When I'm working away from home, I like to use my iPad as a second monitor using Apple's "sidecar" feature. However, I noticed that, if the wifi network isn't great, there can be some performance issues or disconnects. So, I wanted to use a USB cable instead.
This worked fine, until I switched on my company's VPN. Within seconds, sidecar disconnected with a cryptic error message. Any attempt to reconnect failed with odd behavior (I'd get an error in OSX, but a black screen would load on the iPad).
Turns out: VPN clients will disable IPv6 unless the VPN configuration has explicit support for IPv6. The reason for this is that a large majority of VPNs are not configured for IPv6, so any IPv6 traffic will bypass the VPN. If you're attempting to use the VPN to secure all of your internet traffic, this is a problem! All of your IPv6 traffic will "leak".
It also turns out that connecting your iPad via USB makes it appear as a virtual ethernet device, configured to use IPv6. So, connecting to the VPN disables IPv6 and sidecar can no longer communicate with the iPad.
However, I'm not using a VPN to secure all of my traffic—just the traffic to my company's network. All of that traffic is IPv4 anyway, so, this security feature is lost on me. Disabling it solves all my sidecar issues! Woo!
So, if you're in the same boat as me, trying to use sidecar with a VPN, try searching through your VPN client's settings or documentation for this feature and disable it. Here's how to do that with tunnelblick:
- Click on tunnelblick's icon in the menu bar
- Select "VPN Details"
- Click on "Configurations" at the top
- Select your VPN configuration from the left-hand side
- Uncheck "Disable IPv6 unless the VPN server is accessed using IPv6"
- You may need to restart the VPN?
- Profit.
Top comments (3)
I had a similar but opposite issue, but your solution completely fixed it! What would happen is I would have my iPad connected to my MacBook via USB-C to use sidecar, and I could successfully connect to my company VPN (through which I route all traffic), but my traffic would not be routed correctly. Any time I would try to initiate SSH or MySQL clients that would require tunneling via our VPN IP, the clients would simply not connect unless I first disconnected sidecar and disabled/re-enabled VPN. Basically I could not use wired sidecar and VPN at the same time.
However, unchecking "Disable IPv6 unless the VPN server is accessed using IPv6" in Tunnelblick has completely fixed this issue!
Ooh, great catch! I'm really surprised that running SideCar over USB also hits this issue!
🙌 Excellent idea! Confirmed this also works with Cisco Secure Client (AnyConnect VPN) > settings > allow local (lan) access when using VPN