Many services don't work in MacOS Sequoia

[ghost]

Is it a bug?

• [X] I know this is an issue with the app, and contacting Mullvad support is not relevant.

I have checked if others have reported this already

• [X] I have checked the issue tracker to see if others have reported similar issues.

Current Behavior

When connected to Mullvad on MacOS Sequoia, I cannot send or receive messages on iMessage, even with split tunneling enabled and iMessage excluded.

Expected Behavior

I expect to be able to send/receive messages.

Steps to Reproduce

Self-explanatory

Failure Logs

No response

Operating system version

macOS 15.0 Beta

Mullvad VPN app version

2024.4

Additional Information

Some other iCloud-related services seem to work. iCloud Drive, Apple Mail, etc.

[nocturne1]

Apple news fails as well - all sources are grayed out when tunnel is active. I also am unable to establish any connection when split tunneling is enabled for any app, so there appears to be an issue there too.

[drpoutine]

Has more issues on Sequoia as well. Such as Mullvad not starting up when you login/restart the OS Lot of macOS issues on 15.0 and 15.1 (similar issues on both)

[nocturne1]

The messages app issue continues to exist on 2024.5-beta1 running on the latest macOS 15.0 Beta (24A5331b). Interestingly enough, the Apple News issue I mentioned above was resolve a few macOS betas ago.

[ghost]

FaceTime is broken as well. Incoming calls don't appear and outgoing calls just hang.

[BionicBison05]

Any update on this? macOS 15 is due to release in a week, and I'd like to able to upgrade when it does.

[nocturne1]

I haven't tried it with today's beta release, but I've found that using the Wireguard app works just fine. So I've been using that for now.

[raksooo]

Hi, thanks for reporting this issue. We are aware of it and will look into it soon.

[Irv72]

Any update on this? macOS 15 is due to release in a week, and I'd like to able to upgrade when it does.

Still not working in the Release Candidate, so don't upgrade unless something changes.

I submitted the bug to Mullvad about a month ago, through the VPN app, and received an acknowledgement. So they've known about it for a while. Hopefully, a fix is coming, because it's very annoying.

[m-c-program]

Beating a dead horse since I'm pretty sure it's exactly the same networking wise as 15.0 RC, but 15.1 build 24B5035e also has the same issues.

[notDavid]

hey @raksooo are you aware Sequoia will be publicly available / released today?

[no-usernames-left]

Hi, thanks for reporting this issue. We are aware of it and will look into it soon.

It has been released to the public. Is there any movement on this issue internally?

[Serock3]

Hello. I am chiming in to say that this is a high priority issue and that we are actively investigating possible solutions. We have no time-frame for a fix yet, unfortunately, but we are taking it seriously.

[drpoutine]

There's multiple things that are just broken.

I've noticed it has something to do with Lockdown Mode on my side but its difficult to replicate the issue. I can try to run some scenarios in a macOS vm to see if i can pinpoint the issue later this week or so if i have time.

[luisillo26]

I've been having issues with the new iPhone notifications shown on MacOS Sequoia and Messages

[notDavid]

@raksooo @Serock3 PS. Not sure if related, but did you guys see the mentions of macOS Firewall Regressions in Sequoia ?

[JohnMiltonSr]

macos 15 sequoia, apple silicon, using latest version of mullvad.

messages app is the only one that seems affected. i cannot send or receive messages. news, mail, and weather apps all unaffected for me.

the only way to get the messages app to update with new messages is to manually sync through icloud settings (not in messages app). only then do the messages from iphone load into the mac messages app. however, if i try to do the same thing via the messages app (messages app also has an option to manually sync with icloud), it doesn't work.

edit: also wanted to add that i'm using wireguard protocol and split tunneling the messages app does nothing. split tunneling does work for me with firefox thought.

[faridchaouki]

Same issue here with the official release of MacOS Sequoia 15.0. Split Tunneling is Off and problem persists with Messages not being able to send or receive.

[bwrightkc]

Issue also exists in 15.1 Beta 4 build 24B5046f. Not resolved by disabling quantum tunneling either.

[user733626]

Same problem here! I had to uninstall the official mullvad app and install wireguard which seems to be working fine with all icloud services such as messages etc... Any progress on the bug @raksooo ?

[ccconcrete]

Same problem here! I had to uninstall the official mullvad app and install wireguard which seems to be working fine with all icloud services such as messages etc... Any progress on the bug @raksooo ?

Wait so u can download the official Wireguard App and use your mullvad account through it ?

[user733626]

Same problem here! I had to uninstall the official mullvad app and install wireguard which seems to be working fine with all icloud services such as messages etc... Any progress on the bug @raksooo ?

Wait so u can download the official Wireguard App and use your mullvad account through it ?

yep you can, you just have to download the file with all the servers while logged-in to your account in browser + you can even choose which DNS content blockers you wanna use as well before downloading the file

[JohnMiltonSr]

wanted to add that the only significant change to messages in macos 15 is the addition of the RCS protocol (for android/non-iphone texting). because no other mac apps seem to be affected, maybe this is connected to the bug? @Serock3

[MarkusPettersson98]

@ccconcrete Yes, you can use the vanilla Wireguard App with Mullvad. Please note that doing so can risk your privacy because it does not have the firewall integration that the Mullvad app does.

[mdl054]

Experiencing the same issues here, Messaging is the obvious piece, however I'm now unable to turn off Lockdown Mode. Disabling does nothing, internet still blocked while disconnected. Kind of a big deal as obviously some sites will no longer work while connected to Mullvad and now you no longer have the option of disconnecting. Hopefully this gets a priority.

[JohnMiltonSr]

Same problem here! I had to uninstall the official mullvad app and install wireguard which seems to be working fine with all icloud services such as messages etc... Any progress on the bug @raksooo ?

Wait so u can download the official Wireguard App and use your mullvad account through it ?

yep you can, you just have to download the file with all the servers while logged-in to your account in browser + you can even choose which DNS content blockers you wanna use as well before downloading the file

do you know if split tunneling on a per app basis is possible using the official wireguard app or a fork? i had mullvad split tunnel enabled for firefox so i could use no proxy for certain websites that don't like mullvad vpn and it would be nice to get this feature back while we wait for a fix

[banister]

Same problem here! I had to uninstall the official mullvad app and install wireguard which seems to be working fine with all icloud services such as messages etc... Any progress on the bug @raksooo ?

@user733626 are you sure the WireGuard app has a firewall? the issue seems to be that Apple forcibly bind iMessage to the physical interface so the killswitch will block its traffic. Obviously if you don't have a killswitch (which blocks off-VPN traffic) then iMessage will work, but it's also leaking like crazy out the physical, so not a good solution.

[user733626]

Same problem here! I had to uninstall the official mullvad app and install wireguard which seems to be working fine with all icloud services such as messages etc... Any progress on the bug @raksooo ?

@user733626 are you sure the WireGuard app has a firewall? the issue seems to be that Apple forcibly bind iMessage to the physical interface so the killswitch will block its traffic. Obviously if you don't have a killswitch (which blocks off-VPN traffic) then iMessage will work, but it's also leaking like crazy out the physical, so not a good solution.

really? Didn't know, thanks. I guess we have to wait for the fix from Mullvad team then.

[banister]

@user733626 tbh, i think the fix should come from Apple - it impacts all VPN apps and VPN-like apps, like little snitch too iirc.

[lvalen91]

Either Mullvad needs to re-enable the option to disable kill-switch or use the macOS VPN service like wireguard does. Sure, Apple should work with Mullvad and the others to fix this issue.

I don't know the specifics, but macOS kernel log just shows a repeating iCloud/iMessage server handshake and token attempts. If this is part of Apple increasing security then Mullvad and the others would have to fix it. If it's an unintended macOS Sequoia bug, then it's on Apple.

My limited understanding of App based VPN services is that the APP "hijacks" the network stack / routing table. Routing traffic through its internal VPN tunnel magic. On iPadOS and iOS, Mullvad uses the built-in VPN service/proccess. So that would explain why most users, me included, have not seen issues on those devices using a VPN app. Since the wireguard app goes through the macOS VPN service. It would also explain or at lease shine some light on why certain apps or configs work and others don't.

For now having wireguard inject the Mullvad servers into the macOS VPN manager seems to work just fine. It also seems cleaner maybe more secure? idk

[octypus]

@user733626 tbh, i think the fix should come from Apple - it impacts all VPN apps and VPN-like apps, like little snitch too iirc.

Most other VPN apps were updated to use MacOS VPN services months ago. When I updated to Sequoia and realized that Mullvad was broken I tested Proton, Surfshark, and Nord. All three were already using macOS VPN services and work just fine. This isn't Apple's fault. It was well known that these changes were coming with MacOS 15 as these new services existed in all the beta builds. Some apps (like Mullvad and Little Snitch) just never got around to updating their apps and now they're broken.

[banister]

Last time I checked, Nord was leaky like crazy on macOS. That's probably why it works, they don't have a proper Killswitch. I bet the same is true with proton - and surfshark famously has one of the worst killswitches in the business.

I don't believe it's a "good thing" those apps work. it just indicates they leak. The reason mullvad doesn't allow apple traffic on the physical interface is because it has a functioning Killswitch.

Yep (just tested), just like i thought, proton vpn - with killswitch TURNED ON leaks like crazy to apple servers. Setup tcpdump and listen on the 17.0.0.0/8 range - it's leaking everything to apple over the physical interface. Looks like your wonderful "Apple VPN APIs" whitelist apple ips. Great. But using lower-level APIs like mullvad does, they don't play apple's game, and get to decide exactly which traffic gets through on the physical - whether it's Apple traffic or not.

[perara-chen]

I just upgraded my macOS to sequoia (stable) yesterday and mullvad vpn stopped working since then. VPN connection to the desired server could be established but all of the internet related services stop working. It is like using a WiFi connection which does not have the internet access. It seems to be WiredGuard related problem. Switching protocol to OpenVPN has no problems so far.

[loukad]

Switching protocol to OpenVPN has no problems so far.

iMessage remains broken for me on Sequoia regardless of VPN protocol.

[banister]

@raksooo How's the research going? i found a fix for this, LMK if you'd like to discuss it

[Tech6767]

Hey, in case most of you haven't noticed so far: https://github.com/objective-see/LuLu/issues/637#issuecomment-2356910348

The easiest workaround seems to be to disable the MacOS Firewall.

[bwrightkc]

Hey, in case most of you haven't noticed so far: objective-see/LuLu#637 (comment)

The easiest workaround seems to be to disable the MacOS Firewall.

Hm. I've always had the MacOS firewall off (and verified that it is off now) and it is still having the same issues with iMessages and other apple services being unable to connect.

[banister]

@Tech6767 it's unrelated to that, it's all to do with how the apsd process now behaves when the VPN comes up.

[qwertyasdfasdfqwerty]

Issue persists even with the new beta and Apple services bypass enabled.

Messages do not come through at all. As soon as I disconnect the Mullvad app and restart the Wireguard app using a Mullvad profile, the Messages eventually populate and sync.

[JohnMiltonSr]

Issue persists even with the new beta and Apple services bypass enabled.

Messages do not come through at all. As soon as I disconnect the Mullvad app and restart the Wireguard app using a Mullvad profile, the Messages eventually populate and sync.

same. new beta does nothing for me

[longlantom]

The new beta worked for me!

[qwertyasdfasdfqwerty]

The new beta worked for me!

Can you confirm what version of MacOS 15 including the build number you're using, as well as an example of a server and the settings that seem to be working as expected for you?

[longlantom]

Can you confirm what version of MacOS 15 including the build number you're using, as well as an example of a server and the settings that seem to be working as expected for you?

I'm currently on Sequoia (24A335), connecting to Singapore server with Apple services bypass toggle turned on, and iMessage just work like a champ.

[qwertyasdfasdfqwerty]

Can you confirm what version of MacOS 15 including the build number you're using, as well as an example of a server and the settings that seem to be working as expected for you?

I'm currently on Sequoia (24A335), connecting to Singapore server with Apple services bypass toggle turned on, and iMessage just work like a champ.

Thanks. I'm actually on 15.1 Beta (24B5055e). Not sure if that might make a difference.

I'll test further tomorrow assuming things don't magically start working as expected overnight.

[longlantom]

I'm currently on Sequoia (24A335), connecting to Singapore server with Apple services bypass toggle turned on, and iMessage just work like a champ.

Thanks. I'm actually on 15.1 Beta (24B5055e). Not sure if that might make a difference.

I'll test further tomorrow assuming things don't magically start working as expected overnight.

Btw, I forgot mentioned that I've also add iMessage to Split tunnel, you could try that if you didn't

[nocturne1]

I can confirm, 2024.6-beta1 Mullvad client works for me, with Apple Service Bypass enabled.

Update - maybe I spoke too soon. My first test message went through, but a few hours late, nothing is showing up between them.

[qwertyasdfasdfqwerty]

I can confirm, 2024.6-beta1 Mullvad client works for me, with Apple Service Bypass enabled.

Update - maybe I spoke too soon. My first test message went through, but a few hours late, nothing is showing up between them.

Yeah, there is some kind of inconsistency going on.

Upon a full restart, it doesn't work at all. Messages come through on my iphone and I get nothing on the mac. Again, if I disconnect the Mullvad app, start the Wireguard app, everything works. What I've then noticed is that if I disconnect the Wireguard app and turn the Mullvad app back on and connect, things continue to seem to work for a while. That could mean it's working, or it could mean that something is leaking.

I've fallen back to just using the Wireguard app in the meantime, something isn't quite right still.

[user733626]

I think that iCloud services are having some global issues as well. My iMessage gets logged off on both my iPhone and mac for no reason since yesterday or I'm not getting notifications from multiple apps on my phone but getting them on macOS. Apple should get their stuff together TBH...

[banister]

PIA Released a fix for this too: https://www.reddit.com/r/PrivateInternetAccess/comments/1fqt46d/restoring_apple_app_connectivity_on_macos_15/

Also includes technical details of the problem.

[joeywreck]

The beta didn't make a difference at all. It's starting to hit me that I haven't been able to use the official Mullvad app since July. I really hope this is fixed shortly.

[jordanful]

Kinda....want my bitcoin back.