Sharing the VPN connection on macOS Sierra via WiFi

internet-sharingNetworkvpnwifi

Using MacBook Pro (Retina, 13-inch, Mid 2014) with macOS Sierra 10.12.5 (16F73), I have a VPN connection through Pulse Secure on my WiFi, and I would like to share it with my mobile device, so I got a D-Link DWA-131 Nano USB WiFi adapter, and tried to connect through the new adapter to VPN, whilst sharing the connection through AirPort WiFi using Internet Sharing.

The sharing works, internet works, but VPN is not shared, only internet connection, so I tried to share my VPN using pfctl but with no luck, I've done it before through Ethernet, but I'm not able to do it through WiFi.

Here's what I do:

# sysctl -w net.inet.ip.forwarding=1
# sysctl -w net.inet.ip.fw.enable=1
(this generates sysctl: unknown oid 'net.inet.ip.fw.enable', no idea what is needed)
# pfctl -d
# pfctl -f nat-rules -e

My nat-rules file contains:

nat on utun1 from en0:network to any -> (utun1)

This is the only rule, it worked before when I was forwarding VPN from Ethernet to WiFi (different BSD device names of course).

Have you tried such thing before? It seems that the main problem is around creating a WiFi network without Internet Sharing, which doesn't seem to be possible ?

Best Answer

As a test, I'd try setting things up totally from the macOS GUI rather than using Terminal. You may already know how to do this, but broadly the steps would be:

  1. Connect your Mac to the internet via your Pulse Secure
  2. Set up your VPN connection in System Preferences > Network
  3. Click on the Advanced... button
  4. Ensure you tick the Send all traffic over VPN connection checkbox
  5. Click OK
  6. Ensure you also tick the checkbox for Show VPN status in menu bar
  7. Now go to System Preferences > Sharing
  8. Highlight (but do not tick) the Internet Sharing service in the lefthand pane
  9. On the righthand side, select the VPN connection you created at Step 2 from the Share your connection from drop-down menu
  10. Now select the Nano USB Wi-Fi port (i.e. tick the checkbox)
  11. Click on the Wi-Fi Options... button
  12. Give your new Wi-Fi network a name, password etc
  13. Click OK
  14. Now tick the Internet Sharing service in the lefthand pane

Now test this to confirm that whenever your Mac is connected to the VPN, it will share the connection via the Nano USB Wi-Fi. This means you should be able to connect your mobile device to the new Wi-Fi network you created at Step 12. To do this, follow the steps below.

Using the VPN connection

To make this work with your mobile device:

  1. On the Mac, click on the new VPN Status icon in the menu bar
  2. Select the Connect option pertaining to the VPN connection created previously
  3. Once the connection is established, your Mac should start sharing the VPN via the Nano USB Wi-Fi
  4. Now go to your mobile device and connect it to this Wi-Fi network
Related Question