <key>ProgramArguments</key>
    <array>
		<string>/Users/lex/Dropbox/openvpn/enable-vpn-forward-nat.sh</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
</dict>
</plist>

pf.conf

scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
lan="{10.8.0.0/24}"
ext_if=en0
vpn_if="utun0"
nat on $ext_if from $lan to any -> ($ext_if)
nat on $vpn_if from $lan to any -> ($vpn_if)
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
anchor "com.apple.server-firewall/*"
load anchor "com.apple.server-firewall" from "/etc/pf.anchors/com.apple.server-firewall"