Mac users have been excited for months for the new macOS update, codenamed Big Sur. What they didn’t expect is that it would allow certain applications on their computers to completely bypass their VPNs and firewalls, opening up serious vulnerabilities. Fortunately, there are ways to make your VPN work with Big Sur.

What Actually Happened?

The problem was initially discovered and posted by Twitter user @mxswd on October 19th.

why you need to make your vpn work with big sur
“Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running”

This was later confirmed by security expect Patrick Wardle at Jamf, who elaborated, “Previously, a comprehensive macOS firewall could be implemented via Network Kernel Extension (kext). Apple deprecated kexts, giving us Network Extensions… but apparently many of their apps/ daemons bypass this filtering mechanism.”

This was pointed out while the OS was still in beta, but for some reason Apple didn’t correct the issue. Unfortunately, this means that it’s possible for hackers to take advantage of this exploit with malware that can send personal information to remote servers.

Honestly, the best way to avoid this issue is to not install the update until Apple releases a patch that will correct this problem. However, for those of you who have already done so and don’t know how to revert to an earlier version of the OS, we have a workaround that should at least make your VPN work with Big Sur.

How You Make Your VPN Work with Big Sur

Not to get too technical, but what’s wrong with the new version of macOS is that it breaks what is called a TAP adapter. TAP is a virtual network tool that acts like a switch for data from the physical part of your connection. Basically, it makes your computer think you’ve plugged in another Ethernet cable that just happens to be from a different Internet service provider. Big Sur keeps you from doing that.

What you have to do instead is utilize a TUN adapter. This is a simpler way of dealing with information which just tells the data the safest way to get from point A to point B. It has advantages and disadvantages over TAP, but right now the biggest advantage is that it should make your VPN work with Big Sur.

Start by opening the PrivadoVPN app on your computer. Click on the “gears icon” in the top right.

main PrivadoVPN app screen

Next, click on the Protocol tab at the top of the app.

click on the Protocols tab at the top

Select the radio button “OpenVPN” and look at the options next to Protocol. You should see the Protocol as UDP and the Port as 1194.

Change the Protocol to TCP and the Port to 443. That will take you off TAP and put you on TUN.

Change the Protocol options to match this.

Restart your VPN app. That’s it.

What Happens Next?

We wish we could tell you that Apple is working on a fix, but they’ve been incredibly close-lipped about this. They might be working on a patch, or they might be willing to just wait it out until users feel they have to upgrade.

Keep in mind, even though this should get your VPN working again, it doesn’t address that Mac applications are still able to bypass your firewall. Sorry, that’s a bit outside of our wheelhouse.

Your security is a priority for PrivadoVPN. We’ll keep watching this story and working on ways to make sure that your data remains secure, even on macOS.