MacOS Sequoia blocking VPN, won't allow use of Messages and iCloud

You should avoid making untrue inflammatory statements. There have been well-known and publicized (including by Proton) issues with leaks on iOS. The last substantive update to that is documented here - https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/...which is specifically about DNS and pre-exisitng connections (and mitigated when Apple provided a kill-switch in their VPN framework).

Even so, connections or DNS requests leaking outside a VPN is very different from leaking to Apple's servers, which implies that the connections that ought be going through the VPN are instead going to Apple's infrastructure, rather than directly to the intended end-point outside the VPN tunnel.

It similarly implies that Apple may be logging and tracking those connections (as opposed to an ISP logging and tracking...).

Apple may very well have made changes to their Framework APIs that introduced a bug - but there is quite a difference between using Apple's APIs and using Apple's infrastructure.

On the other hand, perhaps I'm wrong and you have discovered that Apple is MITM-ing all VPNs in Sequoia...in which case you should publish your technical findings and become the darling of the ITSEC community for the next 15 mins (and you absolutely would be if that were the case).

@g_wolfman I don't see anyone saying any of the things you posted. Can you elaborate what inflammatory statement you refer to and what untrue statement you are referencing? I must have missed where anyone even implied Apple is MITM'ing VPNs. The issue we are discussing is that on macOS, VPNs break Apple services when not using Apple's MacOS VPN services (visible in the Network preferences under VPN). You can manually add in the VPN in the preferences, or use some of the temporary hot fixes from PIA and Mullvad that allow Apple traffic outside the VPN. I hope that helps.

The specific post I responded to says "I investigated how protonvpn works - it leaks everything to apple servers, does not send over VPN." (emphasis added).

Perhaps just sloppy language, but the way it is written does carry the implication that all traffic outside the VPN is going through Apple's infrastructure - the plain reading of "leaks everything to apple servers." That's quite different from Apple services going to Apple (which isn't a leak to Apple in any case because those services have to go to Apple, VPN or not).

Well, admittedly my comment about MITM was a bit hyperbolic...

But the post I was replying to made a hyperbolic comment about everything leaking to Apple servers, and the post I replied to started with the words "I investigated". I don't think it's out of the realm of possibility for someone to read that and come to a worst case conclusion - a mistaken one of course - that all their data is going through Apple's servers. Which is the definition of MITM.

So to be clear, I didn't actually say the person I replied to implied Apple was MITM anything, but that their imprecise language and the claim that they investigated the issue, could lead others to that sort of conclusion

I did not read it that way and do not see it as sloppy. It does technically bypass the VPN for all Apple Services services, and leaks your real IP to Apple in VPN parlance (assuming no other layers of networking protection). And while I don't have any particular distrust of Apple, exceptions like this without split tunneling specifically configured by a user is not a pattern you want to start seeing. And there are important reasons in some parts of the world to be sure your data is properly proxied.

I agree with everything you just said - didn't see that level of precision in the post in question, though.

Although one point maybe worth noting - Apple is the OS developer, so the idea that "Apple" doesn't know your real IP even with the VPN working perfectly is a bit silly. macOS is almost certainly not sending that kind of telemetry to Apple, but that is because Apple is basically trustworthy - and it is a trust thing.

YES YES YES , SAME HERE BEEN USING VPN FOR YEAR

UPDATED SEQUOIA 15 and VPN ON , IMESSAGES WONT WORK

I REACHED OUT TO APPLE SERVICE , THEY HAVE TOLD ME

THERE HUNDREDS IF NOT THOUSANDS OF US IN THE SAME BOAT as YOU n I

She said that they will fix this with next UPDATE VERSION , God know when that will be , but it really made me double think about APPLE PRODUCTS AGAIN ,

long story short you not the only one that is extremely dissapointed with this update

I saw that ExpressVPN had released an update for their Mac app v11.60.0. Updated it yesterday and it seemed to work on the Automatic protocol setting again, along with the Advanced Protection settings. Sadly, today it went back to the known issue. Messages that come in on the iPhone, or are sent from the iPhone, do not show up on the mac.

Had to go back to the IKEv2 protocol to get things to sync again. Really sad this hasn't been resolved. In my situation, there is no option about using a VPN. It's a hard, cold requirement.

Same Problem here ( Germany ). VPN configuration blocks at least iMessage.

Update to 15.0.1. does not solve the issue. Downgrade is a **** of work. So I have to

select: No Facetime, no iMessage on my Mac or reduce security by switching VPN off.

The answer should be clear for all of us...

Apple did a very bad job here! This should be obvious and has absolutely to be tested before announcing a global update.

What a shame

etresoft wrote:

But that is a very important debugging step. If you turn the VPN off and that corrects the problem, then you know, with certainty, that the VPN is the problem.

Using the same logic: if you upgrade the OS and that breaks Messages and other apps while using a VPN, then you know, with certainty, that the OS is the problem?

I assume you are familiar with the concept of breaking changes. If Apple made breaking changes for Sequoia (who knows if Apple pays any mind to semantic versioning, but their current numbering scheme indicates some level of awareness) that were not communicated to the VPN vendors, then it's on Apple.

[Edited by Moderator]

Pretty sure the former contradicts the latter. And it's safe to say that based on the speed of replies defending Apple combined with the sheer volume of accumulated points, it matters quite a bit to some.

The moderator removed the last statement I made (because it "because it contained information about beta software"). It actually referenced the early release versions of 15.0. My point was that if breaking changes were introduced in Sequoia (already released at this point so this post is also not revealing any pre-release information, and it's common for major releases to change APIs) and VPN vendors did not make updates to handle those changes, then the VPN vendors are to blame for issues. The moderator-edited version makes it look like I'm blaming Apple. I'm not, as I don't have enough information. The same is true for the VPN vendors. I'm just hoping for a quick resolution.

The updated version provided to me by PIA today did not work.

When the issues started to crop up with Apple News and Stocks, the VPN vendor informed me that they were aware of the situation and were looking to Apple for a fix as it was out of their hands.

I can’t fully recall if this VPN issue started before macOS 15 moved out of beta, but I want to say it started with macOS 14.x.x.

At the time of this writing, Apple News, Stocks, and iCloud is working, but Messages is fully blocked.

It is possible that there more than one issue. I am using ExpressVPN and Sequoia 15.0.1 and have tried every combination suggested by their helpful support team, to no avail. Restarting the computer made no difference.

I am accessing the internet wirelessly. Turning ExpressVPN on, and I cannot access anything (using Safari, Chrome). Turning ExpressVPN off solves any problem instantly.