killswitch icon indicating copy to clipboard operation
killswitch copied to clipboard
verified publisher icon vpn-kill-switch

Don't work on MacOS 14.0 Sonoma - PEER IP address: <nil>

Open vadim-miroshnik opened this issue 2 years ago • 17 comments

When I run sudo killswitch -e command it don't resolve PEER IP address:

Interface  MAC address         IP
en0        c8:89:f3:c2:d4:3c   192.168.1.105/24
ipsec0                         xx.20.8.5

Public IP address: yy.143.217.112
PEER IP address:   <nil>

# --------------------------------------------------------------
# Loading rules
# --------------------------------------------------------------
No ALTQ support in kernel
ALTQ related functions disabled
block drop all
block drop out quick inet6 all
pass inet proto udp from any to 224.0.0.0/4 keep state
pass inet proto udp from 224.0.0.0/4 to any keep state
pass inet from any to 255.255.255.255 flags S/SA keep state
pass inet from 255.255.255.255 to any flags S/SA keep state
pass on en0 proto udp from any port 67:68 to any port 67:68 keep state
pass on en0 proto tcp from any to <nil> flags S/SA keep state
pass on en0 proto udp from any to <nil> keep state
pass on ipsec0 all flags S/SA keep state

vadim-miroshnik avatar Sep 27 '23 12:09 vadim-miroshnik

it's showing peer IP address for me, but connection stops working after sudo killswitch -e called in the MacOs 14.0 Sonoma

qudwill avatar Sep 29 '23 18:09 qudwill

same for me

netrolite avatar Oct 19 '23 13:10 netrolite

Same here even if I tried to pass the ip option using sudo killswitch -e -ip 123.12.....

abdhashem avatar Oct 20 '23 09:10 abdhashem

:(

dmitry-kostin avatar Oct 31 '23 01:10 dmitry-kostin

Hi, I bumped up the versions maybe that help, please give a try

nbari avatar Nov 05 '23 14:11 nbari

@nbari No, it's the same error again. I build it from the source on my mac. v0.7.3 photo_2023-11-05 18 22 46

vadim-miroshnik avatar Nov 05 '23 15:11 vadim-miroshnik

Your VPN is using Wireguard or OpenVPN (what vendor)? the trick now is to improve finding the peer IP.

For now you could find manually the peer IP and load rules manually

nbari avatar Nov 06 '23 05:11 nbari

I'm using IKEv2.

vadim-miroshnik avatar Nov 06 '23 08:11 vadim-miroshnik

I also tried to build from sources and can confirm that it's still doesn't work. Also passing -ip shows the ip address in the output on startup but connection doesn't work. I'm also on IKEv2 type of VPN.

dmitry-kostin avatar Nov 09 '23 21:11 dmitry-kostin

It seems to work after the latest update (Sonoma 14.1.2), Does it work for you all?

nbari avatar Dec 11 '23 16:12 nbari

No, the problem persists on Sonoma 14.1.2 as well.

vadim-miroshnik avatar Dec 11 '23 20:12 vadim-miroshnik

hi @vadim-miroshnik thanks for trying it out, I will re-implement and use traceroute to try to find the peer, I tested so far with IKE/Wireguard and indeed using netstat USGx is not returning the peer IP, any ideas more than welcome

nbari avatar Dec 12 '23 13:12 nbari

@vadim-miroshnik if you are using IKE try for now scutil --nwi that will return the VPN server and then you can pass it as the peer IP

nbari avatar Dec 13 '23 06:12 nbari

Thank you, this is a really working workaround. I didn't realize there was an -ip parameter where you can specify the VPN server IP.

vadim-miroshnik avatar Dec 13 '23 10:12 vadim-miroshnik

Issue also exists on Ventura 13.2.1 (22D68), Atlas VPN

solojungle avatar Jan 17 '24 17:01 solojungle

Same problem on Sonoma I use default wireguard client

iwex avatar May 16 '24 21:05 iwex