Sharing openVPN connection

Murus
Post Reply
rafay98
Posts: 1
Joined: Sat Mar 28, 2015 7:50 am

Sharing openVPN connection

Post by rafay98 » Sat Mar 28, 2015 7:53 am

Hi

Just bought a Pro version

My situation is as follows

I am trying to Share my OpenVPN server connection to my LAN -

I connect to openvpn server using Tunnelblick

I get internet from my landlord using wifi

Hardware I have is

iMAC 10.10.2 + Router

I connect to my internet (wifi) and share my internet using Ethernet port and a TP Link router

My other devices are connected using my TP link router

so

my WAN is en1 interface which is 192.168.100.119
my VPN internet is utun0

I have unchecked Mac’s ICS

I go to Tools > NET

Check Share Internet Connection

LAN = en0
WAN = en1
Checked Share VPN uTun0


But my other devices have no internet connection.. just a router ip from TP link

Thanks,

Raf

—— my ifconfig listing

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether ac:87:a3:14:73:9b
inet6 fe80::ae87:a3ff:fe14:739b%en0 prefixlen 64 scopeid 0x4
nd6 options=1<PERFORMNUD>
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether b8:09:8a:bc:db:1f
inet6 fe80::ba09:8aff:febc:db1f%en1 prefixlen 64 scopeid 0x5
inet 192.168.100.119 netmask 0xffffff00 broadcast 192.168.100.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 0a:00:00:3c:ce:60
media: autoselect <full-duplex>
status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=60<TSO4,TSO6>
ether 0a:00:00:3c:ce:61
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:09:8a:bc:db:1f
media: autoselect
status: inactive
awdl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1452
ether 6e:df:4d:ac:f7:77
inet6 fe80::6cdf:4dff:feac:f777%awdl0 prefixlen 64 scopeid 0x9
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether ae:87:a3:41:ac:00
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
member: en3 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 7 priority 0 path cost 0
nd6 options=1<PERFORMNUD>
media: <unknown type>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 10.8.0.6 --> 10.8.0.5 netmask 0xffffffff

hany
Posts: 480
Joined: Wed Dec 10, 2014 5:20 pm

Re: Sharing openVPN connection

Post by hany » Sat Mar 28, 2015 1:03 pm

Hello

Sharing OpenVPN connection using Murus 1.1.2 does not work. Currently only L2TP and PPTP are supported.
This is for a reason.
OpenVPN clients uses utun* interface (typically utun0 for the first vpn) while L2TP and PPTP clients (the OS X built-in clients among others) do use ppp* interface (ppp0 usually being the first vpn).
But utun0 is used also by other software, not only OpenVPN. AFAIK it is used by OS X itself for some PAN (personal area network) connection (such as airdrop, continuity, or something like that, I don't remember).
So all Murus 1.1.2 rulesets (except the totally customized manual ruleset) passes all traffic on PAN interfaces (awdl0, p2p0, utun0) by default using pass rules with the "quick" keyword. This means that these pass rules cannot be overridden, and all utun0 traffic match only this rule. And I think this is the reason why your attempt to share the OpenVPN connection fails. I'm not 100% sure about this because I can't connect to any OpenVPN servers right now, so I can't test it.
Solution:
I will send you a Murus 1.1.2 modified version, later today. I will simply remove the default pass rule for utun0, so you can test it and tell me if it works.
In case it works, I will put a new option in Murus Preferences in order to deal with the utun0 interface.

hany
Posts: 480
Joined: Wed Dec 10, 2014 5:20 pm

Re: Sharing openVPN connection

Post by hany » Sat Mar 28, 2015 1:29 pm

Ok here it is a modified Murus version. Please try it and let me know, thank you.

http://www.murusfirewall.com/murus-1.1.2.1beta.zip

Just a few things:
according to your ifconfig output you did not assign any IPv4 address to the en0 interface which in turn is, according to your first post, used as LAN. You actually have to assign an IP to the LAN interface. This must be an IP on a different network from WAN. NAT clients must stay within the very same network as your LAN.
SO:

- your router's local interface should be something like 192.168.100.* (I assume a C class net, 24 bits mask)
- your iMac's WAN interface is 192.168.100.119 (en1... is that wifi? it's ok.)
- your iMac's LAN interface must be on a different net, such as 192.168.0.119 or 10.0.0.119....
- your NAT clients must use the same network of you iMac's LAN. For example if you choosed to assign 192.168.0.119 to your iMac's LAN, then all NAT clients must have an IP like 192.168.0.*, and they must use 192.168.0.119 as router.

Please verify twice :)

ElvinAtombender
Posts: 5
Joined: Tue Nov 03, 2015 7:52 pm

Re: Sharing openVPN connection

Post by ElvinAtombender » Tue Nov 03, 2015 8:11 pm

First time caller here. New to Murus but very impressed.

On this topic using Murus Pro 1.3.2 can openVPN sharing be implemented or would I need to use the mod version earlier in this thread?

I am running Murus on OS X 10.10 VM. Purpose is to route a Xbox One through the VPN (Golden Frog's VyprVPN) to get around some Geo-IP restrictions.

hany
Posts: 480
Joined: Wed Dec 10, 2014 5:20 pm

Re: Sharing openVPN connection

Post by hany » Wed Nov 04, 2015 3:49 pm

You can use Murus 1.3.2 to share a OpenVPN connection, no need to use the old 1.1beta.
Probably you will just need to disable the "Pass PAN" option in Murus Preferences -> General.

ElvinAtombender
Posts: 5
Joined: Tue Nov 03, 2015 7:52 pm

Re: Sharing openVPN connection

Post by ElvinAtombender » Sun Nov 08, 2015 5:13 pm

Thanks that worked. I also want DNS to go out the VPN as I want to use my VPN providers DNS service. Regardless of what I've tried I can't seems to get it to route properly. Any suggestions?

Post Reply