User profile for user: Oberon-Station
Oberon-Station Author
User level: Level 1
54 points

MacOS Sequoia blocking VPN, won't allow use of Messages and iCloud

On a MacMini M1, MacOS 15.


I've been using ExpressVPN for years for my work, recently I discovered I can't use iCloud while using VPN. I could work around it by simply using it on my phone, but it wasn't optimal. I also can't airdrop while using VPN.


Now in this latest update, the MacOS is actively blocking my messages while using VPN which is a big problem now as my clients communicate through that.


I can't whitelist anything through ExpressVPN and I don't see what I can do in MacOS since I can't do anything to adjust this. It went from working to not working after the update.


Anyone else having this issue? I'd love a work around as right now, it's not at all ideal with the new OS. Most of the features that I looked forward to aren't even available in Europe which makes no sense. I somewhat understand the AI issue, but the screen sharing with your iPhone isn't available? Why? If I can screen share with my local machines why not the iphone? Something doesn't sit right with me in these latest updates.


Any help would be appreciated. Thank you in advance


PS. How can I downgrade if I have to?

Mac mini, macOS 15.0

Posted on Sep 17, 2024 8:31 AM

Reply
Question marked as Top-ranking reply
User profile for user: UR403
UR403
User level: Level 1
17 points

Posted on Oct 27, 2024 11:36 AM

I worked with Express VPN support and was able to get things to work.


TLDR:

  • Download the latest Mac client from Express VPN (they've made an update - more on this below)
  • Completely uninstall Express VPN - I used AppCleaner to remove left over files
  • Uninstall the left over IKEv2 Network configuration
  • Reboot
  • Install newly downloaded version of Express VPN
  • Login and configure Express VPN but do not select the new "Allow Apple Services to bypass VPN checkbox" - more on this below.
  • Enjoy


Further history:

  • I was unable to get iCloud drive, notes, or messages to sync
  • The only workaround for me that worked was switching to IKEv2 (you have to turn off advanced protection to do that).
  • I reached out to support and had a long chat where we tested many things.
  • They have created a new version with a new checkbox to allow Apple Services to bypass VPN. See https://www.expressvpn.com/support/knowledge-hub/network-lock/#apple-services
  • For some reason Express VPN did not suggest the update. Maybe it is on a rolling canary and it would have in the next few weeks.
  • I installed the new version on top of the my existing version and tried enabling the new setting based on advice from support.
  • This messed my machine up further. iCloud stopped syncing even when quitting Express VPN. I tried multiple configuration permutations but could not sync.
  • I told support I was going to do a full uninstall and did the steps listed above. At that point it was working even without turning on the new "Allow Apple service to bypass VPN..." checkbox.
  • But I was curious and checked it and did more testing. It seems that did allow Messages to work. But iCloud drive and Notes would not sync. My suspicion is that in a rush to fix it they only tested Messages and somehow made things worse for the other Apple services.
  • I've gone back to using what is working for me which is the uninstall / reinstall of a the new version with the settings I normally used (auto protocol, Advanced Protection turned on, network lock and allow access to network devices. But I did no not have "Allow Apple Services...".
    • Note that this new setting like the Allow network devices setting is tied to network lock. If you do not have network lock enabled, it is irrelevant and apple services will work regardless of it being set.


All of this makes me wonder if the change Apple made is causing issues with pre-installed VPNs but somehow allows traffic for newly installed ones. It seems to either be that or some other change Express VPN made in the new release.


I hope this helps someone else.


View in context
95 replies
User profile for user: Barney-15E
Barney-15E
User level: Level 10
122,126 points

Oct 7, 2024 6:13 PM in response to ssd550

ssd550 wrote:

Pretty sure the former contradicts the latter. And it's safe to say that based on the speed of replies defending Apple combined with the sheer volume of accumulated points, it matters quite a bit to some.

The speed of replies is directly related to when I log into this forum. I order the posts by newest, the most recent post relative to when I log in will be the one I first respond.

It may matter a lot to many people, but nobody here can do anything about what Apple has done or will do. Complaining here won't change anything.

Reply
User profile for user: gordon_lister
gordon_lister
User level: Level 1
4 points

Oct 21, 2024 9:18 AM in response to Neil Whittey

It is possible that there more than one issue. I am using ExpressVPN and Sequoia 15.0.1 and have tried every combination suggested by their helpful support team, to no avail. Restarting the computer made no difference.


I am accessing the internet wirelessly. Turning ExpressVPN on, and I cannot access anything (using Safari, Chrome). Turning ExpressVPN off solves any problem instantly.

Reply
User profile for user: UR403
UR403
User level: Level 1
17 points

Oct 27, 2024 4:53 PM in response to Mac Jim ID

Thank you for the links. I did learn a few things from them and the related rabbit holes they sent me down. I appreciate you advocating for care and critical thinking related to commercial VPNs. It's a lot of trust to put in a company and trust is a tricky thing. The problem is I also do not trust my ISP or local jurisdiction. Real trustworthy options are limited.



Reply
User profile for user: steve626
steve626
User level: Level 6
13,791 points

Oct 27, 2024 8:44 PM in response to Barney-15E

Barney-15E wrote:
If you do anything “enterprise,” you should never update anything until the enterprise IT clears it.

We have to use GlobalProtect VPN to access employer's network externally. It's mandatory. Our IT department is very close to completing its field testing with Sequoia and won't allow us update to Sequoia until any and all issues are identified and removed. They sometimes make changes to the GlobalProtect VPN configuration or get updates from Palo Alto Networks to ensure compatibility, or that is what I have seen in previous MacOS updates. We have been told that the upgrade to Sequoia is coming soon for everyone (thousands of Macs here) so they seem to have worked through those issues. It behooves the vendors to fix their VPN products, otherwise no one will use them with Macs.


My employer utilizes its corporate (enterprise level) VPN along with multi-factor authentication plus multi-factor on its devices, and only registered devices are allowed on the network. There are multiple layers of security. I don't trust any of the VPN products that are pitched to individual users, there have been too many scandals in the past.

Reply
User profile for user: cromaraces204
cromaraces204
User level: Level 1
12 points

Oct 29, 2024 11:33 AM in response to Oberon-Station

It's not just Sequoia... I have an older Mac laptop, currently holding at Big Sir, v 11.7.10, and it also cannot connect to my SurfShark VPN... I've tried everything to get either my Sequoia iMac or this laptop to connect with VPN. Works fine on a Windows PC and Android phone. All of these machines are being tested on the same network.


Since the update in late August just before Sequoia was released, is when my problem started/ was realized.

Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
145,055 points

Nov 23, 2024 9:54 AM in response to Mac Jim ID

Mac Jim ID wrote:

…Your computer is not exposed when behind a router unless you have enabled port forwarding to your specific computer. The only IP address visible is your router.


To add to that, if somebody is running a VPN with an endpoint “behind” the gateway-router box, then services behind the gateway-router on the host running the VPN and on the local network can potentially become visible to remote users.


VPN network connections can and variously do work in both directions, depending on the VPN and its configuration details.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

MacOS Sequoia blocking VPN, won't allow use of Messages and iCloud

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up