Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Private Relay Down ?

With Opera
https://whatismyipaddress.com/ shows my correct city as well as my true IP.
It was not like that before.

DNS Leak shows the same IP as whatismyipaddress.com (Welcome xx.xx.xx.xx) and the DNS from my ISP.
 
Last edited:
With Safari :

https://whatismyipaddress.com/ shows my correct city as well as my TRUE IP.
I am positive it was not like this before with Safari.

DNS Leak shows the same IP as whatismyipaddress.com (Welcome xx.xx.xx.xx) and the DNS from Apple.
 
If a website viewed in Safari knows your actual IP address, then private relay is not working; it's not normal. When I turn private relay on, the whatismyipaddress website show an IP address which is not mine and a location where I am not located.
 
svenmany said:
If a website viewed in Safari knows your actual IP address, then private relay is not working; it's not normal. When I turn private relay on, the whatismyipaddress website show an IP address which is not mine and a location where I am not located.
Click to expand...
Yes that is what I thought. So something is wrong cause, in my settings, iCloud Relay is green.
But the DNS are hidden in Safari (cause when I disable iCloud Relay) my real DNS are visible.
 
Thanks all for your replies.
I checked this issue only occurs when using Wifi. When I use a wired connection, iCloud Relay works as expected.
 
chacrat said:
Thanks all for your replies.
I checked this issue only occurs when using Wifi. When I use a wired connection, iCloud Relay works as expected.
Click to expand...

If you're not running software that manipulates networking in some way (e.g. vpn or add blocker), then you've uncovered a significant bug.
 
This occurs without an add blocker (I had Adguard but now removed). As for the VPN, I had Forticlient (now removed).
 
As the support article mentioned in post #8 states, Private Relay can be turned off for a specific network on your Mac.
Make sure that it is not turned off for Wi-Fi.
 
  • Like
Reactions: svenmany
Thanks. I checked and it is enabled for all my wifi.
I contacted Apple but they do not offer support for beta versions. Will have to wait then :)
 
chacrat said:
As for the VPN, I had Forticlient (now removed).
Click to expand...
Some VPN's manipulate MacOS's packet filter (i.e. the thing maintained with pfctl). Often the packet filter interferes with private relay. There's a chance that the VPN left something in place in the packet filter configuration that wasn't cleaned up when you removed it. You should confirm that your packet filter is disabled and there are no special entries, other than what's found in /etc/pf.conf.

I suppose there might be other cruft leftover as well, depending on how you uninstalled Forticient. Certainly check all your launch agents and daemons.

The Fortinet uninstall instructions at https://community.fortinet.com/t5/F...to-uninstall-FortiClient-on-macOS/ta-p/229617 seem pretty nonsensical. They list different methods to uninstall, but method 1, for example, doesn't do much of an uninstall. I think you have to execute all of the "Methods" to get everything uninstalled. Maybe rename "Method 1", "Method 2", "Method 3", and "Method 4" to "Step 1", "Step 2", "Step 3", and "Step 4".
 
sudo nano /etc/pf.conf

#
# Default PF configuration file.
#
# This file contains the main ruleset, which gets automatically loaded
# at startup. PF will not be automatically enabled, however. Instead,
# each component which utilizes PF is responsible for enabling and disabling
# PF via -E and -X as documented in pfctl(8). That will ensure that PF
# is disabled only when the last enable reference is released.
#
# Care must be taken to ensure that the main ruleset does not get flushed,
# as the nested anchors rely on the anchor point defined here. In addition,
# to the anchors loaded by this file, some system services would dynamically
# insert anchors into the main ruleset. These anchors will be added only when
# the system service is used and would removed on termination of the service.
#
# See pf.conf(5) for syntax.
#

#
# com.apple anchor point
#
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"

sudo nano /etc/pf.anchors/com.apple

#
# com.apple ruleset, referred to by the default /etc/pf.conf file.
# See notes in that file regarding the anchor point in the main ruleset.
#
# Copyright (c) 2011 Apple Inc. All rights reserved.
#

#
# AirDrop anchor point.
#
anchor "200.AirDrop/*"

#
# Application Firewall anchor point.
#
anchor "250.ApplicationFirewall/*"

sudo pfctl -d
and reboot.

Same (again working as expected with a wired connection, and Apple DNS in wifi). The only issue is the visible IP in Wifi.
 
Last edited:
Let me mention the kind of cruft that Private Internet Access left in my filter rules that prevented private relay from working. These settings were not cleaned up even after uninstalling PIA. Also, just disabling the firewall with pfctl -d was not enough to fix things.

PIA created "anchors" in the main ruleset where it put its own rules. For me, the anchors had to be removed to reenable private relay. I suspect most tools would put their custom stuff in such anchors. You can list the anchors with the following

sudo pfctl -sA -v

The "-v" means to descend recursively - anchors within anchors within anchors. I see

No ALTQ support in kernel
ALTQ related functions disabled
com.apple
com.apple/200.AirDrop
com.apple/250.ApplicationFirewall
Click to expand...

That's all you should see as well. That's just what's defined in /etc/pf.conf, loaded automatically at boot (unless you've taken steps to disable the particular system launch daemon defined in /System/Library/LaunchDaemons/com.apple.pfctl.plist). But other tools could install their own launch agents or daemons to add anchors at login or boot, respectively. You would see evidence of that in the response to pfctl -sA -v. I used to see an anchor with "privateinternetaccess" in its name.

Anyway, maybe PF is not your problem at all. But if the problem is not related to the VPN you had installed, then it would have been great if you could have checked with Apple to get to the bottom of it - too bad you're sticking to unsupported betas.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back