Restoring Apple App Connectivity on macOS 15 While Using the VPN with the PIA Desktop macOS alpha

With the recent release of macOS 15 Sequoia, some Apple apps (such as Messages) no longer work while the VPN is connected. You can read more about how macOS 15 is impacting security tools here.

While we wait for Apple to deliver an official patch, we have introduced a new setting to Allow Apple Services. You can find it under the Settings>Network tab on the newest PIA Desktop alpha.

This stopgap fix restores functionality by whitelisting Apple Services traffic. The drawback is that this fix will allow Apple Services to see your IP while toggled ‘active’. By using this fix, your real IP address will be revealed to Apple and Apple Services.

As this PIA macOS fix is an experimental stopgap, it is used entirely at your own risk.

The alpha can be downloaded from this link: https://privateinternetaccess-storage.s3.amazonaws.com/pub/pia_desktop/builds/pia-macos-3.6.2-alpha.3-08356.zip

Instructions:

• Download the new alpha and install it
• Ensure the VPN is disconnected
• Go to Settings → Network in the PIA app (not in macOS settings)
• Find “Allow Apple Services” and check the box
• Connect to the VPN

Note: This fix is not recommended for users running their browser as root. Nor is it recommended for users running other apps or services as root against recommended settings. Doing so will expose you to avoidable risk.

We do not recommend disabling your Kill Switch, as this could result in data leaks and compromise your online privacy.

Technical Details

Apple apps rely on a service called apsd (Apple Push Services Daemon) to send and receive data from Apple Push Notifications servers (APNs). On macOS versions prior to 15, the apsd daemon could detect changes to the default route when the VPN was activated and re-establish a connection over the VPN tunnel. However, on macOS 15, while the apsd daemon detects the network change, it fails to reconnect.

By whitelisting the Apple APN servers, we allow apsd traffic to bypass the VPN, maintaining a connection to Apple servers even when the VPN is active. This means Apple will receive requests from your actual IP address rather than the VPN IP, so only do this if you trust Apple.

If you still have issues with your Apple apps after performing the troubleshooting steps mentioned above, please comment below with additional information about your setup, any other troubleshooting steps you have taken, and any specific issues you have encountered.

Hey /u/PIAJohnM

You should tell your superiors at PIA that YOU are the reason I’ve kept PIA as long as I have. Thank you for supporting Mac users as long as you have. Running alpha so far and it’s working good. iMessages being delivered.

Hi u/PIAJohnM,

The Stocks app on MacOS Sonoma 14.6.1 does not work using pia-macos-3.6.2-alpha.3-08356 even after enabling “Allow Apple Services”.

In the Stocks App I still see the “News Feed Unavailable”. News app is also still broken. Please let me know if you need any more info or what I can do to get this working (without having to disconnect the PIA client).

p.s. I also added both the Stocks and News apps to the (now enabled) Split Tunnel as “Bypass VPN” and this didn’t help.

Hi, followed your link, I was on the beta, installed the alpha, couldnt find anything resembling “sllow apple services” network, maybe im blind, I test imessage when connected, same issue, both send and receive is broken when connected.

I am sure this is an apple problem, thats why i havent raised any issues with you guys.

u/PlAJohnM If this is helpful at all.

I’m on 15.0, and the latest public release of PIA. And here’s what I found.

If I’m on wifi, it has all the issues everybody has expressed. If I’m tethered to my phone (wired or wireless) I have the same issue. BUT…… if I’m connected to my Thunderbolt dock and using Ethernet through that, PIA runs perfect. Split tunnel works correctly, everything functions exactly as it’s supposed to.

Can I be of any assistance with maybe some type of log files to help figure this out? I don’t want to install the new macOS update as many have said it hasn’t resolved the issue and sure, on the road it’s annoying, but when I work at home it’s fine.

Any news on the macOS 15.0.1 patch. I understand that it seems to have solved the Messages problem - does everything else look good now as well?

Downloaded the alpha build and tried every configuration possible (protocols, MACE, etc) and messaging doesn’t work still the majority of the time. I noticed if the list of related devices in iCloud settings loads or doesn’t, that will let me know if it will or won’t work.

But thank you PIA devs for working on this nonetheless! Hope this gets resolved soon!

EDIT: it seems to be working for the moment on the current release off of PIA’s site but I’ll monitor for changes.

In addition to the Apple apps issue (fixed with the alpha), I’ve been having an issue since updating to Sequoia with automations with them not working and not showing the connected SSID to add specific rules for the network. This happens with any version of the application (including the new alpha).

For reference, I’m on an M1 Max Macbook pro

i updated to the beta version, enabled apple services in network and apps still won’t connect, only way i can get them to connect is to set them individually to bypass vpn in split tunnel

is it safe to update to sequoia 15.0.1? or does it still break PIA?

I really appreciate all the hard work to fix this issue with Seqouia. I’ve tried re-installing and resetting settings, but no matter what I do, split tunnel won’t work at all with FaceTime even on alpha. The calls will ring but never connect. It’s annoying, but I guess I will just have to adapt to routing all of my data over PIA when I need to use port forwarding. I’m on T-Mobile home internet, in case that matters (CGNAT). I hope one day to get fiber, AT&T Fiber is in the area, sigh…

Is PIA getting iCloud private relay to work with PIA ?

Thanks for the workaround.

I’m looking forward to a better solution that does not require us to go through so many steps, or to start disconnected from the VPN. This leaks my IP address during the time that I’m disconnected. (I don’t want to enable Advanced Kill Switch because there are some networks on which I want to disable VPN.)

u/PIAJohnM - now that macOS 15.1 is out, should we go back to using the regular build, currently 3.6.1 (08339)? I hope split tunnel is working right now.

Latest Sequoia with latest Pia - when using Firefox, ALL GOOGLE BASED service do NOT work!!! #FFS

I was very excited about this proposed solution but it does not come up after rebooting my MAC. My Mac version is 15.1.1.

I have tried the Alpha version and now the v3.6.1 (build 08339) and none of them correct the following problem:

Just by installing the PIA app, even having it closed (not connected to the VPN), breaks Apple Mail Privacy Protection. All mail shows the following message on top: “Your network preferences prevent content from loading privately” and no graphics are loaded on the mail messages. You can press the “load content directly” button over the message, but this makes Mail Privacy Protection completely meaningless, and allows every sender to track you.

Uninstalling the PIA app immediately fixes the issue.

The PIA support has told me that a new version of the app will most probably fix the problems PIA is having with macOS Sequoia, but they don’t have a timeframe for the release.

Other VPN services from the same owner as PIA, like Cyberghost VPN, have zero issues in macOS Sequoia.

Sorry about that. Does iMessages work though?

Allow apple services should appear under “allow lan” on the “network” page in settings

Thanks. So you’re saying the alpha linked above doesn’t restore iMessages connectivity for u? Did u enable “allow Apple Services” in Settings>Network ?