Networking

Get an easy VPN on-the-cheap with ShareTool for Mac

Take advantage of the ShareTool for the Mac, an easy, VPN-like alternative to Apple Remote Desktop. Vincent Danen shows you how to get it and use it.

With the availability of cellular networks to transfer data and wireless hotspots at many coffee shops and airports, it has become so much easier to be online all the time, anywhere you happen to be. This ubiquity of Internet availability allows you to access public resources like websites and some private resources like email or financial institutions.

However, with this kind of availability, sometimes it is nice to be able to get access to systems that are not normally available. Traditionally this has been done through the use of Virtual Private Networks (or VPNs), but these can sometimes be difficult to properly set up, especially for Joe Average.

A program for OS X called ShareTool makes this really easy. What it does is create a VPN-like connection to your home or office network so that you can access information on the remote network. Initially, ShareTool was created to make using Bonjour-aware services on the remote network accessible to the system you happen to be using. This means that you have easy access to file shares, shared iPhoto libraries, shared iTunes music, printers, and so forth -- anything that is typically shared by Bonjour, including screen sharing.

Unfortunately, ShareTool is pretty Mac-specific, so if you are using a network with mixed systems you need to access, a real VPN is probably a better way to go (but ShareTool can work layered over a traditional VPN also).

To use ShareTool, you need a copy of the program on each computer it will be run on, so one copy on the "server" and another on the "client." This does mean you need to have a license for each one.

Installing ShareTool is easy. Simply install the application and launch it. On the system you plan to share, in the ShareTool menu that pops up at first launch, click the Start button next to Network Sharing and give the network a name ("Home" is the default). You will need to sign up for a free ShareTool account -- this part I disagree with, but the site indicates the only thing stored on the server is the email address, encrypted password (for the service), and the public IP address(es) of the ShareTool servers (so you can connect from a client without knowing the server's IP address). Once that is done, the server will auto-configure itself using UPnP or NAT-PMP (if your firewall does not support either protocol you can see how to manually configure this using the ShareTool Help).

Finally, make absolutely sure that the ShareTool password you use is not the same as your system account password! It does not need to be the same, and should absolutely not be the same.

On the client system, install ShareTool as well. And when you are remote from the server, use the Connect pane to enter your authentication credentials to your ShareTool account. When you sign in, you will be presented with a list of available networks to connect to. Click on the name of the network, then click Connect.

You will now need to enter the credentials to the remote server: username and password. However, since ShareTool uses OpenSSH as the transport mechanism, it supports the use of SSH public keys. I highly advise using a public/private keypair rather than typing in the password to the remote server (this is more secure and if anything is compromised, it would be the passphrase to the private key, stored locally, not the password to the remote server).

One neat thing about ShareTool is that it does use OpenSSH as the transport layer. This increases, for me, the confidence in the tool. I would be happier if there was no need to use the ShareTool server at all; it serves its purpose for a lot of people, but I'm naturally distrustful and I duplicate the same with DynDNS and don't see the need for it. But the ability to use OpenSSH as the connection mechanism, and especially the support for public/private keys, really makes ShareTool a very easy "VPN on the cheap." And it works exactly as advertised, which makes it quite a useful tool.

Performance is pretty good as well. Sharing the screen of my desktop at home while connected from a remote network was quite usable. There is a bit of lag, of course, but it is relatively minor. If you're looking for full control of your Mac, with access to Bonjour-enabled services, and don't feel like shelling out for Apple Remote Desktop, ShareTool is a great program to try.

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

4 comments
apples9988
apples9988

hey guys - great article... just wanted to share that you can also setup a really simple, easy to use VPN with VPN authority (www.vpnauthority.com) ... compatible with mac or PC ... anyways, best VPN service IMO. :)

paul.kwan
paul.kwan

I use LogMeIn for the same function. They have been around for a long time and even much more easier to install and use. Check it out too...

darkstate
darkstate

Very good post but for ease of use on all the big OS's, Teamviewer not only does VPN it does remote access/ftp/presentation. The good thing is you don't need to Install the program, You can just run the exe program, so this is good for sticking on a usb/cd etc. This is also available as an app for the iphone if you use it for the mac or windows. http://www.teamviewer.com/download/index.aspx

darkstate
darkstate

Teamviewer has vpn built in and its free to use, Looks like vpn auth is a paid service per month.

Editor's Picks