Private Relay Down ?

[chacrat]

Version 13.3 (22E252)
It says it is on but it is not (as checked with https://whatismyipaddress.com/ or anything).
Used to work (at least till yesterday I guess).

 

[Unsupported]

Version 13.3 (22E252)
It says it is on but it is not (as checked with https://whatismyipaddress.com/ or anything).
Used to work (at least till yesterday I guess).

How do you know it's down if https://whatismyipaddress.com/ says it isn't?

Have you tried https://www.dnsleaktest.com ?

 

[iStorm]

It's still working fine for me. Maybe try restarting? You're using Safari?

How do you know it's down if https://whatismyipaddress.com/ says it isn't?

Have you tried https://www.dnsleaktest.com ?

Think chacrat is saying it's turned on, but whatismyipaddress.com is showing the actual IP address instead of a private one.

 

[bogdanw]

Apple - Support - System Status
https://www.apple.com/support/systemstatus/

 

[chacrat]

With Opera
https://whatismyipaddress.com/ shows my correct city as well as my true IP.
It was not like that before.

DNS Leak shows the same IP as whatismyipaddress.com (Welcome xx.xx.xx.xx) and the DNS from my ISP.

 

[bogdanw]

Private Relay works in Safari. You probably had Opera VPN turned on before.

 

[chacrat]

With Safari :

https://whatismyipaddress.com/ shows my correct city as well as my TRUE IP.
I am positive it was not like this before with Safari.

DNS Leak shows the same IP as whatismyipaddress.com (Welcome xx.xx.xx.xx) and the DNS from Apple.

 

[bogdanw]

See "About iCloud Private Relay" https://support.apple.com/HT212614

 

[chacrat]

Ok. Then it is normal ?

 

[svenmany]

If a website viewed in Safari knows your actual IP address, then private relay is not working; it's not normal. When I turn private relay on, the whatismyipaddress website show an IP address which is not mine and a location where I am not located.

 

[chacrat]

If a website viewed in Safari knows your actual IP address, then private relay is not working; it's not normal. When I turn private relay on, the whatismyipaddress website show an IP address which is not mine and a location where I am not located.

Yes that is what I thought. So something is wrong cause, in my settings, iCloud Relay is green.
But the DNS are hidden in Safari (cause when I disable iCloud Relay) my real DNS are visible.

 

[Unsupported]

Think chacrat is saying it's turned on, but whatismyipaddress.com is showing the actual IP address instead of a private one.

You're right, I misread and thought chacrat meant whatismyipaddress.com showed a Private Relay IP but somehow it wasn't working. 🙊

 

[chacrat]

Thanks all for your replies.
I checked this issue only occurs when using Wifi. When I use a wired connection, iCloud Relay works as expected.

 

[svenmany]

Thanks all for your replies.
I checked this issue only occurs when using Wifi. When I use a wired connection, iCloud Relay works as expected.

If you're not running software that manipulates networking in some way (e.g. vpn or add blocker), then you've uncovered a significant bug.

 

[chacrat]

This occurs without an add blocker (I had Adguard but now removed). As for the VPN, I had Forticlient (now removed).

 

[bogdanw]

As the support article mentioned in post #8 states, Private Relay can be turned off for a specific network on your Mac.
Make sure that it is not turned off for Wi-Fi.

 

[chacrat]

Thanks. I checked and it is enabled for all my wifi.
I contacted Apple but they do not offer support for beta versions. Will have to wait then

 

[bogdanw]

I contacted Apple but they do not offer support for beta versions. Will have to wait then

Version 13.3 (22E252)

What beta? You are running the release version of Ventura 13.3
https://mrmacintosh.com/macos-ventura-13-full-installer-database-download-directly-from-apple/
https://en.wikipedia.org/wiki/MacOS_Ventura#Release_history

 

[chacrat]

Yes ... But meanwhile I installed 22F5027f.

 

[svenmany]

As for the VPN, I had Forticlient (now removed).

Some VPN's manipulate MacOS's packet filter (i.e. the thing maintained with pfctl). Often the packet filter interferes with private relay. There's a chance that the VPN left something in place in the packet filter configuration that wasn't cleaned up when you removed it. You should confirm that your packet filter is disabled and there are no special entries, other than what's found in /etc/pf.conf.

I suppose there might be other cruft leftover as well, depending on how you uninstalled Forticient. Certainly check all your launch agents and daemons.

The Fortinet uninstall instructions at https://community.fortinet.com/t5/F...to-uninstall-FortiClient-on-macOS/ta-p/229617 seem pretty nonsensical. They list different methods to uninstall, but method 1, for example, doesn't do much of an uninstall. I think you have to execute all of the "Methods" to get everything uninstalled. Maybe rename "Method 1", "Method 2", "Method 3", and "Method 4" to "Step 1", "Step 2", "Step 3", and "Step 4".

 

[chacrat]

Thanks I will post

 

[chacrat]

sudo nano /etc/pf.conf

#
# Default PF configuration file.
#
# This file contains the main ruleset, which gets automatically loaded
# at startup. PF will not be automatically enabled, however. Instead,
# each component which utilizes PF is responsible for enabling and disabling
# PF via -E and -X as documented in pfctl(8). That will ensure that PF
# is disabled only when the last enable reference is released.
#
# Care must be taken to ensure that the main ruleset does not get flushed,
# as the nested anchors rely on the anchor point defined here. In addition,
# to the anchors loaded by this file, some system services would dynamically
# insert anchors into the main ruleset. These anchors will be added only when
# the system service is used and would removed on termination of the service.
#
# See pf.conf(5) for syntax.
#

#
# com.apple anchor point
#
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"

sudo nano /etc/pf.anchors/com.apple

#
# com.apple ruleset, referred to by the default /etc/pf.conf file.
# See notes in that file regarding the anchor point in the main ruleset.
#
# Copyright (c) 2011 Apple Inc. All rights reserved.
#

#
# AirDrop anchor point.
#
anchor "200.AirDrop/*"

#
# Application Firewall anchor point.
#
anchor "250.ApplicationFirewall/*"

sudo pfctl -d
and reboot.

Same (again working as expected with a wired connection, and Apple DNS in wifi). The only issue is the visible IP in Wifi.

 

[svenmany]

Let me mention the kind of cruft that Private Internet Access left in my filter rules that prevented private relay from working. These settings were not cleaned up even after uninstalling PIA. Also, just disabling the firewall with pfctl -d was not enough to fix things.

PIA created "anchors" in the main ruleset where it put its own rules. For me, the anchors had to be removed to reenable private relay. I suspect most tools would put their custom stuff in such anchors. You can list the anchors with the following

sudo pfctl -sA -v

The "-v" means to descend recursively - anchors within anchors within anchors. I see

No ALTQ support in kernel
ALTQ related functions disabled
com.apple
com.apple/200.AirDrop
com.apple/250.ApplicationFirewall

That's all you should see as well. That's just what's defined in /etc/pf.conf, loaded automatically at boot (unless you've taken steps to disable the particular system launch daemon defined in /System/Library/LaunchDaemons/com.apple.pfctl.plist). But other tools could install their own launch agents or daemons to add anchors at login or boot, respectively. You would see evidence of that in the response to pfctl -sA -v. I used to see an anchor with "privateinternetaccess" in its name.

Anyway, maybe PF is not your problem at all. But if the problem is not related to the VPN you had installed, then it would have been great if you could have checked with Apple to get to the bottom of it - too bad you're sticking to unsupported betas.