Apple's OS has built in internet sharing. Normally people use it to share out an ethernet connection to their smart phones or to share their smart phone connection with another set of hardware (imagine your main internet connection goes dead for example but you still have mobile: you can get your whole network back up again via internet sharing).
OS X internet sharing is a fantastic feature but doesn't seem to be compatible with VPN. When you add a VPN in to you won't be able to use the internet sharing and the DHCP server will go dead. In fact, sharing between two ethernet ports seems a bit trickier as well but isn't really. You just have to allow the receiving device to give what would normally be an error message. "Unable to obtain network address. Self-obtained network address." I've never had a successful connection with that message up but when sharing between two ethernet ports, that's the right message. You don't want to be generating additional network ID's.
Netflix on Apple TV 3 ATV3: Let's get HD going from abroad using a VPN
I wanted to share out the VPN to an Apple TV 3 (gone back to Amazon now: what a relief, more on that now) which was struggling with Netflix using remote DNS (which is a great solution for music services, btw). While an Apple TV 3 does allow you to set DNS by hand, it is not capable of logging into a VPN itself so if you want it on a real VPN, you need to share a connection. I considered a VPN router but I don't own one and I don't actually want all my computers running through VPN (even a fast VPN is a fraction of the speed of a local connection).
Fortunately I had the smart idea of working on sharing out the VPN with one of my Macbook Pro's so I could get immediate feedback on success or not. This was a good idea as my path to nirvana was a winding one.
For some reason, some geek got very popular for a horribly byzantine terminal method involving IPFW rules (I was lured into his post from apple.stackexchange.com). Henceby ruining the lives of others when internet sharing just works between two ethernet ports and also with VPN. I won't link his post to try to stop it from ranking any higher. Here's what it looks like to make sure you don't go down the same rabbit hole I did.
rodrigo sieiro ruining your day
Rodrigo Sieiro cost me hours of my life trying to replicate his system. I more or less succeeded, able to turn the script on and off. But at some point, I realised it couldn't be that bad. Surely a VPN can be shared.
And indeed a PPTP Mac VPN can. You don't even have to set up the IPv4 Address, Subnet Mask and Router address by hand.
Here's what success looks like:
Apple VPN Internet Sharing
Bullet proof steps to get to shared VPN heaven:
- Subscribe to a good VPN* service.
- Set up the VPN to work properly on your computer.
- Test the connection with SpeedTest.
- Test the connection with the service you want to stream (there's no point in sharing out an inadequate VPN, you won't get HD) on the test computer.
- Turn off the VPN.
- Set up Internet Sharing between two Ethernet ports to make sure both work (do not use a device like Apple TV 3 or an iPad, use another OS computer which will let you know exactly what's happening in the receiving network panel).
- Test the shared connection on the test computer with SpeedTest.
- Final Steps. Turn off internet Sharing.
- Switch Internet Sharing to your VPN and turn on.
- Launch your VPN.
- Test the connection on the receiving computer with SpeedTests (you'll probably see about a 20% reduction in speed, my Unotelly went down to 5 MB/sec on an Apple shared internet connection.
- Test the connection with the service you want to stream. You want to be sure that the service still works before you bother hooking up a blind device like an Apple TV.
- If that all works, now it's time to substitute your Apple TV, moving the ethernet cord from the second computer to the Apple TV.
- Finally, weep. You've set up a perfect VPN with adequate speeds, but you can still only stream at 560kbps with 512x184pixel resolution.
ATV vs iPad vs computer Netflix streaming - And very finally, send your Apple TV 3 back to Apple.
Next installment: the final and working solution for overseas Netflix on your widescreen plasma screen. You'll have to give up 5.1 surround sound but you will get a built-in VPN much better audio, enormous flexibility and which will replace any buggy NAS (network attached storage) you were thinking of buying, all at Gigabit ethernet speeds, with unlimited high speed storage. It will even cost only a fraction of the price of all those devices taken together (Apple TV 3, VPN router, NAS). And it won't be a Roku or a Western Digital media box.
* If you are looking for a VPN for Netflix or other overseas content consumption, we heartily recommend Unotelly and do not recommend Witopia (too slow even on the New York connection at 3 MB/sec, Unotelly is about 7 MB/sec). With Unotelly you don't get nearly the location selection but when you want to listen to music or watch video, you don't need manholes in every city around the world.
Social Bookmarking Plugins for WordPress: Bookmark Me, AddThis.com, AddToAny.com and Share This
How to create a network backup with Apple’s TimeMachine
Dual Internet Connections: How to Swap ISP’s Smoothly on a Mixed Platform Network
People who buy iPhones are image-conscious fad-following idiots
Pretty geeky. So geeky that that vast majority of consumers won’t need nor would be interested in this.
But thank you for showing us the possibilities.
I use a similar setup but I have an old Macbook Pro sharing its VPN from ethernet over WiFi. The Apple TV 3 is on WiFi. I can stream Netflix at HD quality with surround sound with no problems almost all of the time. (About 3Mbps VPN bandwidth.)
Thanks for sharing, I use a Swiss VPN for ATV3 (I am in Switzerland) and switched to Mac. Under Windows all worked well. Mac: not so much. My problem: my VPN service never shows in the drop down ‘connection from’.
I only see my WiFi there.
Any idea?
Hi Jens,
The VPN Settings in OS X have their own drop down menu item which you enable in system preferences when you have a VPN open.
Here’s how it should look:
Is this possible to tweak to share the VPN by wifi?
Hi tze,
Yes. Sharing out to Airport is very easy if you have an ethernet connection to your Mac Mini.
This doesn’t work on Openvpn VPN’s. Fortunately a better geek already figured it out. rodrigo.sharpcube.com/ 2010/06/20/ using-and-sharing-a-vpn-connection-on-your-mac/
Hi Ken,
If you read the article more carefully, you’d note that Rodrigo’s convincing presentation does not actually work. I wasted hours on his terminal method and ended up having to delete all my network preferences to do what is built-in.
In fairness, the built-in Apple internet sharing is a bit flaky itself (I had a lot of trouble getting it to work between normal ethernet and a USB ethernet adapter). On top of that normal Apple internet sharing even via Wifi will not work with a Roku 3 (Roku 3 sees the connection but won’t connect).
In the end, I gave up and upgraded my router while continuing to use Unotelly, following the instructions to route public DNS to the router. Most good routers now can handle PPTP at least. Asus’s Dark Knight and kin as well as TP-Link routers with DD-WRT installed (get WDR3600 and not sister WDR4300 for best value) for instance. $50 will do the job now in terms of router. That’s the next step.
Apple, it was nice knowing you. You used to work for us, your hardware purchasers. Now you work for the government, big media and your own cloud services.
PPTP vs OpenVPN
Your method will work for PPTP. It will not work for OpenVPN which does not list the interface in network connections. Therefore those using OpenVPN must use the terminal method to bridge the interfaces.
I have a question about setting up the vpn manually in the mac preferences menu. Both while selecting PPTP or L2TP and I click “connect”(from the toolbar), my system immediately gives a message saying: “The PPTP-VPN server did not respond.” etc. Any ideas how to solve this? I am using an HMA pro vpn account.
Hi Chris,
Are you sure that your HMA account is working and responding? What have you done to test the connection?