VPN Not Working on Mac: What to Check in macOS Sequoia and Tahoe in 2026

If your VPN on Mac is not working but the connection icon looks "fine," the problem is rarely a single magic switch. In 2026, the usual suspects on macOS are tangled DNS, network extensions, the firewall, routes and the settings of a specific VPN app. Below is a practical diagnostic order — no risky commands and no advice on bypassing laws: just a safe inspection of your device, network and subscription.

This guide is suitable for MacBook, iMac and Mac mini running macOS Sequoia 15 and newer macOS versions. If you need a stable VPN for everyday access, start at the FoliVPN landing page and then use this checklist to configure things on your specific Mac.

In short: where VPN usually breaks on Mac

According to recent Apple reference materials, macOS supports several VPN scenarios: built-in protocols, VPN On Demand, per-app VPN and solutions via the Network Extension framework. This is convenient, but it adds several places where conflicts can occur: the app may connect, while DNS or routing to websites does not.

Open Tunnelblick troubleshooting materials for OpenVPN put a typical case simply: if the VPN is connected but websites do not open, DNS, routing or the server itself is usually to blame. Tailscale discussions around macOS Sequoia mention complaints about a DNS-plus-firewall combination, especially when strict blocking of incoming connections is enabled. This does not mean every user has the same bug; it means you should check things in layers rather than reinstalling everything at once.

Quick symptom table

Step 1. Decide: is the VPN failing to connect, or connecting "empty"?

First, split the problem into two classes.

Class A: the VPN does not connect at all. The app hangs on Connecting, asks for permissions, shows a profile error or fails to create a tunnel. Here macOS permissions, the client version, the subscription profile and server availability matter.

Class B: the VPN is connected, but there is no benefit. The icon is active, but websites do not open, the IP does not change, DNS does not resolve domains, or only certain apps work. Here DNS, routing, split tunneling, the firewall or a conflict with another network utility is more often to blame.

Do not start by resetting all network settings. On a Mac this can wipe useful Wi-Fi, DNS, proxy and corporate parameters. Run the soft diagnostics below first.

Step 2. Check the VPN app's permissions in macOS

Modern VPN clients on macOS often use system extensions or Network Extension. Apple's deployment documentation describes Network Extension as a mechanism for custom VPN solutions on iOS, iPadOS, macOS and other platforms. In practice this means: if macOS has not authorized the extension, the app may look installed but will not be able to properly create a tunnel.

Check:

1. Open System Settings → Privacy & Security.
2. See whether there is a request at the bottom to "allow system software" or a network extension from your VPN client.
3. Open System Settings → Network → VPN & Filters and make sure the profile exists and turns on without extra warnings.
4. Update the VPN app to the current version, especially after a major macOS update.

If the error appeared right after upgrading to Sequoia or Tahoe, do not conclude that "the VPN is dead." Major macOS updates sometimes change firewall, DNS and app permission behavior.

Step 3. Separate a DNS problem from a routing problem

DNS is a common reason for the "VPN connected, but no internet" situation. Tunnelblick recommends a simple test: if a site opens by IP but not by domain name, DNS is likely the culprit. A regular user can check this without the Terminal: try several different sites, then temporarily change DNS in the network settings.

Apple gives the path for DNS settings: System Settings → Network → selected network → Details → DNS. There you can see DNS Servers and Search Domains. Important: DNS can be changed separately for Wi-Fi, Ethernet and other network services. If you manually entered the provider's DNS, it may behave poorly over a VPN, because queries start arriving from "the wrong" network.

A safe order:

• write down the current DNS before changing it;
• remove obviously outdated or unknown DNS entries if you don't understand why they are there;
• test with the DNS suggested by the VPN app;
• if the VPN client allows it, switch the DNS setting inside the app;
• after testing, restore the original parameters if things got worse.

If you've already read about DNS conflicts on phones, the logic is similar: see the companion article Private DNS interferes with VPN. On Mac the menu names differ, but the principle is the same: the domain name must resolve through the expected DNS, not through some random old profile.

Step 4. Check the firewall without turning off security "forever"

The firewall on Mac is useful: Apple describes it as a way to prevent unwanted connections from the internet or other networks. But overly strict settings can interfere with network apps, especially if Block all incoming connections is enabled or if the VPN client is not on the allowed list.

What to do carefully:

1. Open System Settings → Network → Firewall.
2. Go to Options.
3. Check whether your VPN client is blocked.
4. If Block all incoming connections is enabled, temporarily test without this option.
5. Do not leave the firewall off as a permanent solution. The goal is to find out whether it affects the symptom.

In an open Tailscale issue about macOS Sequoia, participants described DNS/firewall symptoms and noted that they were more common when "block all incoming traffic" was enabled. This is not universal proof for every VPN, but it is a good hint: check the firewall before removing the app.

Step 5. Make sure traffic actually goes through the VPN

Sometimes the VPN on Mac is connected only to a private network or to specific apps. Apple separately describes split tunneling and per-app VPN as normal scenarios: some traffic may go through the tunnel, some directly. This is convenient for corporate tasks, but confusing if the user expects "all internet through the VPN."

Check:

• whether "selected apps only" mode is enabled;
• whether there are exceptions for the browser, Telegram, Discord or YouTube;
• whether the public IP changes in the browser after connecting;
• whether another VPN, proxy, DNS filter or antivirus network shield is also enabled.

If you need a VPN only for certain apps, it helps to understand the model in advance: see VPN split tunneling. If you want all browser traffic to go through the tunnel, exception settings must be turned off.

Step 6. When it's not the Mac but the network or server

There are signs that the Mac is fine and the problem is outside:

• one server doesn't work, another connects;
• everything is fine at home, but not at the office or hotel;
• it works on Wi-Fi but not via a phone hotspot;
• sites open, but video and voice calls drop;
• the problem appeared on several devices at once.

In such cases try a different server, a different protocol inside the app and a different network. Do not use dubious "workaround" scripts from random channels: they can change system routes and DNS without a clear rollback. For router scenarios, it's better to read a separate guide, for example VPN on a router: where to start, rather than copy commands from someone else's hardware to your Mac.

10-minute diagnostic checklist

• Restart the VPN app and the Mac if the problem appeared after an update.
• Check whether another server from the same provider connects.
• Look at permissions in Privacy & Security and Network → VPN & Filters.
• Check DNS under Network → Details → DNS.
• Temporarily test the firewall's impact, without leaving it off forever.
• Disable a second VPN, proxy, DNS filter or third-party antivirus network shield.
• Check whether the public IP changes and whether per-app/split mode is on