Come condividere la società Tunnelblick VPN (via Wifi) su Ethernet?

Ho un MacBook Pro 2017 rilasciato dall'azienda (4 x Thunderbolt 3 porte, macOS Sierra 10.12.6). Il mio IT ha installato Tunnelblick VPN in modo tale da accedere ai server aziendali interni tramite WiFi a casa. Mi piacerebbe condividere la connessione VPN via cavo Ethernet ad un'altra macchina domestica (laptop e / o desktop Windows). Sembra abbastanza semplice, eh?

Model Name: MacBook Pro
Model Identifier:   MacBookPro14,2
Processor Name: Intel Core i5
Processor Speed:    3.1 GHz
Number of Processors:   1
Total Number of Cores:  2
L2 Cache (per Core):    256 KB
L3 Cache:   4 MB
Memory: 16 GB
Boot ROM Version:   MBP142.0167.B00
SMC Version (system):   2.44f1
Serial Number (system): C02TW0QCHV2T
Hardware UUID:  FF55C0D0-DDD5-50AE-B914-473716A4D10B
4 x Thunderbolt-3/USB-C ports

Ecco l'ifconfig di base (nessun cavo Ethernet, nessuna condivisione Inet, nessuna VPN) che funziona come previsto: Riesco a vedere i siti Web esterni, ma non i siti interni della società:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
  options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
  inet 127.0.0.1 netmask 0xff000000 
  inet6 ::1 prefixlen 128 
  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
  nd6 options=201<PERFORMNUD,DAD>
 gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
 stf0: flags=0<> mtu 1280
 en6: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  ether ac:de:48:00:11:22 
  inet6 fe80::aede:48ff:fe00:1122%en6 prefixlen 64 scopeid 0x4 
  nd6 options=281<PERFORMNUD,INSECURE,DAD>
  media: autoselect
  status: active
en8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  options=4<VLAN_MTU>
  ether 00:e0:4b:36:61:46 
  nd6 options=201<PERFORMNUD,DAD>
  media: autoselect (none)
  status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  ether 8c:85:90:05:2b:d7 
  inet6 fe80::56:be65:a160:ad8%en0 prefixlen 64 secured scopeid 0x6 
  inet 192.168.1.168 netmask 0xffffff00 broadcast 192.168.1.255
  nd6 options=201<PERFORMNUD,DAD>
  media: autoselect
  status: active
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
  options=60<TSO4,TSO6>
  ether fe:00:94:e0:83:04 
  media: autoselect <full-duplex>
  status: inactive
  en4: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
  options=60<TSO4,TSO6>
  ether fe:00:94:e0:83:05 
  media: autoselect <full-duplex>
  status: inactive
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
  options=60<TSO4,TSO6>
  ether fe:00:94:e0:83:00 
  media: autoselect <full-duplex>
  status: inactive
en3: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
  options=60<TSO4,TSO6>
  ether fe:00:94:e0:83:01 
  media: autoselect <full-duplex>
  status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  options=63<RXCSUM,TXCSUM,TSO4,TSO6>
  ether fe:00:94:e0:83:00 
  Configuration:
    id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
    maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200 
    root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
    ipfilter disabled flags 0x2
  member: en1 flags=3<LEARNING,DISCOVER>
        ifmaxaddr 0 port 9 priority 0 path cost 0
  member: en2 flags=3<LEARNING,DISCOVER>
        ifmaxaddr 0 port 7 priority 0 path cost 0
  member: en3 flags=3<LEARNING,DISCOVER>
        ifmaxaddr 0 port 10 priority 0 path cost 0
  member: en4 flags=3<LEARNING,DISCOVER>
        ifmaxaddr 0 port 8 priority 0 path cost 0
  nd6 options=201<PERFORMNUD,DAD>
  media: <unknown type>
  status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
  ether 0e:85:90:05:2b:d7 
  media: autoselect
  status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
  ether 02:11:66:be:14:c8 
  inet6 fe80::11:66ff:febe:14c8%awdl0 prefixlen 64 scopeid 0xd 
  nd6 options=201<PERFORMNUD,DAD>
  media: autoselect
  status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
  inet6 fe80::e196:26e7:fb6c:2069%utun0 prefixlen 64 scopeid 0xe 
  nd6 options=201<PERFORMNUD,DAD>

Ora collego il PC < - > Cavo Ethernet < - > adattatore < - > Thunderbolt3 < - > Mac. La modifica a Mac ifconfig è:

en8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  options=4<VLAN_MTU>
  ether 00:e0:4b:36:61:46 
  inet6 fe80::108b:f827:7bd6:a14f%en8 prefixlen 64 secured scopeid 0x5 
  inet 169.254.209.90 netmask 0xffff0000 broadcast 169.254.255.255
  nd6 options=201<PERFORMNUD,DAD>
  media: autoselect (100baseTX <full-duplex>)
  status: active

Quindi sembra che en8 sia un'interfaccia Ethernet (si presenta in Rete come USB 10/100 LAN / IP assegnato automaticamente, connesso, usando DHCP). Ora vado su (Mac) Condivisione e accendo Condivisione Internet da Wi-Fi a USB 10/100 Lan. A volte (come in questo esempio) è richiesto un riavvio del Mac (non so perché?), Ma ora posso accedere a Inet dal PC tramite Ethernet. Le modifiche a ifconfig sono:

en8: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
  options=4<VLAN_MTU>
  ether 00:e0:4b:36:61:46 
  inet 169.254.160.155 netmask 0xffff0000 broadcast 169.254.255.255
  nd6 options=201<PERFORMNUD,DAD>
  media: autoselect (100baseTX <full-duplex>)
  status: active
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  ether 8c:85:90:05:2b:d7 
  inet6 fe80::1443:52bd:fc9:5d8e%en0 prefixlen 64 secured scopeid 0x6 
  inet 192.168.1.168 netmask 0xffffff00 broadcast 192.168.1.255
  nd6 options=201<PERFORMNUD,DAD>
  media: autoselect
  status: active
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
  ether ca:86:5c:83:f9:ac 
  inet6 fe80::c886:5cff:fe83:f9ac%awdl0 prefixlen 64 scopeid 0xd 
  nd6 options=201<PERFORMNUD,DAD>
  media: autoselect
  status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
  inet6 fe80::8bff:1abf:f968:adf9%utun0 prefixlen 64 scopeid 0xe 
  nd6 options=201<PERFORMNUD,DAD>
bridge100: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  options=3<RXCSUM,TXCSUM>
  ether ae:de:48:00:33:64 
  inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
  inet6 fe80::acde:48ff:fe00:3364%bridge100 prefixlen 64 scopeid 0xf 
  Configuration:
    id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
    maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
    root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
    ipfilter disabled flags 0x2
  member: en8 flags=3<LEARNING,DISCOVER>
        ifmaxaddr 0 port 5 priority 0 path cost 0
  nd6 options=201<PERFORMNUD,DAD>
  media: autoselect
  status: active

Finora, tutto bene. Ora accendo la VPN. Inet sul Mac funziona ancora, inoltre ora posso accedere ai siti aziendali interni. Le modifiche a ifconfig sono:

tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  ether 2e:f1:63:c3:59:aa 
  inet 10.2.4.110 netmask 0xffffff00 broadcast 10.2.4.255
  media: autoselect
  status: active
  open (pid 1223)

Tuttavia, non posso più accedere a Inet dal PC. Tutto dice "Non c'è connessione a Internet.": (

Nota: speravo di vedere una nuova voce in Internet Sharing per "da: VPN" o qualcosa del genere, ma non c'è nulla di nuovo lì. Ho cercato su Google un numero di elementi, come questi:

link link link

Suggeriscono di impostare una o più regole nat, come ad esempio:

nat on utun0 from bridge100 to any -> (utun0)
    -or-
nat on tap0  from bridge100 to any -> (tap0)
    -or-
nat on en0   from bridge100 to any -> (enp0)

e poi facendo:

sysctl -w net.inet.ip.forwarding=1
sysctl -w net.inet.ip.fw.enable=1    # Note: gets unknown oid on my MAC
pfctl -d
pfctl -F all
pfctl -f ./nat-rules -e

Ho provato (sembra) centinaia di varianti di questi comandi (nomi intrerface nativi diversi, ecc.), ma niente sembra funzionare. Posso ancora accedere a siti esterni e interni dal Mac, ma niente dal PC. Qualche consiglio?