Anyone else have this issue? Universal Control works great, but as soon as you connect to Cisco AnyConnect VPN (used for work), Universal Control is disabled. This happened with Sidecar in the past.
Ok so I hope I can explain this in a way that makes sense, but basically when you are connected to the VPN your computer can no longer tell that it’s on you local home LAN. That’s what a VPN does is basically secure the connection down to as if the machine was physically connected to a port in your office for example. That being said sidecar and universal control both use WiFi to work and they look for devices on the same network they are on. Your Mac on the VPN will think it’s on your work network so therefore not be able to identify your iPad or whatnot for universal control. I hope this makes sense I can have a habit of talking in a circle sometimes.
AirDrop also doesn’t work with some VPNs.
You need split tunnel VPN
This happens with me too, only I use express vpn. If anyone could give me any tips if it’s possible to use universal control at all with vpn, it’d be appreciated.
It’s less like that the VPN disabled it. And more likely that your Mac is managed by your work. And they have installed managed profile that disabled certain iCloud features that is required for universal control and sidecar to work.
Cisco AnyConnect is a mess
Not just AnyConnect - breaks when I use ExpressVPN. What is strange is that the problem is only on the MacOS side. My iPad can stay on the VPN, but it only works when the VPN is shut off on my M1 MacBook.
Totally makes sense! So I put the iPad and MacBook Pro on the same VPN as my Mac Mini, but Universal Control still didn’t work. My guess is each one has a unique "address’ to it and therefore cannot work together.
Would this not also impact Sidecar? My Mac (Cisco VPN’d) and iPad (not VPN’d) are able to Sidecar, but not Universal Control.
Tell me more… I am interested.
still doesn’t work under split-tunnel.
I am not sure, but I imagine it has something to do with the service discovery that Universal Control needs and the changes that your split tunnel vpn makes to the routing table to do its magic.
In split tunnel vpn scenarios, often the vpn will be configured to allow RFC-1918 ips (192.168.0.0/16, 10.0.0.0/8, etc) to be routed to the local network by setting those routes to the interface connected to the local network (wifi or ethernet interface). Then the default route will point into a virtual tunnel interface that the vpn creates.
This way traffic to/from local addresses still works while other traffic goes to your vpn. This is why synergy (paid software that does the same thing as universal control, more or less) works under split-tunnel vpns – because with synergy, you specify the local server address in the client config. My guess is that the service discovery magic that Apple does to make Universal Control work gets tossed into the default route and lost in the VPN tunnel. I could be wrong here on the specifics, but generally, this is the problem.
Basically, universal control will not work because of Apple’s insistence on making it super easy to use. IOW: Apple breaks power users to enable non-power-users. If Apple had a config layer where you could wire up the machine ip addresses that Universal control worked on, this could work.
If it worked before the VPN is running and breaks when the VPN is running it’s a safe bet that the VPN is the issue. Especially when considering that this feature uses Wi-Fi LAN connections to work.
I got it to work with ExpressVPN by turning off the VPN’s “Stop all internet traffic if the VPN disconnects unexpectedly” checkbox on the Mac (under Preferences > General)
Yeah it’s likely too that your corporate network has stuff like device discovery locked down so outside connected machines can only “see” approved other devices.
Cross device traffic should be blocked. One way around this is if you can use both LAN and Wifi on the Mac. Another possible option is to put the VPN adapter lower in the connection order.
Split tunnel VPN will only route corporate network traffic over VPN. I’m guessing UC relies on Bonjour which only works over a local network and won’t work if using full tunnel VPN.
This works, thank you
Yes - the IT folks in charge would have to enable split tunnel. Without it, your Mac (or PC) can’t network with any of your local devices so Universal Control won’t work nor Sidecar nor access to your home printers if they’re not directly connected to your Mac. It’s a pain but done for extra security.
But, there is a way around it!!! If you have multiple network connections (e.g. 2 Ethernets or Ethernet plus Wifi) you can attach the VPN to one and your local network to the other. Might be a little tricky to set up.