Internet Sharing on macOS is a handy feature that allows you to extend your internet connection to other devices. While generally reliable, it’s not without quirks. I recently discovered an Internet Sharing issue that’s been a problem for years, but I always thought that it was caused by something else due to how Internet Sharing works.
The Intricacies of Internet Sharing
At the core of Internet Sharing is the bridge100 network interface, which, by default, uses the 192.168.2.x IP range. Most people won’t experience problems with this setup, but when you connect to a network that’s using a completely different range, say one operating on the 10.0.0.x range, and attempt to reach an external IP through a VPN, let’s say 192.168.2.2 you’ll find that the connection will fail.
If the external IP address you’re targeting falls within the same range as your local network—or overlaps with any network interface—your Mac will see this as an attempt to connect locally. So instead of routing the connection via the VPN (as you’d intend), the system searches the local network, trying to connect through active interfaces. This detour will likely lead to a dead end, and ultimately leaves you unable to access your desired destination.
Why Does This Happen?
The underlying reason lies in how macOS prioritizes network routes. The system defaults to the easiest, most direct path, which values local traffic, over that of a VPN tunnel. This behavior is influenced by overlapping IP ranges and routing rules, leading to conflicts that manifest as connectivity issues.
To better understand which interfaces might be interfering, you can inspect your network setup using this command:
ifconfig | awk '/^[a-z]/ {iface=$1} /inet / && $2 != "127.0.0.1" {hex=substr($4,3); printf "%s %s | %d.%d.%d.%d\\n", iface, $2, "0x" substr(hex,1,2), "0x" substr(hex,3,2), "0x" substr(hex,5,2), "0x" substr(hex,7,2)}'This will list active interfaces along with their IP addresses and subnet masks, offering an easy way to troubleshoot this Internet Sharing issue.
If you would like to see the IP range for each interface, you can run the following script.
Your Title Goes Here
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
get-interfaces.sh
#! /bin/bashifconfig | perl -ne 'if (/^([a-z0-9]+):/) { $iface = $1;} elsif (/inet (\\d+\\.\\d+\\.\\d+\\.\\d+)\\s+netmask 0x([0-9a-f]+)\\s+broadcast (\\d+\\.\\d+\\.\\d+\\.\\d+)/) { $ip = $1; $hexmask = $2; $broadcast = $3;
$mask = join ".", map { hex($_) } ($hexmask =~ /(..)(..)(..)(..)/); @ip_parts = split /\\./, $ip; @mask_parts = split /\\./, $mask;
@net = (); @bcast = (); for $i (0..3) { if ($mask_parts[$i] != 255) { $net[$i] = $ip_parts[$i] & $mask_parts[$i]; } else { $net[$i] = $ip_parts[$i]; } $bcast[$i] = $net[$i] | (255 - $mask_parts[$i]); }
printf "%s: %s | %s | %d.%d.%d.%d — %d.%d.%d.%d\\n", $iface, $ip, $mask, $net[0], $net[1], $net[2], $net[3], $bcast[0], $bcast[1], $bcast[2], $bcast[3];}'
Conclusion
While it’s tempting to jump straight to solutions, there’s value in exploring these issues deeply. Understanding the intricacies of network interfaces, IP overlap, and routing priorities provides insight into not just the “what” but the “why” behind this Internet Sharing issue. It’s a window into the sophisticated, and often invisible processes that keep our digital lives connected—or, occasionally, disconnected.
So next time you encounter an elusive connectivity problem, consider it an opportunity to peel back the layers and appreciate the complexities of your network ecosystem.
I hope this article provided you with what you were looking for. If you have any feedback, please leave a comment.
Related Articles:
You can find a few fixes for this issue in this article.
If you want to learn how to enable, and configure, Internet Sharing. You can read this one.
Credits
- Apple – Parts of the Featured Image.
