MacOS Sequoia blocking VPN, won't allow use of Messages and iCloud

IKEv2 seems to be ok. But thats the only one. rest are broke

Oberon-Station wrote:

I've been using ExpressVPN for years for my work, recently I discovered I can't use iCloud while using VPN. I could work around it by simply using it on my phone, but it wasn't optimal. I also can't airdrop while using VPN.

Sounds like a bug with the VPN app.

Anyone else having this issue? I'd love a work around as right now, it's not at all ideal with the new OS.

Maybe try a different VPN or Apple's iCloud Private Relay.

Most of the features that I looked forward to aren't even available in Europe which makes no sense. I somewhat understand the AI issue, but the screen sharing with your iPhone isn't available? Why? If I can screen share with my local machines why not the iphone? Something doesn't sit right with me in these latest updates.

Because according to the new EU rules, Apple would have to give 3rd party developers the same level of access to the phone. That would be a huge security breach. This is all about compliance with law. Apple has to comply with EU law. But if EU law requires that Apple puts the safety or privacy of users at risk, then Apple will try to find some way to protect its users while still complying with the law. In some cases, that means EU users don't get certain features at all.

I have tried two different VPN services as well as our corporate VPN. No iCloud feature will work on the VPN - messages do not sync, and a myriad of other small things fail. This is not related to your VPN, it seems to be a widely reported issue. @Oberon-Station indicates protonVPN is working, but so far that is the only indication I can find online of any VPN working from any vendor.

I've tried OpenConnect, WireGuard, and OpenVPN all with identically bad results. It almost looked like the WireGuard client on the App Store was working, but ... it only appeared to work. What is actually happening is that it's dropping the connection frequently, and because there is no killswitch, the Apple apps are able to slip in and connect and partially sync while the VPN is down, and then the VPN pops back up after the configured re-try time.

I investigated how protonvpn works - it leaks everything to apple servers, does not send over VPN. Probably they use "Apple APIs" to setup the VPN. The VPNs having issues right now are the ones not using Apple APIs (manually setting up tun devices). The VPNs having issues DO NOT LEAK everything automatically to apple, that is why they have problems. Once they whitelist apple servers (to allow out the physical interface) then iMessages, etc start working again.

But i have much more faith in the VPNs that do not work with iMessages currently, as they don't leak by default.

Elian Gonzalez wrote:

OpenVPN is also having a problem for me, but only with Messages. Even updating to 3.5.0 did not help.

As of now, PIA is the only app I know with a workaround (though that fix is punching a hole in the VPN that even they don't advise). If you were able to export your config to OpenVPN, perhaps you could export a WireGuard config as well? If so, you can use the WireGuard app from the App Store with that config and get Messages back. You won't have a kill-switch, but it works well as a temporary solution.

@g_wolfman I don't see anyone saying any of the things you posted. Can you elaborate what inflammatory statement you refer to and what untrue statement you are referencing? I must have missed where anyone even implied Apple is MITM'ing VPNs. The issue we are discussing is that on macOS, VPNs break Apple services when not using Apple's MacOS VPN services (visible in the Network preferences under VPN). You can manually add in the VPN in the preferences, or use some of the temporary hot fixes from PIA and Mullvad that allow Apple traffic outside the VPN. I hope that helps.

Well, of course there is the "Current Location" that you select. The server can be blacklisted by several different services, thus you can be blocked from accessing things. I have found that a handful of the servers/locations are bad and I get blocked from a number of sites and services (including logging into this forum!). For some websites and email, I need to pick specific locations/servers to get it to work. Might be worth a try.

As a workaround, I have found that if I disable Lulu, things work, even with the (wireguard) VPN connected.

PIA have an alpha out that fixes this, it's a pinned to the top of their sub-reddit. Works great for me!

Cthulhu wrote:

Many of us require a VPN for work, many of us for travel, and others use them to greatly reduce the advertising traffic which, if you've ever used one, you'd know can be a transformative online experience.

An adblocker is much more effective at that.

Please everyone saying "just stop using the VPN" - stop giving us advice. If you have no helpful advice on the topic, please just stay silent.

But that is a very important debugging step. If you turn the VPN off and that corrects the problem, then you know, with certainty, that the VPN is the problem.

So many of us are reeling from the loss of services after this update, and we're trying together to find a solution. The solution is not to stop using a VPN. Just move on, please.

It is important to clarify exactly what is going on. It's not about "the VPN" or "a VPN". You need to be specific.

For example, I'm posting this while running NordVPN on Sequoia. iCloud is working fine. Messages is working fine. Web is working fine. Microsoft Remote Desktop is working fine. ssh is working fine. smb seems to work, at least as well as can be expected. Curiously, the only glaring bug I see is one that I haven't seen a single person mention. Why is it always that way?

While many things do work, most iCloud-dependent services do not work with ExpressVPN for me (Sequoia). Just chatted with support and it's a known issue with the VPN. No resolution known. No timing for a new release. "Just use Messages on your phone and not on your desktop." Sucks.

I know a lot of people are saying the problem exists with the VPN, but I am not sure that is correct. Following proper debugging techniques, I have figured out that the problem has to be with something that Sequoia has changed. I have been using the same VPN client (Tunnelblick 6.0beta 6), with the same OVPN credentials and configuration, on the same piece of hardware (MacBook Pro M3 Pro). Before upgrading to Sequoia, I could message using iMessage, make SMS messages out and in, and have phone calls through my Mac; all while my VPN was connected. Since upgrading to Sequoia, all of those Continuity functions do not work at all while connected to the VPN.

So, given all of that information, something within Sequoia is not playing nice with VPN connections in regards to Apple's Continuity software.

Hopefully, Apple comes out with a patch that fixes these Continuity issues while an active VPN is on.

I concur, as do the VPN vendors I have had tickets with. It also seems that unless you let an app accept incoming connections, it will not get responses from DNS queries in all cases. At least one helpful user said the 15.1 upcoming release seems to address both issues, but as of today I don't see anything related to networking in the release notes. I am not in a position to try the latest dev release, but anyone who is might want to give it a try.