I have two interfaces:
– A physical WLAN interface with 802.1x auth (en0)
– A virtual TUN interface with VPN (invisible in Network Settings) (utun1)
I have mobiles (both rooted Android and jailbroken iOS) that I want to intercept their HTTP/S traffic, over Bluetooth.
My first thought was to do Internet Sharing from WiFi to Bluetooth, OS X did not like this, as the WiFi has 802.1x auth.
Then I turned on Bluetooth Tethering without any connection on the Android, connected to it from the Mac (en3) and added the Mac as default route with ip route add default via <mac ip>. Then on the Mac I did:
sysctl -w net.inet.ip.forwarding=1
echo "nat on utun1 from en3:network to any -> (utun1)" >> /etc/pf.conf
pfctl -F all
pfctl -ef /etc/pf.conf
I got no errors but the mobile device is not able to connect to the internet. It pings the mac, the route is fine, but the NAT does not work.
How can I share the VPN connection over Bluetooth PAN to the mobile devices? Should I try a different approach? Am I doing something wrong?
Best Answer
First on the Mac do a network configuration (a location in Apple wording) appropriate for your need. Never use the too infamous and too magic "Automatic" location. A configuration with a "Wi-Fi" and "Bluetooth PAN" interfaces and nothing else. Configure them (I guess you are familiar with this aspect to start playing with a VPN and the problems of security around this).
Once this is set, with nothing connected yet on the "Bluetooth PAN" interface, just configure an "Internet Sharing" (which in fact should be correctly named a "network gateway") as follows:
The correct
sysctl,natandpfsettings will be done by many subprocesses hidden (and undocumented) behindInternet Sharing.