With WG on Router: Apple iCloud Auth Issues

Proton dr.morgan.00 at protonmail.com
Wed May 1 22:23:08 CEST 2019


Hello all! My first post :) I have two linux systems (Ubuntu 18.04.2) set up as routers:

 One is running the latest mainline OpenVPN apt package connecting to AirVPN (have also used ProtonVPN). I experience no issues with any internet interactions. My iOS and MacOS (latest versions) work perfectly for Web, email (imap, smtp), messaging, iCloud Drive, etc.. These endpoint machines on the local LAN are not, themselves, running any VPN software. The router is also running Pihole domain name filtering. Life is good.

 The other is running the latest Wireguard apt/deb package. I initially ran it connected to an Algo instance on a droplet @ Digital Ocean. I recently also tried it on Cryptostorm's Wireguard offering. I have used normal external DNS, dnscrypt-proxy, and the proxy with dnsmasq host/domain filtering. Everything works *great* except, in all configuration, my MacOS systems on the LAN cannot send or receive (imap) email for *Apple* accounts (@icloud.com and @mac.com). Although, Protonmail.com and gmail.com imap accounts work with no issues. The Notes and Calendar apps on the Mac work fine and sync successfully. The Apple email connections just spin until they ultimately time out.  I even tried an alternative email client (Spark), but the app-specific password Apple provided for the app would not authenticate, with behavior very similar to the email servers. There’s an obvious pattern emerging here :) - something about Wireguard is blocking Apple’s iCloud authentication process, although I don’t know why Notes and Calendar continue to work, tbh. I’ve searched the Web, and truly thought something would pop up immediately, given that Wireguard has iOS and MacOS client apps in their respective App Stores, but nothing surfaced. I *really* want to use Wireguard as my VPN solution (I’m toying with developing a personal appliance using VPN functionality), but this Apple issue is a show stopper. Surely, given the Apple apps that you have developed, there must be something else I need to do with my configuration to fix this.

Any assistance you all can provide would be *greatly* appreciated. I’m more than happy to donate to the project, etc. - but I need this all to “just work”. Wireguard is simply the most elegant VPN solution I’ve ever seen, so I’m really rooting for your success!

-Best Care
  David




More information about the WireGuard mailing list