Leaky macOS VPN After System Update
We have found that you could be leaking traffic on macOS after system updates. To our current knowledge a reboot resolves it. We are currently investigating this and will follow up with more information.
In this scenario the macOS firewall does not seem to function correctly and is disregarding firewall rules. Most traffic will still go inside the VPN tunnel since the routing table specifies that it should. Unfortunately apps are not required to respect the routing table and can send traffic outside the tunnel if they try to. Some examples of apps that do this are Apple’s own apps and services since macOS 14.6, up until a recent 15.1 beta.
Previously:
- Networking Issues in Sequoia
- Local Network Privacy on Sequoia
- macOS Firewall Regressions in Sequoia
- iOS VPNs Are Broken
- Apple Apps Exempt From Network Filters and VPNs
1 Comment RSS · Twitter · Mastodon
This sort of thing is partly why I wish developers, especially for security apps like VPNs and firewalls, could still viably use kernel extensions rather than the new system extension API. Because with the latter you are forced to deal with Apple's multitude of bugs and omissions, and you're not truly in control. For whatever their faults may have been, with kexts you were at least in control of everything and how you patched macOS.
