1

macOS client split tunnels problem. macOS Sequoia 15.5 (Apple Silicon) & Sonoma 14.7.6 (Intel).

Windows 11 WireGuard works fine with split tunnels with exact same config file that doesn't work on the Mac. (Copied conf file from Mac to Windows and imported into WireGuard Windows client.)

Allowed IPs 10.1.10.0/24, file server (10.1.10.99) access ok from Windows, fails from macOS.

Browsing over personal hotspot verified with whatismyipaddress for both Windows & Mac. Just LAN access fails on Mac.

macOS Sequoia 15.5 & Sonoma 14.7.6 access the file server ok only with non-split-tunnel allowed IPs 0.0.0.0/0 .

Tried macOS WireGuard GUI app, WireGuard CLI, Passepartout gui client, DefGuard gui client.

macOS WireShark shows no packets on utun4 (Wireguard) unless I ping the file server 10.1.10.99. Without split tunnels, WireShark shows SMB2 packets on utun4 when Mac is connected to the file server. netstat -rn -f inet just for utun4: default link#19 UCSIg utun4 ; 10.15.25.4 10.15.25.4 UH utun4 ; 192.168.4 link#19 UCS utun4 ; 224.0.0/4 link#19 UmCSI utun4 ; 255.255.255.255/32 link#19 UCSI utun4.

I'm stumped and can't deploy a new OpnSense firewall until Macs can access the file server behind it and browse web over their remote ISPs.

OpnSense 25.7 and tried 25.1.11 and 25.1.12 before realizing it's a client-side Mac problem.

Improve this question
2
  • I just tested file server access from my iPhone iOS 18.5 with its WireGuard client and the same config file and it works over 5G cellular (wifi off). Of all the crazy things. So just isn't working on macOS (yet). Commented Jul 24 at 22:41
  • I might install macOS Tahoe latest beta (4?) to test. Commented Jul 24 at 23:02

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.