Sharing OpenVPN on Mac OS X Yosemite

macos mac networking vpn openvpn

Up until OS X 10.9 Mavericks, I had been sharing OpenVPN connection in this way .

However, ever since I updated my Mac to the latest OS, this method becomes no longer valid. I did some google searching and it seems that the new network component breaks the function.

Is it possible to restore the sharing function as pre-Yosemite OS? or is there any way to work out a new sharing method with the new network utilities?

Thanks!


Solution 1:

In order to share your OpenVPN connection on OS X Mavericks, Yosemite or El Capitan enter the following commands to enable packet forwarding:

sudo sysctl -w net.inet.ip.forwarding=1
sudo sysctl -w net.inet.ip.fw.enable=1

Next add the following lines to /etc/pf.conf immediately after rdr-anchor "com.apple/*":

lan="{192.168.25.0/24}"
ext_if=en0
vpn_if="utun0"
nat on $ext_if from $lan to any -> ($ext_if)
nat on $vpn_if from $lan to any -> ($vpn_if)

Note that you should change the lan address to the lan you want to route over the OpenVPN connection. ext_if should be the interface that is connected to the lan. vpn_if should be the OpenVPN interface. I used VyprVPN which used tun0 rather than utun0 so you may need to change this depending on your particular configuration.

Next run the following to load the config:

sudo pfctl -d
sudo pfctl -F all
sudo pfctl -f /etc/pf.conf -e

The instructions to do this were found here: http://www.douglas.wiki.br/doku.php?id=en:configuring_nat_on_mac_osx_yosemite

Loading with a daemon

If you want this to load automatically you can take a look at this repo https://github.com/essandess/osx-openvpn-server where you'll see an example of using a shell script with a .plist file to create a daemon that's loaded on boot. I just added /sbin/pfctl -f /etc/pf.conf -e to the end of enable-vpn-forward-nat.sh and did the following:

sudo mkdir '/Library/Application Support/vpn'
sudo install -m 755 osx-openvpn-server/enable-vpn-forward-nat.sh '/Library/Application Support/vpn'
sudo install -m 644 net.openvpn.enable-vpn-forward-nat.plist /Library/LaunchDaemons
sudo launchctl load -w /Library/LaunchDaemons/net.openvpn.enable-vpn-forward-nat.plist

Related

Disable wireless when ethernet connection is detected on an HP EliteBook
Can hard disks read and write simultaneously on different tracks? How?
SSD AES-256 hardware encryption - how to configure?
How can I remove noise from an audio recording?
Setting up a home server - what to use? (ZFS vs btrfs, BSD vs Linux, misc other requirements)
How can I change the default behavior of Windows Explorer in Windows 7 to open Computer rather than Libraries
How to set the minimum margin in CUPS / foomatic driver?
Tools/tips to recover data from a corrupt DMG disk image?
Setting up VSFTPD permissions with Apache server
How can I set the zoom of the Outlook reading pane?
Can I use my MacBook Pro as the screen for a mac mini
Some Applications' Fonts are too Small