search

vpn-kill-switch / killswitch

VPN kill switch for macOS
https://vpn-kill-switch.com
BSD 3-Clause "New" or "Revised" License
167 stars 15 forks source link

Don't work on MacOS 14.0 Sonoma - PEER IP address: <nil> #33

Open vadim-miroshnik opened 1 year ago

vadim-miroshnik commented 1 year ago

When I run sudo killswitch -e command it don't resolve PEER IP address:


Interface  MAC address         IP
en0        c8:89:f3:c2:d4:3c   192.168.1.105/24
ipsec0                         xx.20.8.5

Public IP address: yy.143.217.112
PEER IP address:   <nil>

# --------------------------------------------------------------
# Loading rules
# --------------------------------------------------------------
No ALTQ support in kernel
ALTQ related functions disabled
block drop all
block drop out quick inet6 all
pass inet proto udp from any to 224.0.0.0/4 keep state
pass inet proto udp from 224.0.0.0/4 to any keep state
pass inet from any to 255.255.255.255 flags S/SA keep state
pass inet from 255.255.255.255 to any flags S/SA keep state
pass on en0 proto udp from any port 67:68 to any port 67:68 keep state
pass on en0 proto tcp from any to <nil> flags S/SA keep state
pass on en0 proto udp from any to <nil> keep state
pass on ipsec0 all flags S/SA keep state
qudwill commented 1 year ago

it's showing peer IP address for me, but connection stops working after sudo killswitch -e called in the MacOs 14.0 Sonoma

netrolite commented 1 year ago

same for me

abdhashem commented 1 year ago

Same here even if I tried to pass the ip option using sudo killswitch -e -ip 123.12.....

dmitry-kostin commented 1 year ago

:(

nbari commented 1 year ago

Hi, I bumped up the versions maybe that help, please give a try

vadim-miroshnik commented 1 year ago

@nbari No, it's the same error again. I build it from the source on my mac. v0.7.3 photo_2023-11-05 18 22 46

nbari commented 1 year ago

Your VPN is using Wireguard or OpenVPN (what vendor)? the trick now is to improve finding the peer IP.

For now you could find manually the peer IP and load rules manually

vadim-miroshnik commented 1 year ago

I'm using IKEv2.

dmitry-kostin commented 1 year ago

I also tried to build from sources and can confirm that it's still doesn't work. Also passing -ip shows the ip address in the output on startup but connection doesn't work. I'm also on IKEv2 type of VPN.

nbari commented 11 months ago

It seems to work after the latest update (Sonoma 14.1.2), Does it work for you all?

vadim-miroshnik commented 11 months ago

No, the problem persists on Sonoma 14.1.2 as well.

nbari commented 11 months ago

hi @vadim-miroshnik thanks for trying it out, I will re-implement and use traceroute to try to find the peer, I tested so far with IKE/Wireguard and indeed using netstat USGx is not returning the peer IP, any ideas more than welcome

nbari commented 11 months ago

@vadim-miroshnik if you are using IKE try for now scutil --nwi that will return the VPN server and then you can pass it as the peer IP

vadim-miroshnik commented 11 months ago

Thank you, this is a really working workaround. I didn't realize there was an -ip parameter where you can specify the VPN server IP.

solojungle commented 10 months ago

Issue also exists on Ventura 13.2.1 (22D68), Atlas VPN

iwex commented 6 months ago

Same problem on Sonoma I use default wireguard client