Share my VPN connection with other LAN users

fugitive's answer works, even on Ubuntu 19.04 but if you don't need to host an internet connection for your other LAN devices, then you can skip a few steps.

If all devices are connected to your LAN via wifi or wired, you can just use these steps:

• Confirm that your PC with the VPN connection can forward packets like a router

  1. cat /proc/sys/net/ipv4/ip_forward ##this should return '1', if it doesn't do step 2
  2. echo '1' >> /proc/sys/net/ipv4/ip_forward

or you can use sysctl.conf

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p #persistent mode

then set iptables to NAT and forward packets received on your local LAN interface and sent out of your tun interface (VPN)

iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

iptables -A FORWARD -i wlan+ -o tun+ -j ACCEPT #change wlan+ to match your LAN adapter
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -m conntrack --ctstate ESTABLISHED,RELATED   -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT

Finally, on your other LAN computer that you want to use your shared VPN - 1. use the route command to add a route for the VPN'd subnets and set the gateway to the IP of your LAN computer network adapter that you set in iptables (not tun, but the wlan+ or en+ adapter)

example: if the computer with the VPN connection has an en0 adapter on your local network with an ip of 192.168.0.100, and your VPN accessible network subnet is 10.0.0.0/24

On your other LAN computer without the VPN connection you'd enter a route cmd like --(for Windows OS)

route add 10.0.0.0 mask 255.0.0.0 192.168.0.100 metric 200 if <interface>

Solution with wifi adapter and hostapd software:

sudo apt-get install hostapd -y

Configure hostapd

interface=wlan0
ssid=Your_WLAN
hw_mode=g # can be b/g/n
wpa=2
wpa_passphrase=PASS
wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256

Edit /etc/network/interfaces

auto wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
address 192.168.0.1
netmask 255.255.255.0

Because your PC is router you need to enable forwarding to interfaces

• 1st way echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p # persistent mode
• 2nd - echo 1 > /proc/sys/net/ip/ipv4/ip_forward

To enable it on the boot and start it: systemctl enable hostapd && systemctl start hostapd

Install dnsmasq as it will be both your dns and dhcp server.

sudo apt install dnsmasq

edit it's conf file: vi /etc/dnsmasq.conf

interface=lo,wlan0
no-dhcp-interface=lo
dhcp-range=192.168.0.2,192.168.0.254,255.255.255.0,12h

Iptables:

iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

iptables -A FORWARD -i wlan+ -o tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -m conntrack --ctstate ESTABLISHED,RELATED   -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT

Let me know if it works for you.