How to Secure IP Binding for Mac using IPFW

There is an easy way to achieve IP binding on Mac, e.g. to prevent filesharing tools from down/upload in case the VPN connection is lost.

Note that this works with OpenVPN and PPTP protocol. See solutions 1 and 2 below.


Note: Disabling the IPFW firewall (flushing all firewall rules) is done by running "sudo ipfw -f f";
However, this is done by using our scripts, so you only should do this manually in a terminal window when experiencing any kind of connection problems.

---

Solution 1

First please download this scripts (e.g. rightclick and save as): EnableIPBinding + DisableIPBinding


Now you need to get the IP of the VPN servers you want to set IP binding for - get it e.g. from the bottom of the VPN config files
from http://hidemyass.com/vpn-config/ or from the PPTP server list page in the VPN control panel (it's the same servers)

Take a look at the 11th line from the script EnableIPBinding - it contains the IP of the Phoenix LOC1S1 server.
Now you can duplicate this 11th line and just switch the IP with the ones from your favorite servers, e.g. that the code looks like this:

sudo ipfw add 01002 allow ip from any to 184.171.165.2 dst-port 443,53,1723 out via en*
sudo ipfw add 01002 allow ip from any to 42.121.55.212 dst-port 443,53,1723 out via en*
sudo ipfw add 01002 allow ip from any to 69.242.95.11 dst-port 443,53,1723 out via en*
sudo ipfw add 01002 allow ip from any to 128.95.22.65 dst-port 443,53,1723 out via en*
Save the script after making your changes.
You might still need to make both scripts executable, e.g. by running "chmod u+x EnableIPBinding" and "chmod u+x DisableIPBinding" in terminal.
Of course you need to change into the directory where you saved those files, before you can do this.

Now you can easily enable IP binding by running the script EnableIPBinding,
and disable it by just running the script DisableIPBinding.

---

Solution 2

First please download this script (e.g. rightclick and save as): bind.sh
Save it into a specific folder where you can find it later, e.g. on the Desktop.

Now you need to get the IP of the VPN servers you want to set IP binding for - get it e.g. from the bottom of the VPN config files
from http://hidemyass.com/vpn-config/ or from the PPTP server list page in the VPN control panel (it's the same servers)

Take a look at the 8th line from the script - it contains the IP of the Phoenix LOC1S1 server. Open it with your favorite text editor.
Now you can duplicate this 8th line and just switch the IP with the ones from your favorite servers, e.g. that the code looks like this:

ipfw add 01002 allow ip from any to 184.171.165.2 dst-port 443,53,1723 out via en*
ipfw add 01002 allow ip from any to 42.121.55.212 dst-port 443,53,1723 out via en*
ipfw add 01002 allow ip from any to 69.242.95.11 dst-port 443,53,1723 out via en*
ipfw add 01002 allow ip from any to 128.95.22.65 dst-port 443,53,1723 out via en*

Now, open a terminal window. Change into the folder where you saved the script earlier (e.g. Desktop)
Then run the script with the parameter "enable" to enable IP binding, e.g.
sudo bash bind.sh enable

To disable it, run
sudo bash bind.sh

How UTorrent VPN works

This article shows several ways to optimize uTorrents performance, maximizing download speeds and improving connectivity. See also the article "Speed" for a lot of more tips, tools and hacks to improve your internet connection speed.

uTorrent advanced settings (Tab "Advanced")

• bt.allow_same_ip
  Meaning: Enabling this option allows multiple incoming connections from the same IP address. This option affects a single torrent job at a time, so you can still have the same IP address connect to you on different torrent swarms.
  Recommendation: Enabling this option possibly increases download speeds because it allows multiple connections from one IP:
• bt.connect_speed
  Meaning: This option specifies the number of connections µTorrent should allow to be attempted and/or established each second, whether the connections use uTP or TCP.
  Recommendation: Set this value higher speeds up connecting to seeds+peers. I've had good result with 22-77; of course it depends on your internet connection.
• bt.enable_tracker
  Meaning: Enabling this option enables the rudimentary tracker embedded in µTorrent. If you wish to use this tracker, the URL is located at http://IP:port/announce, where IP is your WAN IP address, and port is the port µTorrent is listening on (or the alternative listening port if set and enabled). If you use a dynamic DNS service, your domain may be used instead of your IP address. The embedded tracker allows tracking of external .torrent files, and provides no way to limit them. There is no interface for viewing the .torrent files that are tracked. It is imperative that µTorrent is able to listen for incoming connections for this feature to work properly, so you have to make sure you have completely forwarded your ports in order to use the embedded tracker.
  Recommendation: May give you more peers to download from.
• bt.multiscrape
  Meaning: Enabling this option allows µTorrent to send multiple hashes each time it scrapes a tracker, which is more efficient than sending one hash at a time. In most circumstances, this option should not need to be disabled, as µTorrent will fall back to single scraping if it detects that the tracker does not support multi-scraping.
  Recommendation: Should always be enabled to increase amount of peers.
• bt.no_connect_to services
  Meaning: This option tells µTorrent not to connect to peers using ports specified in bt.no_connect_to_services_list as their listening ports. This stops firewalls from complaining about µTorrent trying to send an e-mail.
  Recommendation: Disabling this option possibly increases download speed if some peer uses the ports listed in bt.no_connect_to_services_list in his BitTorrent client.
• bt.ratelimit_tcp_only
  Meaning: Enabling this option tells µTorrent to limit the upload and download rates for TCP connections based on information received over the uTP transport rather than using static global rate limits. This option is ignored if bt.tcp_rate_control is disabled.
  Recommendation: Should be disabled to achieve max speed.
• bt.scrape_stopped
  Meaning: Enabling this option allows µTorrent to get seed and peer counts for torrent jobs that are stopped.
  Recommendation: Should be disabled, else it will reduce speed because of too much connections.
• bt.send_have_to_seed
  Meaning: Enabling this option tells µTorrent to send a message to other seeds indicating how many pieces you currently have.
  Recommendation: Depends on how much percent of a torrent is already downloaded, it may improve speeds. If you just have a little part finished, it improves speeds. If you almost have a torrent finished, it will reduce speeds ("Endgame mode")
• bt.set_sockbuf
  Meaning: This debugging option allows µTorrent to automatically detect the TCP buffer size periodically (so_sndbuf) and adjust it based on your upload speed. It does not adjust based on latency.
  Recommendation: The recommendation for this setting depends on your internet connection. I have good results with it set to "false".
• bt.tcp_rate_control
  Meaning: Enabling this option tells µTorrent to use information from the uTP transport as hints for limiting TCP transfer rates.
  Recommendation: Should be disabled, or else speeds will be limited.
• bt.transp_disposition
  Meaning: This option controls µTorrent's level of bias towards using TCP or uTP for transporting data (assuming the peer at the other end of the connection supports both transport protocols).
  Recommendation: Set this to 255 to allow all kinds of connections.
• bt_use_ban_ratio
  Meaning: This option tells µTorrent to use bt.ban_ratio to decide when a peer gets banned after it has exceeded bt.ban_threshold.
  Recommendation: Setting this to false might increase speeds because it allows downloading from peers which otherwise you could not download from.
• bt.use_rangeblock
  Meaning: When enabled, µTorrent will automatically attempt to determine whether an entire range of IP addresses should be banned for sending hashfailed pieces rather than banning individual IPs one at a time. When µTorrent bans 4 IPs from the same /24 CIDR block, it will ban the entire /24 CIDR block. When µTorrent bans 4 CIDR blocks of size /24 from the same /16 CIDR block, it will ban the entire /16 CIDR block. When µTorrent bans 4 CIDR blocks of size /16 from the same /8 CIDR block, it will ban the entire /8 CIDR block.
  Recommendation: Set this to false, or else you will ban good peers.
• dht.rate
  Meaning: This option specifies the amount of bandwidth that DHT will use. The default value, -1, tells µTorrent to manage the bandwidth usage automatically based on your maximum upload rate. The automatic value is obtained by dividing your maximum upload rate by 16. This value is interpreted in bytes per second, so please enter it as such.
  Recommendation: This setting can be left to default ("-1"). If your upload bandwidth is high enough, you can set this to 4096, which may give more peers through DHT.
• ipfilter.enable
  Meaning: This option, when enabled, tells µTorrent to load ipfilter.dat and apply the rules on connections established after it is loaded. Note that disabling and re-enabling this option will force µTorrent to reload ipfilter.dat.
  Recommendation: Disabling this can improve speeds because it allows connections to peers that otherwise would be blocked. For security reasons you should enable it, but only if you have a IPFILTER.DAT file installed.
• isp.bep22
  Meaning: This option enables Local Tracker Discovery, allowing µTorrent to attempt to discover ISP-local trackers via a series of reverse DNS lookups. The ISP-local tracker can return a list of peers and caches (most likely ISP-local). Note that if your ISP is known to interfere with BitTorrent traffic, careful consideration should be taken in deciding to enable this option. Announcing to a ISP-hosted tracker indicates to the ISP that you are using BitTorrent, and as such, can make it easier for the ISP to interfere. Private torrent jobs are not announced to local trackers.
  Recommendation: Should be disabled. Can possibly get you more peers, but in reality that won't happen.
• net.calc_overhead
  Meaning: If enabled, this option tells µTorrent to include communication overhead between you and other peers in the transfer rate calculations.
  Recommendation: Enable this to prevent uTorrent from using too much upload bandwidth. May improve download speed.
• net.calc_tracker_overhead
  Meaning: If enabled, this option tells µTorrent to include communication overhead between you and the tracker in the transfer rate calculations.
  Recommendation: Enable this to prevent uTorrent from using too much upload bandwidth. May improve download speed.
• net.disable_incoming_ipv6
  Meaning: If enabled, this option tells µTorrent to not use IPv6.
  Recommendation: Set this to false to allow downloads from IPv6 peers. Can improve speeds.
• net.discoverable
  Meaning: If enabled, this option tells µTorrent to listen on one of a sequence of well-known ports for incoming connections in addition to the standard and alternative listening ports. Because the sequence of ports is well-known to applications attempting to interface with µTorrent, it allows for such applications to connect to µTorrent with less effort on the user's part.
  Recommendation: Set this to true to improve connectivity.
• net.max_halfopen
  Meaning: This option specifies how many connections µTorrent should attempt to establish simultaneously at any given time. On systems running Windows XP with Service Pack 2 (SP2) or newer, if your TCPIP.sys file is unpatched, you should leave this option at its default value.
  Recommendation: Setting this to 255 often improves speeds.
• net.utp_packet_size_interval + net.utp_receive_target_delay + net.utp_target_delay
  Meaning:
  Recommendation: This settings can get played around with, but won't affect speed noticeable.
• net.wsaevents
  Meaning: This option is used for tweaking if you are experiencing odd firewall issues. Decrease the value one by one to see if it helps.
  Recommendation: Setting to 150 may improve speed.
• peer.disconnect_inactive
  Meaning: Enabling this option tells µTorrent to disconnect from a peer that is not transferring with you after peer.disconnect_inactive_interval seconds of inactivity. A peer gets disconnected by this option only if the connection limit has been reached.
  Recommendation: Set this to true or else your uTorrent will be overloaded after a while.
• peer.lazy_bitfield
  Meaning: Some ISPs block seeding by looking for the complete bitfield and closing the connection. When enabled, µTorrent does not send the complete bitfield, but a sample of it, so as to prevent blocking of seeding.
  Recommendation: Set this to true for avoiding ISP blockings. Improves seeding, so it also improves downloading.
• peer.resolve_country
  Meaning: Enabling this option tells µTorrent to use an Internet database of IP addresses (a DNSBL) to determine a peer's country. Even if the settings directory contains flags.conf and flags.bmp, this option will take precedence, and the internal flag images will be used instead.
  Recommendation: Should be deactivated to save some traceroutes, possibly increasing speed.

For information about the other advanced settings that aren't listed here, see the uTorrent Help File (.zip).

Tab "Connection"

UPnP Port Mapping should be enabled - uTorrent then sets port forwarding for ports it needs automatically via Universal Plug&Play (if supported by your router).
NAT_PMP Port Mapping should be disabled - it mostly doesn't work right and is only an alternative for UPnP Port Mapping.
Windows Firewall exception should only be enabled if your windows firewall is active (which is NOT recommended).
Port for incoming connections - Port choice is important for your connectivity. You should choose a port higher than 50000 to prevent conflicts with other applications

Tab "Bandwidth"

Limit Transport overhead should be disabled if you only have a limited upload bandwidth. Play around with it and check the speed difference.
Limit uTP-connections usually should be disabled, except if you have deactivated your halfopen limit (see advanced setting "net.max_halfopen" and article Speed).
Use additional upload slots should be enabled to allow more people to download from you, allowing also you to download more from them.

Tab "BitTorrent"

Bandwidth Management [uTP] should only be enabled if you feel that other internet applications are working slowly.
Protocol encryption should be set to "enabled". If you're not using a VPN service, set this to "forced" for more security.
Everything else should be left to default or doesn't give any advantage.

uTorrent is not downloading while on VPN

If uTorrent is unable to down/upload while the VPN is connected, or you can't connect to any trackers, there are several things you should try:

• Try again with VPN servers from a different area
• Switch VPN protocols between OpenVPN / PPTP / L2TP / UDP
• Enable UPnP and NAT-PMP port mapping in the uTorrent settings
• Try different ports in the uTorrent settings
• Disable all security related software on your computer, antivirus, firewall, especially the windows firewall, peerblocking tools, etc.
• Disable Secure IP Binding feature in the HMA! Pro VPN client
• Install a different uTorrent version (alpha/beta version, x64 version, etc.) -> http://forum.utorrent.com/viewforum.php?id=4

Additional

• You should try out beta and alpha versions, new versions can be found here: uTorrent announcement forum
  
  • µTorrent 3.0 (32-bit) Stable Release
  • µTorrent 3.0 64-bit experimental 25422
• Apps like "uTorrent Turbo Booster", "uTorrent Ultra Accelerator" and similiar apps you may find on the web are scamware; they don't change anything. Any advantage you may notice when using those tools are placebo-effects.
• Using a too big IPFILTER.DAT or IP-Blocklist (PeerBlock) may also reduce your speed because they contain many tracker IPs and good users.
• There are hacked versions of uTorrent that may increase speeds, but I won't help you finding them because it supports leeching and damages the BitTorrent-credit-system

How to Force Vuze to only load Torrents through VPN on Mac

Fortunately, on Mac this works exactly the same, just that the interfaces are named differently.
As you can see here, in this example PPTP/L2TP is "ppp0", and OpenVPN is "tun0".



Everything else just needs to be done as in the Windows instructions above. As mentioned, if you can't find your interface in the list, first connect to the VPN and then check the options in Vuze.

How to Force Vuze to only load Torrents through VPN for Windows

There is an easy way to configure the torrent client Vuze so that it only down/uploads while the VPN is connected. This works on Windows and Mac. Other related articles: Mac Firewall - some basics about Mac Firewall configuration IP Binding - all about Secure IP Binding

Windows

• Download Vuze from: http://www.vuze.com/download/
• Install it and run it. Now we need a torrent file for testing, a good idea would be Knoppix: http://torrent.unix-ag.uni-kl.de/
• Add one of the knoppix torrents into the download list.
• Connect to the VPN using the VPN protocol you want to bind Vuze to.
  Otherwise you might be unable to see the corresponding interface in the list later
• Now, go to "Tools", "Options" in the menu.
• Under "Mode", select "Advanced" so that Vuze shows all settings.
• Go to "Connection". Doubleclick it or click the arrow to get into the submenu "Advanced connection settings".
• You should see something like this:

Important: Make sure the checkbox next to "Enforce IP bindings even when interfaces are not available" is checked;
otherwise it can happen that Vuze keeps downloading without using the VPN.
Of course your adapter list will be much longer, since it will show all network adapters your operating system has.
But for the purpose of IP binding for VPN, we only need the VPN related adapters, which are:

• TAP-Win32 Adapter V9
• WAN Miniport (PPTP)
• WAN Miniport (L2TP)

The TAP adapter is responsible for OpenVPN connections, and the WAN Miniports for PPTP and L2TP connections.
OK, let's say you want to set Vuze so it only down/uploads while an OpenVPN connection is active.
For that, you just need to enter the interface identifier into the field next to "Bind to local IP address or interface".
Note that the interface identifier is named different on every system, so make sure to check how exactly it is called on yours.
In this example, it is "eth15" for OpenVPN, "net2" for PPTP" and "net1" for L2TP.
You'll most likely have several similar named interfaces in the list, for example "(TAP-Win32 Adapter V9 - Deterministic Network Enhancer Miniport)".
Make sure to only use the interfaces that are exactly named like in this example, without any suffix.
For testing, just use one of the adapters, e.g. "eth15" for OpenVPN. Enter it into the field and click "Save".
When you're disconnected from the VPN at the moment, the current downloads in Vuze should immediately stop.
That's a good sign - now, please connect to the VPN via OpenVPN protocol. You should notice that the download starts again.
Upon disconnection, the downloads will stop again. Exactly as expected, so far so good.
That's all if you're only using OpenVPN. For setting up the same for L2TP and PPTP, you can

a) replace the "eth15" with "net1" or "net2"

b) append the interface identifiers after each other, so that you would enter "eth15;net1;net2" into the field.

When doing that, make sure to test all protocols if Vuze is working correctly. Due to firewalls and additional protocols installed into the adapters, it might not work as expected.
If you were unable to find the correct interface in Vuze's list, please first connect to the VPN using your preferred protocol, and then open the options of Vuze.
Well done!

How to Use Linux Virtual Machine instead of router for VPN

Connecting Your Home Devices To The Internet Via A VPN Service, Without A VPN Client Capable Router

I’ve just been through this process at home for a “project” I was working on. Those attempting similar “projects” will understand why you’d do it. Those asking the question “But my computer connects fine to the internet already?” can probably stop reading. To give you a hint, I’m in Australia and I’ve just purchased a Roku Media Player from Amazon.

I wanted to set up my computers at home to access the internet through a VPN service. What HMA suggest is to configure the VPN at the router. The router being the gateway between the Internet and my home network. This is fine if your router supports acting as a VPN client. Mine, a TP-Link w8960N, does not support such functionality. So what to do?

The Synology supports acting as a VPN server for connecting back home, and with some tweaking, can be made to support being a VPN client. However, I prefer not to hack my Syno box unless I really have to though. After a quick try (thanks to Greg Hughes blog for the tips), I decided it’d be safer to break something else.

I could have purchased a router that supports VPN client connectivity. There are some articles over at VPNFreedom.com such as this one by Thomas Fals that explain how to set it up. I already have a NAS, Gigabit Switch and Router in the Home theatre cabinet though so the thought of adding another box doesn’t appeal. I also thought there must be a way to do it using software and without spending more money.

In the end, I decided to attempt it using a Ubuntu Linux Virtual Machine running an OpenVPN client and using IPTables to configure routing between the home network and VPN. Sound hard? Well, I wouldn’t recommend it to a novice user but if you have some Linux experience you should be able to manage.

Ubuntu Linux VM
Firstly you’ll want to set up a Linux VM. For those unfamiliar with Virtual Machines, it’s basically just a virtual computer running on another computer. Sticking with the ‘free’ theme of this thread. I decided to go with VirtualBox from Oracle. It’s a freely available Virtualization platform that you can install at home. Unlike VMWare Player or others, it will run on any platform, Windows / Mac / Linux.

I have a MacMini at home that I use as a Plex Media Client. I already had VirtualBox installed. It’s quite a simple download and install from VirtualBox. I won’t cover the install here.
I already had a Ubuntu 10.04 Linux VM configured that I’d used for another project. I’d tried out PS3 Media Server a while ago. So I decided to use that. If you need to install Ubuntu, there are several ways to do it as detailed on the Ubuntu website. You can also just download a pre-built VM image. Oracle have them available here.
I’ll leave it up to you how you want to do it.

OpenVPN Client
I’ll assume you’ve signed up with HMA already. If not, you should sign up for an account if you plan to use it before going any further.
Log on to your Ubuntu VM with root privileges. Whether that’s as root or if you want to sudo each command I’ll again leave that up to you. There are a few packages that you need to install in order to run the openVPN client and connect to HMA. Run the following:
sudo apt-get install openvpn curl unzip dnsmasq-base wget
This installs the OpenVPN client for connecting to HMA plus some tools you’ll need.

HMA Config
Create a directory where you would like to install HMA. HMA will run self contained out of this directory. Then download and unzip the HMA config to that directory.
mkdir /opt/hma
cd /opt/hma
wget http://vpn.hidemyass.com/linux.zip
unzip linux.zip

You are now ready to test your HMA connection. As per the HMA README file you just downloaded. Run the following to connect.
/opt/hma/hma-start -l
This will list the available servers. Choose one in the country you wish to connect via and start the VPN connection e.g.
/opt/hma/hma-start "USA, California, Los Angeles (DC1 S1)"
You will be prompted for your HMA username and password. This should then establish your connection.
If you get time out errors, try a different location. You should see some entries starting with /sbin/ifconfig and /sbin/route add. These entries should be on consecutive lines, if there are errors reported. Kill the process using ctrl+c and try again.

Routing Traffic Via Your VPN Connection
The goal here is to tell our clients to connect to the internet via our Linux VM instead of out directly through the router. We also need to make sure the VM is configured to forward IP packets out to through the VPN instead of bouncing them back to the client.

Firstly, make sure you configure your Ubuntu Linux VM with a Static IP address outside your DHCP range on your local network and that the gateway of your VM is pointing to the address of your router. e.g.
IP: 192.168.1.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1
DNS: 192.168.1.1 assuming your router is providing DNS information.

There’s an excellent Ubuntu doc here on configuring Internet connection sharing. I really recommend reading it. Basically, this document assumes you have two network cards (NICs) or at least two interfaces configured and that your clients are connected to one and that the Internet is connected to the other. This is exactly what we’re doing here. Your local network interface is normally eth0. What we would normally do is set up another interface on eth1 and route traffic between eth0 and eth1. The difference here is that we’re using a openVPN client. When it’s running, this client creates a vpn tunnel interface called tun0. So we will be routing traffic to eth0 out via tun0. We do that using IP tables. For the how’s and why’s check out the Ubuntu doc. In command line form though, it’s the following commands.
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -A FORWARD -o tun0 -i eth0 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables.sav
You may also have to modify the /etc/sysctl.conf file to uncomment the line
net.ipv4.ip_forward=1
Done, assuming you’ve established a VPN connection, you’ve now set up routing on the Linux VM.

Client Config
Connecting clients will vary based on what type of client it is. Computers are the easiest because they’re the most configurable. Basically, you now just change the Gateway or Router address in your network config of your computer to point to your Linux VM. In this case it would be 192.168.1.10. That’s it. If you go to google.com and type in “what is my ip address” it will now show you the IP address of the VPN connection. It will also probably ask if you’d like to stop connecting to google.com.au and use google.com instead as it now thinks you’re in the U.S.

DHCP Only Clients (Optional)
There are some clients. Notably the Roku Media Player, that don’t support static IP addresses or changing the gateway. This is a bit of a pain. Normally, DHCP addresses are provided by your router. In my case this was the TP-Link w8960N at 192.168.1.1. The problem with this is that it also tells your client that the gateway address is 192.168.1.1. This is a problem because then your client uses that for the internet connection and not your fancy new VPN software router. To get around this, I turned off the DHCP function on my router and installed a DHCP server on the Linux VM.
sudo apt-get install dhcp3-server
Then put the following in a file called /etc/dhcp3/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.10;
option domain-name-servers 192.168.1.1;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.200;
}
Then start the dhcp server using
/etc/init.d/dhcp-server start
Reboot your clients and they should pick up an IP address from the Linux VM and be provided with the new gateway address of 192.168.1.10.
Done.

Conclusion
It looks harder than it is and it’s a bit of messing around. You might decide it’s cheaper and easier to just buy a new router that supports VPN connections. I already had VirtualBox installed and a Linux VM so the whole process only took about an hour or so. It also avoids the need for another box in your setup, and it doesn’t cost anything except your time.
Big thanks to the info in everyone’s articles I read putting that helped put this together. I’ve linked where possible.
For those trying out Roku boxes in Australia, there’s a good Whirlpool thread here.

How to make Internet Connection Sharing (ICS) on Windows XP

Since the setup of Internet Connection Sharing on Windows XP differs a bit from other windows versions, you can use this special tutorial for setting it up.
To setup ICS on Windows XP, follow this steps:

• Navigate to the windows control panel -> Network Connections
• You should see your network adapter (the one which is connecting you to the internet)
• We need to ensure that your computer has a static IP, so the Playstation later knows where to get the internet connection from.
• So we first need to check what IP your computer currently has.
• To do so, doubleclick your network adapter and go to the "Support" tab.
• This will show your current IP address, e.g. 192.168.0.5 or 10.0.2.15
• Write down the IP somewhere, or copy it to the clipboard.
• Close the window so you're back where your network adapter was displayed
•  Rightclick your network adapter and select "Properties".
• Select "Internet Protocol (TCP/IP)" and then "Properties".
• Select "Use the following IP address".
• Enter:
• IP address: Here enter the IP you wrote down earlier.
• Subnet Mask: 255.255.255.0
• Default gateway: Leave blank
• DNS servers: 8.8.8.8 + 8.8.4.4 (or any other DNS, e.g. OpenDNS)

Now create a L2TP connection according to this special instructions for Windows XP: http://wiki.hidemyass.com/Tutorials:WindowsXP_L2TP_connection_setup
When that is finished and you successfully tested the VPN connection, rightclick that new connection and select "Properties".
Go to the "Advanced" tab. There, check "Allow otzher network users to connect through this computer's internet connection"
and check "Allow other network users to control or disable the shared internet conection"
You can also disable the Windows firewall here under "Settings", which is a good idea if experiencing any kind of connection issues.


That's all - the rest of the configuration has to be done on your external device that should use the VPN (e.g. Playstation, XBOX, NAS, Computer, etc.)
On that device, you need to use this settings:

• IP address:  Should be in the same subnet as your computer. E.g. if your computer is 192.168.0.5, you could use 192.168.0.6
• Subnet Mask: 255.255.255.0
• Default router/Gateway: Here enter the IP of your computer, you set earlier (e.g. 192.168.0.5)
• Primary DNS: Same here.
• Secondary DNS: Same here.

How to Setup HMA VPN on XBOX via ICS on Mac

How to connect XBOX to VPN via ICS on Mac Note, this set up is for Lion 10.7.3. For Snow Leopard 10.6 you have to edit a plist file in terminal. Heres what you will need: VPN account USB to Ethernet adapter, i use the Apple Macbook Air one Ethernet Cable

You will have to manually enter the VPN connection, here is how: Open System Preferences / Network Click the add (+) interface and choose VPN IMPORTANT: In VPN-Type, select PPTP Set HidemyAss as the service name Click Create This window will now close and you will be taken back to Network Preferences window Leave the Configuration as default In the Server Address enter the PPTP IP address of the VPN Server. To get this you will have to login to the HidemyAss website and navigate to PPTP Server on the left of the website.  Whilst one the website note down your username and password above the server list. Bear in mind that your PPTP password is different to any other password (for security reasons). Click Authentication Setting and enter your PPTP password – NOT YOUR ACCOUNT PASSWORD! Click OK to take you back to the network window Click Advanced and tick “Send all traffic over VPN connection Click Connect and wait for the green light on the connection window. To ensure the service is running smoothy visit a IP trace website such as www.tracemyip.org You will now need to share this VPN network with your XBOX. There two ways of doing this, over WiFi or Ethernet. I prefer Ethernet as its fast for file sharing  (i use my XBOX as a media center also) Option 1 Ethernet: XBOX will connect directly to you Mac with a Ethernet cable Ensure the XBOX is switched off Connect the Ethernet to USB into you Mac. Then connect an ethernet cable from the adapter directly into the back of your XBOX. Open System Preferences / Network USB to Ethernet should be listed in yellow, if not click the add (+) interface and choose USB to Ethernet Click back or Show all to take you to the main System Preferences window and select Select Internet Sharing In the pull down menu “Share you connection from” choose HidemyAss Then tick USB Ethernet adapter On the left list tick [Internet Sharing] and [Start] in the pop up window, this should now be green and active Turn you XBOX on and check the System Setting / Network / Ethernet/ Test XBOX Live to ensure you have a connection Option 2 Wi-fi:  XBOX will connect directly to you Mac using a new Wi-Fi network To use this you will have to have you Mac connected to the internet with an Ethernet cable Open System Preferences window and select Select Internet Sharing In the pull down menu “Share you connection from” choose HidemyAss Then tick WiFi Click the Wi-Fi Option button and set a 5 digit password (WEP Key) On the left list tick [Internet Sharing] and [Start] in the pop up window, this should now be green and active Turn you XBOX on and check the System Setting / Network / Wi-Fi/ Test XBOX Live to ensure you have a connection Theres one more connection option which i haven’t tried but would mean your Mac connects to the internet via wifi and the XBOX will connect to the ethernet port but I’ve not tested this so I’m not sure if it will work.