How Do I Use Time Machine Through a VPN Connection?
If you use macOS Time Machine for backups, there may be instances where you want (or not want) backups to take place over your VPN connection. Please note that this article only applies to Time Machine backups to network volumes.
Time Machine Backups over VPN Connections
If your Time Machine server is available on your VPN network, it's possible to backup to it through your VPN connection. This can be very helpful when travelling or otherwise away from your home/office network and you still want your computer to backup important files.
The process of allowing Time Machine backups over your VPN connection depends on whether your VPN connection is routed (Tun) based or bridged (Tap) based. If you're unsure of what type your VPN connection is, you can view the type under the Device menu when editing your connection.
Routed (Tun) VPN Connections
In most cases Time Machine backups will not work over Routed/Tun connections without some small changes. This is because in most instances macOS will attempt to use Multicast DNS (mDNS) to find the Time Machine backup server, however mDNS will not work by default over a Routed/Tun VPN setup.
The easiest way to resolve this is to point Time Machine to the backup server/volume directly using its IP address instead. You should be able to do this by first going to the Finder, opening the
Go menu, and selecting
Connect to Server.... Enter
afp://x.x.x.x/TimeMachine (make sure you replace "x.x.x.x" with the IP address of your Time Machine server, and change "TimeMachine" to the name of your Time Machine volume if it differs) and click Connect. Your Time Machine backup volume should then be mounted.
Now go to the Apple menu->System Preferences->Time Machine and click the Select Disk button. You should see an entry with a name of
TimeMachine (or whatever the Time Machine volume name is) with the IP address listed under it. Select this and click Use Disk.
Now try performing a backup by going to the Time Machine menu in the menu bar and select "Back Up Now". Assuming it works, also test it while on the VPN connection. If doesn’t, you may need to "Remove" the old network share disk using the Select Disk button, and then select the new one again.
If you'd prefer not to make changes to your Time Machine setup, an alternative option to allow mDNS to work over a Routed/Tun VPN connection is by using a mDNS proxy/forwarder on the OpenVPN server. You will need to contact your VPN server vendor for more information or assistance in setting this up.
Bridged (Tap) VPN Connections
In most cases Time Machine backups will work over Bridged/Tap connections with no further changes necessary. Typically, no settings need to be updated and backups should continue automatically.
If for some reason Time Machine backups are failing over the VPN connection, please check the firewall rules on the VPN server to ensure that the Time Machine server can be accessed, and that mDNS lookups are not being blocked.
Preventing Backups over a VPN Connection
In some instances you may actually want to prevent Time Machine backups from taking place over your VPN connection. For example, if you are connecting to the internet over mobile broadband with a very slow connection, or with small data limits, you'll likely want to prevent your computer from attempting a very large backup over the VPN connection.
To prevent this, Viscosity provides an option under Preferences->General labeled "Disable Time Machine backups while connected". Enable this option to prevent Time Machine backups from taking place while your VPN connection is connected.