MacOS Sequoia blocking VPN, won't allow use of Messages and iCloud

I don't think you can get all that from macOS as easily as through Express VPN. You have to do a little more work to get similar functionality. macOS has the Private Relay (requires iCloud+) which can do much of what Express VPN can do to hide your IP address so websites can't detect it and hide the websites you are visiting from you internet provider (only in Safari, though). In Safari you can also prevent cross-site tracking through a setting in the Privacy section. I also have AdBlock Pro installed (the non paid version) to eliminate ads. All this is a bit piecemeal and doesn't offer the big switch that sits on the main pipe of your internet connectivity and thus works on everything on your computer like what Express VPN offers (unfortunately).

ottmar288 wrote:

I don't think you can get all that from macOS as easily as through Express VPN.

Why do you believe you need to "get all that?"

Stop listening to the hype designed to sell those products. I would call them lies, but that are at the very least extreme hyperbole. There aren't hoards of baddies lurking on the internet trying to steal your personal information.

Effective defenses against malware and ot… - Apple Community

As an information security professional, your advice is irresponsible, and some items in the link are uninformed or out of date. Many of us require a VPN for work, many of us for travel, and others use them to greatly reduce the advertising traffic which, if you've ever used one, you'd know can be a transformative online experience.

Please everyone saying "just stop using the VPN" - stop giving us advice. If you have no helpful advice on the topic, please just stay silent.

So many of us are reeling from the loss of services after this update, and we're trying together to find a solution. The solution is not to stop using a VPN. Just move on, please.

Cthulhu wrote:

As an information security professional, your advice is irresponsible, and some items in the link are uninformed or out of date. Many of us require a VPN for work, many of us for travel, and others use them to greatly reduce the advertising traffic which, if you've ever used one, you'd know can be a transformative online experience.

Please everyone saying "just stop using the VPN" - stop giving us advice. If you have no helpful advice on the topic, please just stay silent.

So many of us are reeling from the loss of services after this update, and we're trying together to find a solution. The solution is not to stop using a VPN. Just move on, please.

We’re not talking about an actual VPN needed to access an internal network. Those are necessary, but don’t work for the same reasons.

The crap they promote to protect you from the hoards of baddies is all hyperbole designed to scare people into using absolute crap they don’t need.

The people using the crapware “VPN” software can get back to working by u installing the crapware they were fooled into installing.

Thanks. That did the trick for me as well. Hopefully, they get this fixed so we can go back to automatic. Surely, IKEv2 will have some unintended consequences somewhere else. But for now...... it works.

You should avoid making untrue inflammatory statements. There have been well-known and publicized (including by Proton) issues with leaks on iOS. The last substantive update to that is documented here - https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/...which is specifically about DNS and pre-exisitng connections (and mitigated when Apple provided a kill-switch in their VPN framework).

Even so, connections or DNS requests leaking outside a VPN is very different from leaking to Apple's servers, which implies that the connections that ought be going through the VPN are instead going to Apple's infrastructure, rather than directly to the intended end-point outside the VPN tunnel.

It similarly implies that Apple may be logging and tracking those connections (as opposed to an ISP logging and tracking...).

Apple may very well have made changes to their Framework APIs that introduced a bug - but there is quite a difference between using Apple's APIs and using Apple's infrastructure.

On the other hand, perhaps I'm wrong and you have discovered that Apple is MITM-ing all VPNs in Sequoia...in which case you should publish your technical findings and become the darling of the ITSEC community for the next 15 mins (and you absolutely would be if that were the case).

The specific post I responded to says "I investigated how protonvpn works - it leaks everything to apple servers, does not send over VPN." (emphasis added).

Perhaps just sloppy language, but the way it is written does carry the implication that all traffic outside the VPN is going through Apple's infrastructure - the plain reading of "leaks everything to apple servers." That's quite different from Apple services going to Apple (which isn't a leak to Apple in any case because those services have to go to Apple, VPN or not).

Cthulhu wrote:

@g_wolfman I don't see anyone saying any of the things you posted.

There is a link to the original post being responded to in each reply. See here:

Unfortunately, the current version of the forum software has this funky default sort order by "rank" that can be very confusing. See:

I've changed mine to "Newest" in my preferences.

It's a real problem on some of these new Sequoia threads. People keep replying with the same problem, apparently not seeing the fix. At least I would expect to see the typical freak out about not running the firewall. Perhaps they just don't bother searching, but I think the sort order does contribute.

Can you elaborate what inflammatory statement you refer to and what untrue statement you are referencing? I must have missed where anyone even implied Apple is MITM'ing VPNs.

It's just typical internet misinformation. People often think that Apple is just a typical flaky tech company and all those social media influencers are trying to protect us from Apple's poor security. But if Apple really had such poor security, why would its biggest competitor set up an entire division just to hack Apple devices? Denigrating Apple has always been a popular pastime in certain circles, but now it's a full-fledged industry. But it's all fake.

Well, admittedly my comment about MITM was a bit hyperbolic...

But the post I was replying to made a hyperbolic comment about everything leaking to Apple servers, and the post I replied to started with the words "I investigated". I don't think it's out of the realm of possibility for someone to read that and come to a worst case conclusion - a mistaken one of course - that all their data is going through Apple's servers. Which is the definition of MITM.

So to be clear, I didn't actually say the person I replied to implied Apple was MITM anything, but that their imprecise language and the claim that they investigated the issue, could lead others to that sort of conclusion

I agree with everything you just said - didn't see that level of precision in the post in question, though.

Although one point maybe worth noting - Apple is the OS developer, so the idea that "Apple" doesn't know your real IP even with the VPN working perfectly is a bit silly. macOS is almost certainly not sending that kind of telemetry to Apple, but that is because Apple is basically trustworthy - and it is a trust thing.

g_wolfman wrote:

Well, admittedly my comment about MITM was a bit hyperbolic...

Don't mind me. I was just pointing out a few "features" of the forum software that people might have missed, perhaps due to the grey-on-white text.

Alas, there's nothing that can be done about internet misinformation. Probably our last hope now is that AI chatbots will be able to inject some sanity and reason. It seems like those are the only thing people believe anymore.

Same Problem here ( Germany ). VPN configuration blocks at least iMessage.

Update to 15.0.1. does not solve the issue. Downgrade is a **** of work. So I have to

select: No Facetime, no iMessage on my Mac or reduce security by switching VPN off.

The answer should be clear for all of us...

Apple did a very bad job here! This should be obvious and has absolutely to be tested before announcing a global update.

What a shame

etresoft wrote:

But that is a very important debugging step. If you turn the VPN off and that corrects the problem, then you know, with certainty, that the VPN is the problem.

Using the same logic: if you upgrade the OS and that breaks Messages and other apps while using a VPN, then you know, with certainty, that the OS is the problem?

I assume you are familiar with the concept of breaking changes. If Apple made breaking changes for Sequoia (who knows if Apple pays any mind to semantic versioning, but their current numbering scheme indicates some level of awareness) that were not communicated to the VPN vendors, then it's on Apple.

[Edited by Moderator]