autoICS

AutoICS - Automatic Internet Connection Sharing Script

A PowerShell script that automatically enables Internet Connection Sharing (ICS) from a TUN network adapter (such as VPN or proxy) to another network interface (such as Ethernet or VMnet).

📋 Overview

This script automates the process of sharing an internet connection from a TUN adapter to another network adapter on Windows. It's particularly useful for:

• Sharing VPN/proxy connections created by tools like sing-box, Clash, or v2ray
• Providing internet access to virtual machines through VMnet adapters
• Creating a shared network connection without manual ICS configuration
• Automatically recovering ICS configuration after system restarts

✨ Features

• ✅ Automatic Detection: Waits for and detects TUN adapter automatically
• ✅ Reliable Configuration: Uses Windows COM API for proper ICS setup
• ✅ Clean Startup: Disables conflicting ICS configurations before setup
• ✅ Status Verification: Confirms ICS is properly enabled after configuration
• ✅ Error Handling: Comprehensive error checking and user-friendly messages
• ✅ Customizable: Supports command-line parameters for different adapters

🔧 Requirements

• Operating System: Windows 10/11
• PowerShell: Version 5.1 or higher (pre-installed on Windows)
• Privileges: Administrator rights (required for network configuration)
• Service: SharedAccess service must be available (enabled by default on Windows)

📥 Installation

1. Download the autoICS.ps1 script
2. Place it in a convenient location (e.g., C:\Scripts\)
3. (Optional) Unblock the script if downloaded from the internet:

   Unblock-File -Path "C:\Scripts\autoICS.ps1"

🚀 Usage

Basic Usage

Run with default settings (shares singbox_tun to Ethernet1):

# Right-click PowerShell → Run as Administrator
.\autoICS.ps1

Custom Adapter Names

Specify your own adapter names:

.\autoICS.ps1 -tunName "Clash" -shareTo "VMware Network Adapter VMnet8"

Finding Your Adapter Names

To find the exact names of your network adapters:

Get-NetAdapter | Select-Object Name, Status, InterfaceDescription

Parameters

Parameter	Type	Default	Description
-tunName	String	singbox_tun	Name (or partial name) of the TUN adapter to share from
-shareTo	String	Ethernet1	Name (or partial name) of the adapter to share to

Note: The script uses wildcard matching, so you can use partial names. For example, Ethernet will match Ethernet1, Ethernet 2, etc.

🔄 Running at Startup

To automatically enable ICS when your computer starts:

Method 1: Task Scheduler (Recommended)

1. Open Task Scheduler (taskschd.msc)
2. Click "Create Task" (not "Create Basic Task")
3. General tab:
   • Name: AutoICS
   • Check "Run with highest privileges"
   • Configure for: Windows 10/11
4. Triggers tab:
   • New → Begin the task: "At startup"
   • Delay task for: 30 seconds (gives time for network adapters to initialize)
5. Actions tab:
   • New → Action: "Start a program"
   • Program/script: powershell.exe
   • Arguments: -ExecutionPolicy Bypass -File "C:\Scripts\autoICS.ps1"
   • Start in: C:\Scripts\
6. Conditions tab:
   • Uncheck "Start the task only if the computer is on AC power"
7. Click OK

Method 2: Startup Folder

1. Create a batch file run_autoics.bat:

   @echo off
   powershell.exe -ExecutionPolicy Bypass -Command "Start-Process powershell -ArgumentList '-ExecutionPolicy Bypass -File C:\Scripts\autoICS.ps1' -Verb RunAs"

2. Press Win + R, type shell:startup, press Enter
3. Place the batch file in the Startup folder

Method 3: Registry Run Key

$scriptPath = "C:\Scripts\autoICS.ps1"
$regPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
Set-ItemProperty -Path $regPath -Name "AutoICS" -Value "powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File `"$scriptPath`""

📊 How It Works

Step-by-Step Process

1. Wait for TUN Adapter: Continuously checks for the TUN adapter until it's available and active
2. Locate Adapters: Identifies both source and destination network adapters
3. Clean Existing Configuration: Disables any existing ICS configurations to prevent conflicts
4. Enable IP Forwarding: Configures both adapters to forward IPv4 packets
5. Start SharedAccess Service: Ensures Windows ICS service is running
6. Configure ICS via COM API:
   • Sets TUN adapter as PUBLIC (internet source)
   • Sets target adapter as PRIVATE (internet destination)
7. Verify Configuration: Confirms ICS is properly enabled on both adapters

Network Flow

Internet Connection (VPN/Proxy)
         ↓
   [TUN Adapter] (PUBLIC - Source)
         ↓
   Windows ICS Service
         ↓
   [Target Adapter] (PRIVATE - Destination)
         ↓
   Connected Devices (VMs, etc.)

🛠️ Troubleshooting

Script doesn't run

Problem: "Cannot be loaded because running scripts is disabled"

Solution:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

"Not found specific network adapters"

Problem: Script can't find one or both adapters

Solutions:

1. Check adapter names: Get-NetAdapter
2. Ensure TUN adapter is active (Status: Up)
3. Use partial names that match your adapters
4. Check for typos in parameter values

ICS not working after configuration

Problem: Script completes but internet sharing doesn't work

Solutions:

1. Check Windows Firewall settings
2. Verify target adapter is set to obtain IP automatically (DHCP)
3. Restart the SharedAccess service manually:

   Restart-Service SharedAccess -Force

4. Check if antivirus is blocking ICS
5. Manually disable ICS on all adapters, then run script again

"Access Denied" or permission errors

Problem: Insufficient privileges

Solution: Always run PowerShell as Administrator

TUN adapter not detected

Problem: Script waits forever for TUN adapter

Solutions:

1. Ensure your VPN/proxy application is running and connected
2. Check if TUN adapter is created: Get-NetAdapter
3. Verify the TUN adapter name matches the -tunName parameter
4. Some applications create adapters with different names (check documentation)

Existing ICS won't disable

Problem: Script can't disable existing ICS configuration

Solution: Manually disable ICS:

1. Open Network Connections (ncpa.cpl)
2. Right-click each adapter → Properties → Sharing tab
3. Uncheck "Allow other network users to connect"
4. Apply and run script again

📝 Example Scenarios

Scenario 1: Sing-box to VMware

Share sing-box TUN connection to VMware virtual machine:

.\autoICS.ps1 -tunName "singbox" -shareTo "VMnet8"

Scenario 2: Clash to Physical Ethernet

Share Clash proxy to physical Ethernet port:

.\autoICS.ps1 -tunName "Clash" -shareTo "Ethernet"

Scenario 3: V2Ray to Wi-Fi Hotspot

Share v2ray connection to Wi-Fi adapter for mobile hotspot:

.\autoICS.ps1 -tunName "v2ray" -shareTo "Wi-Fi"

⚠️ Important Notes

• Administrator Rights: The script MUST be run as Administrator
• Adapter Status: TUN adapter must be connected and active (Status: Up)
• Single ICS: Windows only supports one ICS configuration at a time
• IP Address Changes: The PRIVATE adapter will be automatically assigned IP 192.168.137.1
• DHCP: Connected devices should be set to obtain IP automatically
• Firewall: Windows Firewall rules for ICS are created automatically
• Service Dependency: Requires SharedAccess service (enabled by default)

🔐 Security Considerations

• ICS exposes your internet connection to other devices/VMs
• Ensure only trusted devices are connected to the shared network
• Consider implementing additional firewall rules if needed
• The TUN adapter's security settings apply to all shared connections

🐛 Debug Mode

To see detailed information about what's happening:

.\autoICS.ps1 -Verbose

Check COM object status manually:

$netShare = New-Object -ComObject HNetCfg.HNetShare
$connections = $netShare.EnumEveryConnection
foreach ($conn in $connections) {
    $props = $netShare.NetConnectionProps($conn)
    $config = $netShare.INetSharingConfigurationForINetConnection($conn)
    Write-Host "$($props.Name): Sharing=$($config.SharingEnabled), Type=$($config.SharingConnectionType)"
}

📚 Additional Resources

• Microsoft ICS Documentation
• PowerShell Get-NetAdapter
• Windows Network Sharing

📄 License

This script is provided "as-is" without warranty of any kind. Use at your own risk.

🤝 Contributing

Feel free to submit issues, suggestions, or improvements!

📧 Support

If you encounter issues:

1. Check the Troubleshooting section above
2. Verify all requirements are met
3. Run the debug commands to gather information
4. Check Windows Event Viewer for SharedAccess service errors

---

Compatibility: Windows 10/11, PowerShell 5.1+