How to share your vpn connection to Apple tv from Mac OSX:
So i finally managed to get a stable vpn connection to my atv - while awaiting some kind of native support! :P
I setup my macbook running Snow Leopard and connected to my router (in my case an airport express connected to a time capsule!) through ethernet. DHCP on everything in case you wonder.
Turned on internet sharing from ethernet over airport. I let DHCP on, even if a local IP was assigned, and just added the DNS 8.8.8.8.
Turned on my openvpn client, i used the overplay.app but any other client like tunnelblick is ok. NOTICE: i didn't manage to share the OS's native vpn connection (i had L2PT) in any way; any advice would be appreciated!
At this point we wanna share that vpn connection which runs on tun0 on through nat.
To do that first let's check if it's actually tun0. Open Terminal - ifconfig. The ip you find that matches your vpn provider's should be under the tun0's inet. As you can see, ther are also the ip's (inet) assigned to ethernet (en0) and airport (en1): make a note of those ip's!
Done, let's create with any texteditor a .sh file with this content:
#!/bin/sh
natd -interface tun0
ipfw -f flush
ipfw add divert natd ip from any to any via tun0
ipfw add pass all from any to any
sysctl -w net.inet.ip.forwarding=1
Let's save it as vpn.sh and put it in your home folder.
BAck to Terminal go in su mode (type "su" and then password). Then chmod 755 vpn.sh (since you should already be cd in your home folder).
Now run the script by typing ./vpn.sh
If you get error "natd: Unable to bind divert socket.: Address already in use" that's ok. Just need to restart natd byt typing "killall natd". Rerun the script. NOTICE: it takes a while to quit the natd process, just wait for it and keep executing the script until you don't get that error. Done!
On the ATV side i connected to my mac's shared network and manually inserted the tcp/ip.
The en1 (airport) inet you got earlier is now needed. Probably you had to inets: a local one (169.254...) and a second one which could be something like 10.0.2.1 or 192.168.2.1. Great for the atv ip put the same ip plus a number (10.0.2.2 or 192.168.2.2) netmask is what you have on your ethernet but should be 255.255.255.0 and as router that first en0 inet (10.0.2.1). The DNS is just the 8.8.8.8 again.
That's it, now you can watch netflix, share your itunes library, ssh into the atv, share Plex media and even remote control from your iphone!8)
If you have issues just rerun the script and reboot your atv!
Hope this helps many!
Must aknowledge evgenyy (thanks) and this very helpful source VPN sharing on Mac OS X 10.5 machine - Super User