VPN breaks Back to my Mac

zimbo2000 · 16 October 2012 00:01

On Mountain Lion 10.8.2 (did not test before):

If i start any openvpn connection from Viscosity icloud Back to my Mac stops working

You can see it in the ControlPanel that Back to my mac is no longer connected, Even before the Back to my Mac is loaded

Maybe it has to do with the tun/tap driver, because Back to my mac sets up a utun0 which gets disabled if openvpn starts

James · 21 October 2012 15:33

Hi zimbo2000,

I’m afraid Back to My Mac and Viscosity/OpenVPN are not compatible with each other. Viscosity intentionally disables Back to My Mac (if it is enabled) when you establish a VPN connection, and re-enables once the VPN connection is disconnected.

Cheers,
James

paulgrav · 28 December 2012 12:29

iMessage is affected too. Running Viscosity and iMessage are mutually exclusive.

The frustrating thing is that I’ve been running with a broken BTMM, iCloud, and Messages for at least a year. I had no clue until I read this thread that Viscosity was the cause. I’m a little annoyed.

I’d rather run OpenVPN from the command line than let some “secret sauce” break services on my Mac.

James · 1 January 2013 16:10

Hi paulgrav,

You’ll need to disable Back to My Mac manually (and possibly restart your computer afterwards). iMessages and other iCloud services should operate as usual while connected to the VPN again. To disable it open System Preferences from the Apple menu, click the iCloud icon, and un-tick the checkbox next to the “Back to My Mac” entry.

Viscosity disables Back to My Mac to the point where it will allow a VPN to function correctly, however Back to My Mac must be fully disabled to allow other iCloud services to through the VPN as well under Mac OS 10.8. Unfortunately this must be done manually at this stage, as we’ve yet to find a way to fully disable Back to My Mac automatically while connected (Apple provide no official API for this).

It’s important to stress Viscosity only disables the Back to My Mac service, and only when necessary to ensure that DNS will work, to prevent DNS leakage, and/or to allow certain VPN connections to work correctly. It doesn’t touch anything else to do with iCloud. Viscosity does not disable any other iCloud services.

Back to My Mac is disabled for a good reason, and you’ll also find other VPN clients requesting or suggesting it be disabled: it simply doesn’t play nice with VPNs. In fact Back to My Mac itself is an IPSec VPN connection to Apple’s VPN servers. Viscosity has been disabling Back to My Mac when a VPN connection is active since Mac OS 10.6.5, which was released a very long time ago. Some of the user posts above are grossly misleading as to why Back to My Mac can’t be running at the same time as a VPN connection from Viscosity and the ramifications for iCloud services - I’ll clean up this thread so it makes better sense.

So, in summary: if Back to My Mac is turned off manually, then you shouldn’t have any problems with your VPN connection or iCloud. If it is on, Viscosity will disable it to the point where a VPN connection will properly work, however you may run into issues with iMessages and push notifications. In the meantime, we’re working on finding a way to fully disable Back to My Mac automatically so you don’t need to turn it off manually to get some iCloud services to work correctly while connected.

Cheers,
James

James · 16 January 2013 11:43

Hi All,

We believe we have found a solution so it is no longer necessary to manually turn off Back to My Mac to allow iMessages and Push Notifications to work while connected to your VPN connection. Again, Back to My Mac will still be disabled while connected. We’d appreciate it if you can give the latest beta version a try, which should fix the issue, and let us know if you still run into any problems with iMessage or iCloud. The latest beta version can be downloaded from:
https://www.sparklabs.com/forum/t/beta-latest-build-of-viscosity-for-mac/46/1

Cheers,
James

kavu · 17 April 2013 03:33

Here is an AppleScript which toggles Back to My Mac on Mountain Lion (not sure if it will work on earlier versions). It will work with any system language. Just add it as both the “Before Connect Script” and the “Disconnected Script” in the “Advanced” pane of the desired Connection. It requires “Enable access for assistive devices” to be checked in the “Accessibility” pane of “System Preferences”.

# toggles Back to My Mac to allow iCloud services to run whilst using a VPN

# ==============================================================================
# Configuration variables
# ==============================================================================

# debugging switch
global gBlnDebug

property pBlnWasLaunched : false
property pBlnWasFrontMost : false
property pBlnWasMaximized : false
property pBlnWasVisible : false
property pBlnWasShowAll : false
property pTxtCurrentPaneID : ""

# ==============================================================================
# Function definitions
# ==============================================================================

on spStateCapture()
	tell application id "com.apple.systempreferences"
		if running then
			set pBlnWasLaunched to true
			set pBlnWasFrontMost to frontmost
			set pBlnWasMaximized to visible of window 1
			tell application id "com.apple.systemevents" to ¬
				set pBlnWasVisible to (visible of process "System Preferences")
			set pBlnWasShowAll to show all
			if pBlnWasShowAll then
				set pTxtCurrentPaneID to ""
			else
				set pTxtCurrentPaneID to id of current pane
			end if
		else
			set pBlnWasLaunched to false
		end if
	end tell
end spStateCapture

on spStateRestore()
	if pBlnWasLaunched then
		tell application id "com.apple.systemevents" to ¬
			set visible of process "System Preferences" to pBlnWasVisible
		tell application id "com.apple.systempreferences"
			set frontmost to pBlnWasFrontMost
			set visible of window 1 to pBlnWasMaximized
			set show all to pBlnWasShowAll
			if not pBlnWasShowAll then set current pane to pane id pTxtCurrentPaneID
			if pBlnWasFrontMost then
				activate
			else
				launch
			end if
		end tell
	else
		tell application id "com.apple.systempreferences" to quit
	end if
end spStateRestore

# ==============================================================================
# Main code
# ==============================================================================

set gBlnDebug to false

my spStateCapture()

tell application id "com.apple.systempreferences"
	set current pane to pane id "com.apple.preferences.icloud"
	activate
end tell
tell application id "com.apple.systemevents"
	tell process "System Preferences" to ¬
		click checkbox 1 of UI element 1 of row 8 of table 1 of scroll area 1 ¬
			of group 1 of window 1
end tell

my spStateRestore()