Share OSX VPN with your Pi
I have a raspberry Pi that I wanted to connect to my office network for running a test. Rather than setting up a complete VPN connection on the Pi for just a one-off test, much better if the Pi shares the VPN connection from my MacBook.
Getting your MacBook to share its VPN connection is actually not difficult. First enable forwarding:
$ sudo sysctl -w net.inet.ip.forwarding=1
Next create a file called nat-rules
with the following content:
nat on ppp0 from en0:network to any -> (ppp0)
Note that my VPN runs on device ppp0
and my MacBook is connected to my local network on device en0
. Change these to suit your situation.
Now clear your MacBook’s existing firewall rules (if you have any probably create a backup first!):
$ sudo pfctl -d # disable pf
$ sudo pfctl -F all # clear all rules
Now load the new rule you created earlier:
$ sudo pfctl -f ./nat-rules -e
Now your MacBook is set up to share its VPN connection. On your Pi (or any other device you want to give access to your VPN) add the appropriate route:
$ sudo ip route add 10.0.0.0/8 via 192.168.1.100
Here my office uses IPs in the range 10.0.0.0/8
while my MacBook has IP 192.168.1.100
on my local network.
To turn VPN sharing off, you can simply disable forwarding and flush pf as follows:
$ sudo sysctl -w net.inet.ip.forwarding=0
$ sudo pfctl -d
For more info about pf see the pf manual.