Example use is to share a VPN connection to a device that doesn't support VPN, like watching Netflix on a smart TV.
First, connect to VPN on OSX host and enable packets forwarding between network interfaces:
$ sudo sysctl -w net.inet.ip.forwarding=1
Now we need to configure PF (Packet Filter). Flush existing NAT rules to ensure we are starting from scratch:
$ sudo pfctl -F nat
Add NAT firewall rule and ensure the PF is enabled (-E
flag):
$ echo "nat on utun1 from en0:network to any -> (utun1)" | sudo pfctl -E -f -
where utun1
should be replaced with VPN network inteface name and en0
is the network interface where you expect requests from client device to come from, e.g. WiFi or Ethernet connection.
Finally, on the TV open WiFi settings and switch IP configuration from DHCP to manual,
change gateway IP address to the address of OSX host and DNS server to either 1.1.1.1
or 8.8.8.8
. If everything is properly configured now all network traffic from the TV should be routed to OSX host and then via the VPN connection.
Aforementioned steps will result in a firewall configuration that won't be preserved, meaning that after rebooting you'd need to repeat the steps again. Refer to this article on setting up persistent PF configuration for OSX starting from Sierra if you'd like your rules to be picked up automatically after rebooting. In order to preserve net.inet.ip.forwarding
sysctl value you need to create /etc/sysctl.conf
file with the only line:
net.inet.ip.forwarding=1
Try to turn off VPN connection and then turn it on again.