Apple Intelligence is now available on iPhone, iPad, and Mac!

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Is Cisco AnyConnect compatible with private relay?

Suddenly private relay says that an extension or system setting is preventing private relay from functioning. I think the only recent addition to my setup is Cisco's AnyConnect (VPN app). Is that the culprit and is there a workaround?

MacBook Pro 14″, macOS 12.4

Posted on Jun 21, 2022 8:58 AM

Reply
Question marked as Top-ranking reply

Posted on Jun 26, 2022 9:50 AM

I used AnyConnect's uninstall app to remove it. Private Relay worked after restart. Reinstalled AnyConnect and got an immediate message that settings prevent Private Relay, or to that effect. Uninstalled AnyConnect and Private Relay works again after restart.


So, Cisco Any Connect definitely blocks Private Relay even when VPN is not connected and the AnyConnect app in not running. That's really annoying. I'm happy with the security of my at home system (I do not use router defaults, both the login name and password are custom, I use the router's firewall as well as the MaOc firewall), at least I think it's as secure as the university system I can use AnyConnect to link to via VPN.


Because I only require VPN when I travel and connect to WiFi systems at airports and loggings, I'll have to install AnyConnect when I travel and uninstall it otherwise. That's inconvenient, but doable. I would be happier, if Cisco would update AnyConnect cease filtering WiFi traffic when it's not running.

7 replies
Question marked as Top-ranking reply

Jun 26, 2022 9:50 AM in response to Old Toad

I used AnyConnect's uninstall app to remove it. Private Relay worked after restart. Reinstalled AnyConnect and got an immediate message that settings prevent Private Relay, or to that effect. Uninstalled AnyConnect and Private Relay works again after restart.


So, Cisco Any Connect definitely blocks Private Relay even when VPN is not connected and the AnyConnect app in not running. That's really annoying. I'm happy with the security of my at home system (I do not use router defaults, both the login name and password are custom, I use the router's firewall as well as the MaOc firewall), at least I think it's as secure as the university system I can use AnyConnect to link to via VPN.


Because I only require VPN when I travel and connect to WiFi systems at airports and loggings, I'll have to install AnyConnect when I travel and uninstall it otherwise. That's inconvenient, but doable. I would be happier, if Cisco would update AnyConnect cease filtering WiFi traffic when it's not running.

Jun 28, 2022 12:06 PM in response to Murph Sewall

Hi Murph,


I would just like to follow up on your response. I observe the exact same behavior. My iCloud Private Relay was working perfectly fine until I installed Cisco AnyConnect Secure Mobility Client. Shutting down the VPN did not fix iCloud Private Relay. The only fix was to completely uninstall Cisco AnyConnect Secure Mobility Client (for those wondering how, in the Applications folder, there will be a folder called Cisco and there are two separate uninstaller there), and restart my MBP.


For background, I'm using a 2021 MacBook Pro M1 Pro. This problem occurred on two totally distinct wireless networks. Restarting iCloud Private Relay did not resolve the issue.


I wanted to note a couple things:

Private Relay becomes unavailable before the installation is even complete. Every time I attempt to install AnyConnect, I have to go into System Preferences and manually allow the application to load. At this point in the installation, Private Relay is already disabled.


There appear to be three network interfaces, two of which is constantly running even when the VPN is not active. These interfaces are NOT established at the point when Private Relay becomes unavailable. The name of the interface is "Cisco AnyConnect Socket Filter". Two of them are not configurable. See the image below (the configurable interface is currently selected):



Additionally, one user allegedly resolved their iCloud Private Relay incompatibilities by manually editing the /etc/pf.conf file. In my /etc/pf.conf file, there are the following additional lines:


anchor "cisco.anyconnect.vpn"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"


These lines WERE present at the moment when iCloud Private Relay became unavailable. Following the instructions in the linked post did not immediately resolve the issue. I will attempt to restart my computer and see if that resolves the problem.

Jun 21, 2022 9:49 AM in response to Murph Sewall

Here's some food for thought: unless you're using a true VPN tunnel, such as between you and your employer, school or bank's servers, they are useless from a privacy standpoint.  Read these two articles: Public VPN's are anything but private and Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites



Jun 21, 2022 3:02 PM in response to Murph Sewall

Murph Sewall wrote:

Is AnyConnect likely to be the cause of the failure of private relay?

I don't know as I don't use a VPN nor Private Relay. You'd be in the best position to test it out by uninstalling AnyConnect and trying Private Relay.


I use AppCleaner when I want to delete an app to test it's affect on something. However, I don't delete the app, only its supporting files:



You will, however, have to enter any activation codes, passwords, etc that are required for reinstallation.


WARNING: If you use AppCleaner on an app that you have other apps from the same developer, like Adobe, you must be extremely careful checking all checkboxes and deleting.  Some for those files may support other apps from the same developer and deleting them can mess them up.  Adobe apps is a primary example. I know from experience.  For singular apps from a developer it's safe.

Jun 21, 2022 10:48 AM in response to Old Toad

Cisco AnyConnect is not a public VPN app. I use it when traveling to establish a tunneling link to my university (a more secure environment than airports, motels, and the like. Otherwise, my personal computing at home does not require a VPN.


If I have to, I can uninstall AnyConnect and then go through the trouble of setting it up again when I'm planning to travel with my laptop. That's a clumsy solution; so my question remains--


Is AnyConnect likely to be the cause of the failure of private relay?

Jun 28, 2022 12:14 PM in response to Mattkx4

Okay, brief follow-up. Restarting my computer after editing the conf.pf file did not resolve the incompatibility. It looks like Cisco AnyConnect still didn't have an issue connecting to its VPN service, but it did automatically put the following line back in the conf.pf file when I started the VPN again after a restart.


anchor "cisco.anyconnect.vpn"


I am going to uninstall Cisco AnyConnect once more and restart. That should resolve my iCloud Private Relay problems, but if it does not, I will follow-up on this post.


I would love a resolution to this problem; so, I'm contributing all of my information here! Hopefully somebody smarter than I can put the pieces together... Happy to provide any more details about my setup in the troubleshooting process!


Matt

Is Cisco AnyConnect compatible with private relay?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.