Syncing Safari Bookmarks

Got a problem with Viscosity or need help? Ask here!

hurmaila

Posts: 2
Joined: Mon Nov 29, 2021 4:38 pm

Post by hurmaila » Mon Nov 29, 2021 5:00 pm
Greetings.
I use a Mac OS 10.15 Catalina and Viscosity 1.10.1 and I have trouble with syncing Safari Bookmarks.
I have a three Macs on the same OS. Two of them are at home, and the third is at work. From work I connect to my home network via VPN (at home OpenVPN 2.4 server). All works is fine, but Safari Bookmarks won't sync when VPN connection is on. Other iCloud objects are syncing correctly. Even Safari windows and tabs, opened on other Macs are syncing. Trouble only with Bookmarks.

Conditions: VPN is ON
If I make new Bookmark at work, it's not uploaded to home Macs. If I make new Bookmark at home Mac - it's not uploaded to work Mac. But If I turn off Safari in iCloud settings on my work Mac and turn on it back, Safari download new bookmarks, added on home Macs from iCloud correctly.

Conditions: VPN is OFF
All changes on each Mac in Safari bookmarks are syncing correctly.

Anybody can help me to fix it?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Nov 30, 2021 2:41 pm
Hi hurmaila,

I'm afraid we don't have a solution for you: Viscosity treats all network traffic the same. There is no reason from Viscosity's end why Safari bookmark syncing wouldn't work, but other services do.

The most common cause of iCloud syncing issues is that Apple are restricting traffic from your OpenVPN server's IP address. This isn't uncommon, and can occur with both commercial VPN Service Providers and rented VPS servers. For example, we know from personal experience that some iCloud services don't work correctly, and access to developer.apple.com is blocked, from a VPS provider here in Sydney. As you're connecting to your home network this probably isn't the case, but worth mentioning.

Apple is not out to block VPN services from accessing iCloud, but rather if they've seen hacking attempts from these shared IPs before they tend to block them (and not just the individual IP, but the entire subnet range or ASN block the IP address is from).

Some iCloud services don't actually directly use iCloud servers for their functionality. They instead work in a P2P fashion, with your devices directly connecting to each other via an encrypted connection (these are the utunX network interfaces you can see listed in ifconfig). It's possible something about your OpenVPN server may be preventing devices from directly connecting to each other, such as NAT or firewall rules on the server, which is preventing the sync from taking place.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

steve83357

Posts: 7
Joined: Sat Jun 04, 2016 11:57 am

Post by steve83357 » Tue Nov 30, 2021 4:22 pm
I would almost bet that it’s the same problem Mullvad is having (in this case with the Wireguard protocol). The symptoms are identical. You can see a track of the bug here: https://github.com/mullvad/mullvadvpn-app/issues/2401

The Mullvad developers are of the opinion that it’s because they are blocking a protocol that Apple is using in macOS. It’s not Apple blocking IP ranges. This has been confirmed because using the same VPN server bookmarks will successfully sync from iOS to iOS device, and they also sync using a different app (in this case the official Wireguard macOS app).

So… if you can test the syncing between two iOS devices and/or a different app while still using the same VPN server you can prove the problem is with Viscosity and not at Apple’s end.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Nov 30, 2021 6:05 pm
Viscosity doesn't block or restrict traffic at all. That thread mentions that the VPN Service Provider blocks a number of traffic types and ports: none of that applies to Viscosity. Viscosity doesn't block or restrict any traffic through the VPN connection: what is routed through the VPN connection depends on the network routes set and the OpenVPN server you are connecting to.

If the OpenVPN server you are connecting is blocking or restricting the traffic, then its setup will need to be adjusted. This could be firewall rules on the server causing the problem. It could be the NAT rules or setup on the server causing the problem. SafariBookmarksSyncAgent may have unique IP, port, multicast, or GRE requirements that the OpenVPN server isn't routing or forwarding.

The linked thread mentions that SafariBookmarksSyncAgent may have unique multicast requirements. If this is the case you may like to try changing your OpenVPN setup to be TAP (Bridged) instead of TUN (Routed) instead. TAP interfaces operate at a lower IP level and will forward additional traffic types. You can change the Device type to TAP under the General tab when editing your connection in Viscosity. You'll also need to adjust your OpenVPN server to use TAP as well, and set up ethernet bridging between the OpenVPN network adapter and your LAN (instead of NAT/routing).

It's also possible that SafariBookmarksSyncAgent simply refuses to use a third-party VPN network interface on macOS. If so, this is likely a bug in SafariBookmarksSyncAgent, and it should be reported to Apple: https://www.apple.com/feedback/macos.html

It could also depend on your OpenVPN setup. For example, SafariBookmarksSyncAgent may only operate if all network traffic, including both IPv4 and IPv6, is routed through the VPN connection. If you're not routing all traffic, or only routing IPv4, it's possible SafariBookmarksSyncAgent may not function. The same may apply for DNS settings (Full DNS vs Split DNS). However I'm afraid only Apple can answer this one, and you may like to consider reaching out to them.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

hurmaila

Posts: 2
Joined: Mon Nov 29, 2021 4:38 pm

Post by hurmaila » Tue Nov 30, 2021 6:26 pm
Thank you all for the answers, but routing VPN traffic is very difficult for my understanding. Syncing Safari bookmarks is not worth it to devote so much effort and attention to it. I'll just turn off the VPN periodically when I need to.

In my work network, I have some sites that do not open when the VPN is turned on, for this I have exceptions added in the Viscosity connection settings. As in the screenshot. I thought maybe there is a similar solution for iCloud sync.

As I understand it, if it is possible to solve the problem in this way, then I need to ask Apple for these addresses
visc.png
visc.png (154.87 KiB) Viewed 5216 times

steve83357

Posts: 7
Joined: Sat Jun 04, 2016 11:57 am

Post by steve83357 » Tue Nov 30, 2021 7:52 pm
Try a few different apps for testing, that doesn’t take much effort. If you were using Wireguard I could tell you the official app works. But you’re using OpenVPN, so unfortunately I don’t have any specific recommendations.

I’d say the tight integration between macOS and iOS (eg bookmark syncing) is part of what most users like about the ‘walled garden’.
6 posts Page 1 of 1