Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Ace McLoud

Suspended
Original poster
Nov 1, 2010
45
34
Hi all,

I'm using Wireguard to connect to the company VPN, which then requires a proxy server to access external websites.

Once VPN is established I connect to a Firewall running authpf to establish routes, including access to the proxy.

The proxy is configured correctly in Network Settings, but the system is ignoring it. Safari, Update, iCloud etc. all cannot connect to external servers.

The proxy works and is configured correctly without authentication, since I can connect to other sites when setting the proxy manually in Chrome or as an env in Terminal.

DNS also doesn't seem to be the problem, I can ping and lookup sites from the Terminal.

But anything using the System Proxy Settings doesn't work.

This happens on two different machines, one running Catalina, the other Monterey.

Thanks for any help, so far I haven't been able to find a solution online.

I posted the same question on stackexchange, sadly without any results so far.
 

Ace McLoud

Suspended
Original poster
Nov 1, 2010
45
34
WireGuard has notoriously bad documentation. My guess would be that the proxy address has to be added as a DisallowedIP in the WireGuard configuration.
Some links
https://virtualize.link/split/
https://github.com/ZerGo0/WireGuard-Allowed-IPs-Excluder/blob/master/WireGuard_Excluded_IPs.py
https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/
Thanks for the suggestion, I don't think that's the issue, though. The proxy server works while connected via Wireguard/VPN, since I can manually set it in Terminal or Firefox/Chrome.
 

bogdanw

macrumors 603
Mar 10, 2009
5,680
2,720
since I can manually set it in Terminal or Firefox/Chrome.
That’s not possible for Safari because, as far as I know, Safari uses the proxy settings set in System Preferences - Network - Ethernet or Wi-Fi. Those settings are completely overrun by the WireGuard connection, that’s the point of the VPN connection after all.
https://support.apple.com/guide/mac-help/change-proxy-settings-network-preferences-mac-mchlp2591/mac
You can use networksetup form Terminal and try to set a webproxy/securewebproxy for the WireGuard connection.
networksetup -getwebproxy <networkservice>
networksetup -setwebproxy <networkservice> <domain> <port number> <authenticated> <username> <password>
networksetup -setwebproxystate <networkservice> <on off>
networksetup -getsecurewebproxy <networkservice>
networksetup -setsecurewebproxy <networkservice> <domain> <port number> <authenticated> <username> <password>
networksetup -setsecurewebproxystate <networkservice> <on off>
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.