Apple's OS has built in internet sharing. Normally people use it to share out an ethernet connection to their smart phones or to share their smart phone connection with another set of hardware (imagine your main internet connection goes dead for example but you still have mobile: you can get your whole network back up again via internet sharing).
OS X internet sharing is a fantastic feature but doesn't seem to be compatible with VPN. When you add a VPN in to you won't be able to use the internet sharing and the DHCP server will go dead. In fact, sharing between two ethernet ports seems a bit trickier as well but isn't really. You just have to allow the receiving device to give what would normally be an error message. "Unable to obtain network address. Self-obtained network address." I've never had a successful connection with that message up but when sharing between two ethernet ports, that's the right message. You don't want to be generating additional network ID's.
I wanted to share out the VPN to an Apple TV 3 (gone back to Amazon now: what a relief, more on that now) which was struggling with Netflix using remote DNS (which is a great solution for music services, btw). While an Apple TV 3 does allow you to set DNS by hand, it is not capable of logging into a VPN itself so if you want it on a real VPN, you need to share a connection. I considered a VPN router but I don't own one and I don't actually want all my computers running through VPN (even a fast VPN is a fraction of the speed of a local connection).
Fortunately I had the smart idea of working on sharing out the VPN with one of my Macbook Pro's so I could get immediate feedback on success or not. This was a good idea as my path to nirvana was a winding one.
For some reason, some geek got very popular for a horribly byzantine terminal method involving IPFW rules (I was lured into his post from apple.stackexchange.com). Henceby ruining the lives of others when internet sharing just works between two ethernet ports and also with VPN. I won't link his post to try to stop it from ranking any higher. Here's what it looks like to make sure you don't go down the same rabbit hole I did.
Rodrigo Sieiro cost me hours of my life trying to replicate his system. I more or less succeeded, able to turn the script on and off. But at some point, I realised it couldn't be that bad. Surely a VPN can be shared.
And indeed a PPTP Mac VPN can. You don't even have to set up the IPv4 Address, Subnet Mask and Router address by hand.
Here's what success looks like:
Bullet proof steps to get to shared VPN heaven:
- Subscribe to a good VPN* service.
- Set up the VPN to work properly on your computer.
- Test the connection with SpeedTest.
- Test the connection with the service you want to stream (there's no point in sharing out an inadequate VPN, you won't get HD) on the test computer.
- Turn off the VPN.
- Set up Internet Sharing between two Ethernet ports to make sure both work (do not use a device like Apple TV 3 or an iPad, use another OS computer which will let you know exactly what's happening in the receiving network panel).
- Test the shared connection on the test computer with SpeedTest.
- Final Steps. Turn off internet Sharing.
- Switch Internet Sharing to your VPN and turn on.
- Launch your VPN.
- Test the connection on the receiving computer with SpeedTests (you'll probably see about a 20% reduction in speed, my Unotelly went down to 5 MB/sec on an Apple shared internet connection.
- Test the connection with the service you want to stream. You want to be sure that the service still works before you bother hooking up a blind device like an Apple TV.
- If that all works, now it's time to substitute your Apple TV, moving the ethernet cord from the second computer to the Apple TV.
- Finally, weep. You've set up a perfect VPN with adequate speeds, but you can still only stream at 560kbps with 512x184pixel resolution.
- And very finally, send your Apple TV 3 back to Apple.
Next installment: the final and working solution for overseas Netflix on your widescreen plasma screen. You'll have to give up 5.1 surround sound but you will get a built-in VPN much better audio, enormous flexibility and which will replace any buggy NAS (network attached storage) you were thinking of buying, all at Gigabit ethernet speeds, with unlimited high speed storage. It will even cost only a fraction of the price of all those devices taken together (Apple TV 3, VPN router, NAS). And it won't be a Roku or a Western Digital media box.
* If you are looking for a VPN for Netflix or other overseas content consumption, we heartily recommend Unotelly and do not recommend Witopia (too slow even on the New York connection at 3 MB/sec, Unotelly is about 7 MB/sec). With Unotelly you don't get nearly the location selection but when you want to listen to music or watch video, you don't need manholes in every city around the world.