Apple’s OS has built in internet sharing. Normally people use it to share out an ethernet connection to their smart phones or to share their smart phone connection with another set of hardware (imagine your main internet connection goes dead for example but you still have mobile: you can get your whole network back up again via internet sharing).
OS X internet sharing is a fantastic feature but doesn’t seem to be compatible with VPN. When you add a VPN in to you won’t be able to use the internet sharing and the DHCP server will go dead. In fact, sharing between two ethernet ports seems a bit trickier as well but isn’t really. You just have to allow the receiving device to give what would normally be an error message. “Unable to obtain network address. Self-obtained network address.” I’ve never had a successful connection with that message up but when sharing between two ethernet ports, that’s the right message. You don’t want to be generating additional network ID’s.
Netflix on Apple TV 3 ATV3: Let’s get HD going from abroad using a VPN
I wanted to share out the VPN to an Apple TV 3 (gone back to Amazon now: what a relief, more on that now) which was struggling with Netflix using remote DNS (which is a great solution for music services, btw). While an Apple TV 3 does allow you to set DNS by hand, it is not capable of logging into a VPN itself so if you want it on a real VPN, you need to share a connection. I considered a VPN router but I don’t own one and I don’t actually want all my computers running through VPN (even a fast VPN is a fraction of the speed of a local connection).
Fortunately I had the smart idea of working on sharing out the VPN with one of my Macbook Pro’s so I could get immediate feedback on success or not. This was a good idea as my path to nirvana was a winding one.
For some reason, some geek got very popular for a horribly byzantine terminal method involving IPFW rules (I was lured into his post from apple.stackexchange.com). Henceby ruining the lives of others when internet sharing just works between two ethernet ports and also with VPN. I won’t link his post to try to stop it from ranking any higher. Here’s what it looks like to make sure you don’t go down the same rabbit hole I did.
rodrigo sieiro ruining your day
Rodrigo Sieiro cost me hours of my life trying to replicate his system. I more or less succeeded, able to turn the script on and off. But at some point, I realised it couldn’t be that bad. Surely a VPN can be shared.
And indeed a PPTP Mac VPN can. You don’t even have to set up the IPv4 Address, Subnet Mask and Router address by hand.
Here’s what success looks like:
Apple VPN Internet Sharing
Bullet proof steps to get to shared VPN heaven:
- Subscribe to a good VPN* service.
- Set up the VPN to work properly on your computer.
- Test the connection with SpeedTest.
- Test the connection with the service you want to stream (there’s no point in sharing out an inadequate VPN, you won’t get HD) on the test computer.
- Turn off the VPN.
- Set up Internet Sharing between two Ethernet ports to make sure both work (do not use a device like Apple TV 3 or an iPad, use another OS computer which will let you know exactly what’s happening in the receiving network panel).
- Test the shared connection on the test computer with SpeedTest.
- Final Steps. Turn off internet Sharing.
- Switch Internet Sharing to your VPN and turn on.
- Launch your VPN.
- Test the connection on the receiving computer with SpeedTests (you’ll probably see about a 20% reduction in speed, my Unotelly went down to 5 MB/sec on an Apple shared internet connection.
- Test the connection with the service you want to stream. You want to be sure that the service still works before you bother hooking up a blind device like an Apple TV.
- If that all works, now it’s time to substitute your Apple TV, moving the ethernet cord from the second computer to the Apple TV.
- Finally, weep. You’ve set up a perfect VPN with adequate speeds, but you can still only stream at 560kbps with 512x184pixel resolution.
ATV vs iPad vs computer Netflix streaming - And very finally, send your Apple TV 3 back to Apple.
Next installment: the final and working solution for overseas Netflix on your widescreen plasma screen. You’ll have to give up 5.1 surround sound but you will get a built-in VPN much better audio, enormous flexibility and which will replace any buggy NAS (network attached storage) you were thinking of buying, all at Gigabit ethernet speeds, with unlimited high speed storage. It will even cost only a fraction of the price of all those devices taken together (Apple TV 3, VPN router, NAS). And it won’t be a Roku or a Western Digital media box.
* If you are looking for a VPN for Netflix or other overseas content consumption, we heartily recommend Unotelly and do not recommend Witopia (too slow even on the New York connection at 3 MB/sec, Unotelly is about 7 MB/sec). With Unotelly you don’t get nearly the location selection but when you want to listen to music or watch video, you don’t need manholes in every city around the world.
Alec Kinnear
Alec has been helping businesses succeed online since 2000. Alec is an SEM expert with a background in advertising, as a former Head of Television for Grey Moscow and Senior Television Producer for Bates, Saatchi and Saatchi Russia.
Pretty geeky. So geeky that that vast majority of consumers won’t need nor would be interested in this.
But thank you for showing us the possibilities.
I use a similar setup but I have an old Macbook Pro sharing its VPN from ethernet over WiFi. The Apple TV 3 is on WiFi. I can stream Netflix at HD quality with surround sound with no problems almost all of the time. (About 3Mbps VPN bandwidth.)
Thanks for sharing, I use a Swiss VPN for ATV3 (I am in Switzerland) and switched to Mac. Under Windows all worked well. Mac: not so much. My problem: my VPN service never shows in the drop down ‘connection from’.
I only see my WiFi there.
Any idea?
Hi Jens,
The VPN Settings in OS X have their own drop down menu item which you enable in system preferences when you have a VPN open.
Here’s how it should look:
Is this possible to tweak to share the VPN by wifi?
Hi tze,
Yes. Sharing out to Airport is very easy if you have an ethernet connection to your Mac Mini.
This doesn’t work on Openvpn VPN’s. Fortunately a better geek already figured it out. rodrigo.sharpcube.com/ 2010/06/20/ using-and-sharing-a-vpn-connection-on-your-mac/
Hi Ken,
If you read the article more carefully, you’d note that Rodrigo’s convincing presentation does not actually work. I wasted hours on his terminal method and ended up having to delete all my network preferences to do what is built-in.
In fairness, the built-in Apple internet sharing is a bit flaky itself (I had a lot of trouble getting it to work between normal ethernet and a USB ethernet adapter). On top of that normal Apple internet sharing even via Wifi will not work with a Roku 3 (Roku 3 sees the connection but won’t connect).
In the end, I gave up and upgraded my router while continuing to use Unotelly, following the instructions to route public DNS to the router. Most good routers now can handle PPTP at least. Asus’s Dark Knight and kin as well as TP-Link routers with DD-WRT installed (get WDR3600 and not sister WDR4300 for best value) for instance. $50 will do the job now in terms of router. That’s the next step.
Apple, it was nice knowing you. You used to work for us, your hardware purchasers. Now you work for the government, big media and your own cloud services.
PPTP vs OpenVPN
Your method will work for PPTP. It will not work for OpenVPN which does not list the interface in network connections. Therefore those using OpenVPN must use the terminal method to bridge the interfaces.
I have a question about setting up the vpn manually in the mac preferences menu. Both while selecting PPTP or L2TP and I click “connect”(from the toolbar), my system immediately gives a message saying: “The PPTP-VPN server did not respond.” etc. Any ideas how to solve this? I am using an HMA pro vpn account.
Hi Chris,
Are you sure that your HMA account is working and responding? What have you done to test the connection?
Thanks for posting this Alec,
I just spent a whole evening setting this up and unfortunately I did try to follow Rodrigo’s process first. The Unix code doesn’t work on Yosemite.
It’s really quite simple once you get it. And by the way – this does work for PPTP!
The VPN supplier I use is Private Internet Access (PIA). I turned off their automated application and made a new manual connection to the VPN in the Network settings using PPTP following instructions from the PIA website. Then in Internet sharing I had a new connection to share and it popped up as a new WIFI connection for the smart TV.
This saved me from having to upgrade to a VPN modem or pay for an additional service like Unblock-US to subscribe to international TV.
Thanks for the Yosemite update David! I’m glad you were able to get VPN passthrough without new hardware. If you do run into issues with your existing VPN, I’m using Unotelly and have been very happy with their DNS forwarding service. They’ve even added services for me with just a few days turnaround.
PS. Rodrigo should really have the good manners to take down that bad tutorial or even better put up a disclaimer on the article (as it’s reference from other places around the web).
Someone contacted me about this so I’ll give a couple of links for those struggling with this.
A really good general tutorial that helped me share the VPN on a wireless network: cactusvpn.com/tutorials/how-to-share-a-pptp-vpn-connection-on-mac-os-x/
Private Internet Access’s instructions for setting up a manual PPTP connection: privateinternetaccess.com/pages/client-support/osx10.10-pptp
Are you sure its working fine? I have few doubts regarding this – OS X VPN Connection across two Ethernet ports
Hi Sophia. I’m not sure if internet sharing is working beyond Yosemite. I have El Capitan on most of my macs now for software compatibility but I don’t use Apple internet sharing any more. As I mentioned above, I went with a router which has built-in VPN.
I’m not using that feature much either as Netflix and Amazon Prime video were the primary reasons for using a VPN. None of the VPN services I know of work with Netflix. Amazon Prime is very hit and miss (mostly miss). We also have Amazon Prime DE Video at home in Austria. We don’t like Netflix at all these days and only participate as a shared family plan (effectively half price). Even though we find the esoteric selection of films better on Amazon Prime, we mainly watch Mubi these days. I’m happier with that.
Mainstream Hollywood was never my cup of tea. Second and third rate mainstream Hollywood and worse American television is really not something I want to watch.
Mubi gives us 30 weird and wonderful (lots of both) films every month.
Returning to internet sharing. Apple has been removing features right and left for a long time now, like software RAID and adding limitations like GateKeeper. There’s not much hope for future Mac OS versions to support relatively esoteric configuration like network share except in a tight Apple only straitjacket.
I find El Capitan to be the best OS for business and photo work. For video, unfortunately one must upgrade to High Sierra to enjoy a the most recent version of FCPX which adds some much needed colour correction tools (in the FCPX version which runs on Sierra 10.4 the three way colour tools are there but don’t actually work properly – luminance is broken). In 10.4.1 (High Sierra and later only), three way colour wheels work as anticipated. BlackMagic’s Davinci Resolve also requires at least Sierra (apparently it can be run on El Capitan without H265 but I ran into some issues).