So, quick context, for work I need to connect to a VPN, but my current computer (m1 Macbook Air) is not supported yet by our software, I have another Mac mini that can run said VPN so, can I just tunnel the connection from my m1 mac to the Mac mini? I was thinking setting up a local vpn on the mini and remote to it via LAN from my M1 Macbook.
Yes it is possible. In System Preference > Sharing > enable “Internet Sharing” from the list.
You will have two more detailed settings in the right half. The upper drop menu should be set to VPN you’re using, and the bottom half should be set to the network interface that your other computers connect to.
If you’re using Ethernet to connect to VPN and want to share the connection to other computers via WiFi, you need to create a WiFi network on your VPN computer, and give it a name (a.k.a. “SSID”) so that the other computer can join. You can do that from the WiFi menu bar icon > Create Network. You don’t need to manually assign IP address to it.
If you’re using WiFi to connect to VPN and want to share Ethernet to other computers, you need to assign an static IP to it in private network IP address range, and on your other computers you need to set to the same subnet, and assign the Ethernet IP address of VPN computer as “Default Gateway” or “Default Route” of the other computers.
It is possible to use Ethernet for both VPN and sharing, but it’s not recommended. You should use an Ethernet USB adaptor as the second NI (network interface), instead of creating a virtual NI.
This may work, just one caveat, you should prolly check if this is against policy. Maybe it’s only allowed to put the endpoint on the actual machine you’re on. But if that’s the case maybe you can work on the mini and just remote desktop to it from the mba… of course then you won’t get M1 performance…
Thanks for the good explanation u/ulyssesric
Do you know if the same is possible if I connect to the VPN via Wi-FI (Wireguard VPN) and want to share the VPN connection to another MacBook via USB-C cable?
He probably wants to connect to enterprise self-owned VPN service since he mentioned “by our software”. It’s quite common during lock down, and unfortunately the IT departments of all enterprises are always lagging behind the market for at least 1 year.
VPN clients on M1 can run in either native mode or Rosetta, so AS/x86 support is not the main issue. Most commercial VPN can run smoothly on M1 without problems now. If some app has trouble running on M1, it means that it has not been maintained for 10+ months. It is inconceivable for commercial services.
You can’t do that via any arbitrary “USB-C” cable. It’s only possible to share Internet connection (including VPN interface) to another Mac via a Thunderbolt cable. The network interface of Thunderbolt peer-to-peer connection is called “Thunderbolt Bridge”.
https://apple.stackexchange.com/questions/282553/internet-sharing-via-thunderbolt-cable
Please note that although both USB cable and Thunderbolt 3/4 cable use type-C connector, they’re not the same thing.
USB type-C is a standalone standard that is NOT part of USB 3.x / USB 4 series standards, and it only regulates the format and pin layout of connectors and sockets. It’s other standards, including USB 3.x / USB 4, Thunderbolt, HDMI and DisplayPort, that adopt USB type-C as an optional format of socket / connector. Different standards will have different requirements on cables and wiring.
In other words: when you saw a “USB-C” cable, i.e. a cable with type-C connector on both ends, it could be a charging cable that is only capable to carry USB 2.x data rate (480 Mbps), or a USB 3.0 cable (5 Gbps), or a USB 3.1 cable (10 Gbps), or a Thunderbolt / USB4 cable (40 Gbps). So just don’t grab any arbitrary “USB-C” cable and hope it would work as expected.
Read this for more info about cables: https://learn.adafruit.com/understanding-usb-type-c-cable-types-pitfalls-and-more/cable-types-and-differences
TL;DR: the “real” Thunderbolt cable is either extremely short (~50cm) or extremely expensive (US$60 for a 2m active cable). A better (and a LOT cheaper) way for wired peer-to-peer network sharing is Ethernet dongles.
That said, if you want all devices in a local network to go through VPN, you should just setup VPN client on your router.
Ok good insight. I just meant they may also want to check policy if they want to do the two-hop thing. Am I off base there?