Don't work on MacOS 14.0 Sonoma - PEER IP address: <nil>

[vadim-miroshnik]

When I run sudo killswitch -e command it don't resolve PEER IP address:

Interface  MAC address         IP
en0        c8:89:f3:c2:d4:3c   192.168.1.105/24
ipsec0                         xx.20.8.5

Public IP address: yy.143.217.112
PEER IP address:   <nil>

# --------------------------------------------------------------
# Loading rules
# --------------------------------------------------------------
No ALTQ support in kernel
ALTQ related functions disabled
block drop all
block drop out quick inet6 all
pass inet proto udp from any to 224.0.0.0/4 keep state
pass inet proto udp from 224.0.0.0/4 to any keep state
pass inet from any to 255.255.255.255 flags S/SA keep state
pass inet from 255.255.255.255 to any flags S/SA keep state
pass on en0 proto udp from any port 67:68 to any port 67:68 keep state
pass on en0 proto tcp from any to <nil> flags S/SA keep state
pass on en0 proto udp from any to <nil> keep state
pass on ipsec0 all flags S/SA keep state

[qudwill]

it's showing peer IP address for me, but connection stops working after sudo killswitch -e called in the MacOs 14.0 Sonoma

[netrolite]

same for me

[abdhashem]

Same here even if I tried to pass the ip option using sudo killswitch -e -ip 123.12.....

[dmitry-kostin]

:(

[nbari]

Hi, I bumped up the versions maybe that help, please give a try

[vadim-miroshnik]

@nbari No, it's the same error again.
I build it from the source on my mac.
v0.7.3

[nbari]

Your VPN is using Wireguard or OpenVPN (what vendor)? the trick now is to improve finding the peer IP.

For now you could find manually the peer IP and load rules manually

[vadim-miroshnik]

I'm using IKEv2.

[dmitry-kostin]

I also tried to build from sources and can confirm that it's still doesn't work. Also passing -ip shows the ip address in the output on startup but connection doesn't work.
I'm also on IKEv2 type of VPN.

[nbari]

It seems to work after the latest update (Sonoma 14.1.2), Does it work for you all?

[vadim-miroshnik]

No, the problem persists on Sonoma 14.1.2 as well.

[nbari]

hi @vadim-miroshnik thanks for trying it out, I will re-implement and use traceroute to try to find the peer, I tested so far with IKE/Wireguard and indeed using netstat USGx is not returning the peer IP, any ideas more than welcome

[nbari]

@vadim-miroshnik if you are using IKE try for now scutil --nwi that will return the VPN server and then you can pass it as the peer IP

[vadim-miroshnik]

Thank you, this is a really working workaround.
I didn't realize there was an -ip parameter where you can specify the VPN server IP.

[solojungle]

Issue also exists on Ventura 13.2.1 (22D68), Atlas VPN

[iwex]

Same problem on Sonoma
I use default wireguard client