After updating MacOS to 13.2, the VPN stopped working properly.

I can't advise on your Meraki specifically, but it appears you must have v4 and v6 either both tunnel-all or both split for 13.2 to be happy. So... if you are doing tunnel-all for v6 and split-tunnel for v4, then you are going to run into this.

You HAVE to configure both protocols to be split tunnel to make it go away, BUT... apparently you can define the entire address space in two blocks and that still counts (makes sense from a routing perspective, even if it does sound absurd).

The end result for me, at least, is that v4 stays split like before, but v6 becomes a split tunnel. It still has a ::/0 default route outside the tunnel, BUT I have defined ::/1 and 8000::/1 as inside the tunnel. Those two combined cover the entire IPv6 address space, but as two separate blocks they are now more specific than that default route, so they win. And every single v6 packet gets tunneled. So, in practice it is identical to the prior config. It's just a dumber way of configuring it that happens to kick loose whatever dumbness is going on on the OS side.

So... You need to figure out where you define what tunnels are split in Meraki and add those two v6 blocks while setting v6 to split instead of tunnel-all.

The issue ended up being that some of our group policies had ipv6 full tunnel and ipv4 split tunnel. Changing ipv6 to split tunnel resolved the issue.

I have a lead on a workaround, at least in our instance. We had that single profile with full tunnel v6 and split tunnel v4. As soon as we started splitting the v6 tunnel, everything went back to normal.

We have the same issue the current work around is do a DHCP renew while connected and that brings back the local connection. You do have to do this every session after it breaks so it's not a fix by any means but gets the users back going again fairly quickly.

Your workaround also works for us.

Cisco just released 4.10.06090.

It does NOT fix this issue.

We're only seeing it with one of several profiles. Are you using IPv6 at all on the impacted profiles?

And you can defined the split as ::/1 and 8000::/1 and... it is still sufficiently split.

The part that seems to matter is that you "Tunnel Networks Below" and NOT "Tunnel Everything But"

Are you running a Cisco firewall? If so, are you running FirePower Threat Defense on it? We're having the same issue with users on 13.2, only with our FTD firewall running version 7.0.1. Our old test ASA works fine. We are running split tunnel for v4 and v6 as well.

Similar issue using Meraki Router Built in L2TP VPN client on MacOS 13.2 (also happens on 12.6 and 11.7.2 but fixed in 11.7.3.)

I have tried disabling IpV6 on the MacBook did not help

Not sure how to apply your fix and what issues this fix could cause.

Thank you for the input. Having the mac user connect over Remote PC for now and the owner choose to get a Windows laptop for the one user. He did not want to mess with rest of the remote users as they are working.

I turned off IPV6 on the users Mac it did not fix it as I hoped as the issue is on the vpn configuration side I guess.

I also found out that the remote user is connecting over Tmobile home internet hotspot and that typically does not work well with VPN.

Thank you

Thank you so much, for sharing this! 👍