MacOS Sequoia blocking VPN, won't allow use of Messages and iCloud

ottmar288 wrote:

I don't think you can get all that from macOS as easily as through Express VPN.

Why do you believe you need to "get all that?"

Stop listening to the hype designed to sell those products. I would call them lies, but that are at the very least extreme hyperbole. There aren't hoards of baddies lurking on the internet trying to steal your personal information.

Effective defenses against malware and ot… - Apple Community

I have been using the 15.1 update now for a day, and my Enterprise, PIA, and TorGuard all seem to be working well. No tricks or hacks, no split tunneling, no alpha versions of anything.

Interesting, for some reason I'm pretty certain that Apple's end-to-end encryption mechanisms force Apple's own apps into a cipher tunnel separate from other network connections including 3rd party VPNs.

Something isn't playing nice - I wonder if it is just OpenVPN tunnels or if WireGuard tunnels have the same issue.

Cthulhu wrote:

As an information security professional, your advice is irresponsible, and some items in the link are uninformed or out of date. Many of us require a VPN for work, many of us for travel, and others use them to greatly reduce the advertising traffic which, if you've ever used one, you'd know can be a transformative online experience.

Please everyone saying "just stop using the VPN" - stop giving us advice. If you have no helpful advice on the topic, please just stay silent.

So many of us are reeling from the loss of services after this update, and we're trying together to find a solution. The solution is not to stop using a VPN. Just move on, please.

We’re not talking about an actual VPN needed to access an internal network. Those are necessary, but don’t work for the same reasons.

The crap they promote to protect you from the hoards of baddies is all hyperbole designed to scare people into using absolute crap they don’t need.

The people using the crapware “VPN” software can get back to working by u installing the crapware they were fooled into installing.

Cthulhu wrote:

Many of us require a VPN for work, many of us for travel, and others use them to greatly reduce the advertising traffic which, if you've ever used one, you'd know can be a transformative online experience.

An adblocker is much more effective at that.

Please everyone saying "just stop using the VPN" - stop giving us advice. If you have no helpful advice on the topic, please just stay silent.

But that is a very important debugging step. If you turn the VPN off and that corrects the problem, then you know, with certainty, that the VPN is the problem.

So many of us are reeling from the loss of services after this update, and we're trying together to find a solution. The solution is not to stop using a VPN. Just move on, please.

It is important to clarify exactly what is going on. It's not about "the VPN" or "a VPN". You need to be specific.

For example, I'm posting this while running NordVPN on Sequoia. iCloud is working fine. Messages is working fine. Web is working fine. Microsoft Remote Desktop is working fine. ssh is working fine. smb seems to work, at least as well as can be expected. Curiously, the only glaring bug I see is one that I haven't seen a single person mention. Why is it always that way?

ssd550 wrote:

etresoft wrote:

But that is a very important debugging step. If you turn the VPN off and that corrects the problem, then you know, with certainty, that the VPN is the problem.

Using the same logic: if you upgrade the OS and that breaks Messages and other apps while using a VPN, then you know, with certainty, that the OS is the problem?

No, it doesn’t work that way. Logic is rarely invertible. If A then B does not imply if B then A.

System modifications must be written to work with the OS. It does not work the other way around.

ssd550 wrote:

I assume you are familiar with the concept of breaking changes. If Apple made breaking changes for Sequoia (who knows if Apple pays any mind to semantic versioning, but their current numbering scheme indicates some level of awareness) that were not communicated to the VPN vendors, then it's on Apple. If the breaking change was publicized in the beta releases, then it's on the VPN vendors for not being ready.

It really makes no difference what Apple does. Apple does what it does and all the crap where vendors have to react to what Apple does.

I can’t remember what it was, it was a couple of macOS versions ago, the release candidate worked without issue, but they changed something on the final release that broke a bunch of things.

If you do anything “enterprise,” you should never update anything until the enterprise IT clears it.

ssd550 wrote:

Pretty sure the former contradicts the latter. And it's safe to say that based on the speed of replies defending Apple combined with the sheer volume of accumulated points, it matters quite a bit to some.

The speed of replies is directly related to when I log into this forum. I order the posts by newest, the most recent post relative to when I log in will be the one I first respond.

It may matter a lot to many people, but nobody here can do anything about what Apple has done or will do. Complaining here won't change anything.

In an effort to resolve this known bug of not getting text messages, etc. in Sequoia (as originally reported), I have updated macOS Sequoia to 16.0.1, plus updated ExpressVPN for macOS to the latest version showing, 11.61.1. Sadly, in testing these I still cannot receive numerous texts in Apple’s Messages app, either from unknowns or even active conversations (all such messages come through on my iPhone, iPad and Watch). 

Same as when this originally started with the rollout of Sequoia. Once again, I have had to revert to using the IKE protocol in ExpressVPN in order to use Messages and sometimes connect to mail servers. Of course, I then lose the several nice features normally offered in ExpressVPN.

UR403 wrote:

• I worked with Express VPN support and was able to get things to work.

Something to consider when using ExpressVPN:

• https://www.zdnet.com/article/trust-but-verify-an-in-depth-analysis-of-expressvpns-terrible-horrible-no-good-very-bad-week/

And for a VPN in general:

• https://gist.github.com/joepie91/5a9909939e6ce7d09e29
• https://overengineer.dev/blog/2019/04/08/very-precarious-narrative/

It is best to be informed before making a choice to use a VPN if you think you are doing it for security purposes. Using one supplied by your employer that is tailored to tunnel into their network is a legitimate use for one.

Apple has publicly released notes on the upcoming 15.1 version:

• Fixed an issue preventing iMessage and other third-party notifications from being received while your device is connected on a VPN. (136775545)

macOS Sequoia 15.1 RC Release Notes | Apple Developer Documentation

I'm using ExpressVPN as well and having the same issues following the Sequoia update.

As a workaround, I have found that if I disable Lulu, things work, even with the (wireguard) VPN connected.

The latest release, MacOS Sequoia 15.1 appears to have fixed this issue.

So...I just tried sending iMessages and testing some file syncs to iCloud while ProtonVPN is active on the Mac Mini I upgraded to Sequoia yesterday. Everything works fine for me...no sign of disconnect/reconnects nor any issues with apps moving data around the cloud.

You may have other issues. Or this is specific to EU configurations, maybe (I'm in NA)?

Same here. I am able to use all the client-side certs and crazy complicated things to access various sites/portals, and all the low-level daemons and comms apps we work on are all up with no issues. All of that was well-tested before we updated, as was the VPN we were issued. I'd like to call out Apple for clearly not even trying Messages and FaceTime on any VPN, but, uh - neither did we. So blame all around, I suppose. Unfortunately it's the "corporate" VPN that I really need for work, but I did try ProtonVPN without success. We're wading through Wireshark traces, and we're stumped. I don't think it's something we or the VPN vendors can fix at this point. I am hoping it's something so obvious that we're all missing it looking deep in the weeds. :-)