search

objective-see / LuLu

LuLu is the free macOS firewall
GNU General Public License v3.0
9.98k stars 464 forks source link

SSH tunnel proxy with MacOS sequoia #639

Open lysander-droid opened 2 months ago

lysander-droid commented 2 months ago

Lulu is causing my ssh proxy tunnels to fail, with the following error: ssh_dispatch_run_fatal: Connection to 192.168.1.1 port 65534: message authentication code incorrect

Disabling Lulu fixes the problem, so it seems to be the cause.

objective-see commented 2 months ago

There appears to be an incompatible between 3rd-party networking tools (LuLu, Defender, etc), and macOS 15. Users have noted that if the internal macOS firewall is disabled LuLu/everything else happily works.

And/or updating the macOS 15.1 beta (which hopefully means Apple already has a fix).

fate8383 commented 2 months ago

this is what I have been struggling for many hours now...finally I know why now

matteofilippetto commented 2 months ago

Hi, my system in on 15.1 beta and still has the problem so I have to disable Lulu

objective-see commented 2 months ago

This has now been confirmed, to yes, be due to an Apple bug in macOS 15, that is widely impacting many 3rd-party security tools, that then in turn causes macOS networking to break.

This has been reported to Apple, who have confirmed the issue and are hopefully working on a fix.

More info: "Apple’s new macOS Sequoia update is breaking some cybersecurity tools"

smithwinston commented 1 month ago

Looks like Apple have just released 15.0.1, the release notes are somewhat vague but do say:

  • Improves compatibility with third-party security software

I was having the SSH "message authentication code incorrect" so I had disabled Lulu, but I'll retry once 15.0.1 is installed.

EDIT: After installing 15.0.1, I seem to be able to ssh now ... hmmm.

griffrawk commented 1 month ago

Well, the Apple Firewall dialog is still broken after 15.0.1, rules still can't be removed. Not holding out much hope that interoperability with LuLu etc. has improved.

Yes, still get 'ssh_dispatch_run_fatal: ... message authentication code incorrect' on using rsync with LuLu enabled.

iphoneio commented 1 month ago

Apple has commented that they have fixed issues with third-party security software, but it seems they have not yet addressed the issues with their own firewall. Many users are still reporting firewall issues on macOS 15.0.1 in the following thread:😢

https://discussions.apple.com/thread/255761702?page=3