Share OSX VPN with your Pi

I have a raspberry Pi that I wanted to connect to my office network for running a test. Rather than setting up a complete VPN connection on the Pi for just a one-off test, much better if the Pi shares the VPN connection from my MacBook.

Getting your MacBook to share its VPN connection is actually not difficult. First enable forwarding:

$ sudo sysctl -w net.inet.ip.forwarding=1

Next create a file called nat-rules with the following content:

nat on ppp0 from en0:network to any -> (ppp0)

Note that my VPN runs on device ppp0 and my MacBook is connected to my local network on device en0. Change these to suit your situation.

Now clear your MacBook’s existing firewall rules (if you have any probably create a backup first!):

$ sudo pfctl -d # disable pf
$ sudo pfctl -F all # clear all rules

Now load the new rule you created earlier:

$ sudo pfctl -f ./nat-rules -e

Now your MacBook is set up to share its VPN connection. On your Pi (or any other device you want to give access to your VPN) add the appropriate route:

$ sudo ip route add 10.0.0.0/8 via 192.168.1.100

Here my office uses IPs in the range 10.0.0.0/8 while my MacBook has IP 192.168.1.100 on my local network.

To turn VPN sharing off, you can simply disable forwarding and flush pf as follows:

$ sudo sysctl -w net.inet.ip.forwarding=0
$ sudo pfctl -d

For more info about pf see the pf manual.