Please let me know if this community doesn’t allow tech-support type of questions, I couldn’t find a decently populated community on lemmy for this sort of question and I don’t want to go crawling back to Reddit to ask.
Anyway, I have used iCloud Private Relay since it became available on WiFi with Macbook Pro. It works fine as expected, unless I enable my VPN, which is understandable.
Today, I bought a bunch of ethernet cables and a TP-Link semi-managed network switch (TL-SG108E, it has some configuration options but works out of the box as an unmanaged switch) with the intention of upgrading my network so things like the PS5, my home server, and my Macbook dock have wired connections.
Upon getting everything set up, I realized the Macbook was still using the WiFi, so I disabled WiFi, and lo’ and behold, no internet. Strangely, I can ping everything on my network fine, and access all my self-hosted stuff. I just can’t get out of my network. Figured it might be something with my Pihole. Or, worse case scenario, a dud switch.
Bunch of bullshitting later with no success, I, on a hunch, went into my iCloud settings and disabled private relay, and immediately I have internet access. Everything is working as it should.
So… am I missing something? Why would the sole change of plugging my Macbook into a switch via ethernet break private relay? For that matter - what is private relay doing that could possibly break internet access? If it works on WiFi, I can’t figure out what switching to a wired connection, or the introduction of a switch, could do to cause it stop working.
Lastly, any advice to get it working again? Some configuration somewhere I’m overlooking?
Some routers don’t like iCloud Private Relay as it is a privacy measure. I have gotten notifications from some wireless networks that internet access is not available via iCloud Private Relay. I tell those networks (that want to track my every move) to fuck themselves.
But then connecting over Wifi wouldn’t work either.
It sounds like the switch is doing some type of management or traffic shaping that is breaking your internet connection. I know you said if it works out of the box as a dumb switch with no configuration but it seems obvious that it is doing something. Wi-Fi would bypass the switch unless you have a wireless access point plugged into the switch. My understanding is that Private Relay is basically Tor but through Cloudflare and other providers that Apple uses so it might be a good idea to Google Tor internet issues with a managed switch and see if anything there is applicable.
I’d also check through the settings of the switch and disable any settings you can that impact traffic flow in any way. If you have an actual dumb, unmanaged switch you can switch in, I’d try that too. Even if you have to buy one, they’re fairly cheap and can be a good tool to have in your back pocket to troubleshoot network issues.
My understanding is that Private Relay is basically Tor but through Cloudflare and other providers
No that’s not how it works.
Your traffic is routed directly to a server run by Apple using the masque proxy technique. The data you send and the routing information is encrypted and Apple can’t see the contents as they don’t have the decryption key.
Apple scrubs your data and routing info of anything that could identify you, then passes it on to CloudFlare (or a similar provider). Cloudlfare is able to decrypt the routing information, and if it’s an unencrypted network request (rare these days) Clouflare can also see the data. But Cloudflare can’t link it to you (unless it’s unencrypted). Cloudflare sends the request on to the destination server. Then it all happens in reverse.
Maybe i’ve missed it, but have you tried pluggin your macbook into the network without the switch? Switches are mostly level 2 network devices and sholdn’t affect higher levels.
Does your switch have sticky Mac or any kind of port security turned on? It could be that private relay is randomizing your MAC address to prevent finger printing and it’s messing with the switches port-security settings or ARP table. Actually if that was the case then the local network shouldn’t work… do the other devices work on the switch while you have private relay on?
From what I can tell Apple doesn’t do much to disguise you from the first relay or even your ISP so I doubt it’s any obfuscation on the local end.
Do a trace route and see where your traffic is being dropped. That could at least give you an idea of which device is causing trouble.