Let's step back a second, because it's a rare circumstance when I use adhoc networks, which can be a bit quirky.
You mentioned your confusion about the terminology “on demand” and the fact the description seems to be describing something “out there” rather than the network originating from the laptop.
The reason that language is used is because an adhoc network is a P2P (peer to peer) relationship, so in fact, a network does NOT exist until at least two peers are in communications! That’s different from your wireless router running in INFRASTRUCTURE mode, which always has a network established and available, by definition, even if no clients are connected. There’s no such notion of the network “originating from your laptop” when it comes to adhoc networks. You have to sweep that notion from your mind completely. Adhoc is P2P, and no station in the P2P can claim ownership of the network.
It’s entirely possible ICS has trouble using adhoc networks precisely because they come and go. It *might* require either infrastructure mode, or perhaps require a permanent, working adhoc connection at the time the ICS configuration is established. As I said, I rarely use adhoc networks and originally assumed it would work identically to wireless networks based on infrastructure mode, but perhaps I was mistaken.
So let me ask you, is it really necessary to use adhoc mode? I suspect you’re doing so because you assume you have no other choice. But that’s not necessarily the case. If you’re running Windows 7, you could run Connectify to convert your wireless adapter into a wifi hotspot (i.e., infrastructure network) and thus solve that problem. Or if that’s not feasible (perhaps you’re running XP), there are some wireless adapters that support infrastructure mode, not just client or adhoc modes. And in the worst case, just get a wireless router and patch it to an available ethernet port. If your laptop doesn’t have a second ethernet port (since obviously the first is connected to the modem), you could use an USB ethernet adapter.
[modem]<--wire -->(eth1)[laptop](eth2)<-- wire -->[wireless router]
…where eth2 is established w/ the USB ethernet adapter. Yeah, a bit hokey, but the idea is to get you off adhoc. In fact, if you did it this way, you wouldn’t need ICS at all. What you would now do is simply BRIDGE the eth1 and eth2 connections, and patch eth2 to the WAN port of the wireless router. The router is now doing the work of ICS (which gives you all the power of the router, such as its DHCP server, firewall, access restrictions, QoS, whatever features it offers). All your clients just connect to the wireless router like they always have on any other network. But beyond the WAN you’ve taken the additional step to take all that traffic out the WAN and tunnel it through a VPN before it reaches the modem.
At least that’s what I would do. It gets past all this adhoc nonsense and ends up w/ a better overall solution imo.
In fact, you can take it one step further. Notice that now your laptop wireless is not being used. You just have two ethernet connections, one for the VPN, the other running to the WAN of the wireless router, and they’re bridged. Instead of having the laptop use the VPN connection directly, you could configure its wireless adapter to use the wireless router as well. Then give that network connection higher priority so that the laptop and all the devices behind share the same network, and access the internet through the wireless router. What’s nice about this configuration is that the laptop becomes part of the same network as every other wireless client behind the router, rather than standing alone, and effectively out of communications w/ everyone else (then again, maybe that’s what you want, but at least you have the option).
Of course, you could also just get a wireless router w/ VPN client support rather than using the laptop. I suppose that’s the ultimate solution. Instead, we’re sort of kludging a solution based on a laptop, which might be necessary if the particular VPN you need isn’t supported by any known routers, or perhaps it is but it’s too expensive. If it’s just a Microsoft PPTP VPN, heck, you could pick up a dd-wrt capable router and configure it as a VPN client and force everyone through it. I’ve done that before myself.