[macOS Sequoia 15.7 + UTM 4.7.4] Shared/Bridged network and Cisco AnyConnect issues — no NAT, no extensions, VPN service unavailable

[bdovh]

After upgrading to macOS Sequoia 15.7.1 (24G231) and UTM 4.7.4 (115), I can’t get stable networking or VPN connectivity inside any guest system — Windows ARM, Ubuntu, or macOS guest.

Here’s a summary of what I’ve tested and observed:

1. Shared Network (NAT)

In Sequoia, UTM no longer creates the vmnet1 interface — ifconfig | grep vmnet returns nothing.

DHCP does not respond inside guests (ipconfig or dhclient returns APIPA / 169.254.x.x).

Manually assigning standard QEMU NAT IPs (10.0.2.x / 192.168.64.x) doesn’t work.

Resetting QEMU Helper, reinstalling UTM, or rebooting macOS does not bring back the NAT service.

Looks like vmnet.framework is now sandboxed and requires new entitlements Apple hasn’t documented.

2. Bridged Mode

Works only over Wi-Fi (en0); Ethernet adapters (en8/en9) can’t bridge — guest shows “unplugged cable”.

Even with Wi-Fi bridging, VPN clients inside guests behave unpredictably.

3. Windows 11 ARM Guest

Works initially via Bridged mode for Wi-Fi (en0).

After installing Cisco AnyConnect or UTM Guest Tools → system crashes with
PAGE_FAULT_IN_NONPAGED_AREA (0x50) and can’t boot.

Removing TPM (TPMDevice=false) and rebuilding EFI doesn’t help.

4. macOS Guest

Internet works after enabling Bridged connection from host.

Cisco AnyConnect GUI launches but fails with:

“The VPN Service is not available. Exiting.”
vpnagentd log shows DNSPLUGINMGR_ERROR_OPEN_PLUGIN_FAILED

systemextensionsctl list → shows 0 extensions.

macOS guest doesn’t allow NetworkExtension or SystemExtension to load under UTM / QEMU sandbox.

5. Confirmed Behaviors

On host macOS Sequoia, vmnetd has been fully deprecated — NAT and DHCP are handled via private NetworkExtension only accessible to Apple-signed apps.

UTM 4.7.4 does not use the new entitlement; as a result, Shared Network = broken, Bridged = partial, and VPN inside guest macOS = impossible.

❓ Questions for the community

Has anyone managed to get Shared Network (NAT) working again on Sequoia with UTM 4.7?

Are there any workarounds to enable NetworkExtension-based NAT or custom DHCP for guests?

Has anyone found a way to run Cisco AnyConnect (or any UI VPN) inside a guest macOS or Windows under Sequoia?

Is UTM planning to migrate to Apple’s new Virtualization framework for NAT, or is there a helper workaround we can test?

🧾 Environment

Host: macOS Sequoia 15.7.1 (24G231)

UTM: Version 4.7.4 (115)

Guests tested:

Windows 11 ARM

Ubuntu 22.04 ARM

macOS 15.6.1 24G90 guest

Cisco AnyConnect version: 5.x (latest as of Oct 2025)

🧩 What I’ve already tried

Reset QEMU Helper, reinstalled UTM, rebooted.

Rebuilt EFI (bcdboot, manual mount).

Switched adapters (virtio-net-pci, e1000, rtl8139) for Windows guest.

Disabled TPM, Secure Boot.

Tried both Bridged and Shared modes.

Checked logs via log show --predicate 'subsystem == "com.apple.vmnet"' → no output (vmnet.framework not initializing).

🧠 Conclusion

It seems that macOS Sequoia’s new networking sandbox fully blocks UTM’s NAT (vmnet-shared) and macOS guests cannot load Cisco AnyConnect extensions due to SystemExtension restrictions.

Would appreciate confirmation from UTM devs or anyone who managed to bypass this with a custom pfctl NAT or Apple’s Internet Sharing workaround.

📎 TL;DR

UTM 4.7.4 on Sequoia → Shared Network (NAT) completely broken.

Bridged mode works partially (Wi-Fi only).

Cisco AnyConnect fails to start inside guest macOS (DNSPLUGINMGR_ERROR_OPEN_PLUGIN_FAILED).

Looking for workarounds or future plans for Sequoia-compatible networking in UTM.

[guw]

Same here. Neither shared nor bridged (advanced) seems to do anything for me (macOS guest on macOS host).
I was wondering how you got bridge networking working at all. I tried it and I can't get it to work either.

In the bridged config the guest says "self-assigned IP".

[bdovh]

Same here. Neither shared nor bridged (advanced) seems to do anything for me (macOS guest on macOS host). I was wondering how you got bridge networking working at all. I tried it and I can't get it to work either.

In the bridged config the guest says "self-assigned IP".

I think I was selecting WIFI connector and it somehow worked, however, I couldn't get VPN launched inside the guest machine.
When I tried to select Ethernet connector, it didn't work at all.

Have you tried to connect under WIFI connector instead of Etherner connector?

[alexeigs]

Adding another data point for recent Shared Network regressions.

On macOS 15.7.3 + UTM 4.7.4:

• Starting a VM with Apple Virtualization immediately causes macOS to install RTF_REJECT routes on bridge100.
• Host → guest traffic is rejected at the routing layer.
• Guest networking otherwise works fine.
• This persists across clean macOS reinstall and is not affected by firewall/PF state.

Local Network privacy seems involved:

• UTM never appears in Privacy & Security → Local Network on this system.
• There is no way to manually grant it on 15.7.x.
• Switching the same VM to the QEMU backend avoids the issue entirely.

This feels less like a random regression and more like a macOS Sequoia policy change interacting badly with vmnet / Apple Virtualization.

[natevw]

Should have read this more closely before filing my #7678 — I think it's more related than I initially thought. But my situation is somewhat different in that I'm not having issues on the guest side per se at least. And networking had been working on earlier versions of Sequoia.

Guest is actually still Monterey 12.6.3. I've been meaning to update this for ages now but sounds like maybe I lucked out?

Host was an earlier version of Sequoia, which worked. After upgrade to 15.7.5 the "Shared" networking mode seems to have stopped working. Bridge mode does work with WiFi adapter selected.

What combos are problematic here? It seems that:

• Sequoia host, Monterey guest — works (* but requires bridge workaround)
• Sequoia host, Sequoia guest — sounds like it's broken and cannot use Cisco VPN?!
• Tahoe host, Tahoe guest — ???
  • if I do upgrade my host, and recreate a new guest, will things work?!
• Tahoe host, Monterey guest — ???
  • althernately if/when I end up updating just my host, but keep the ancient guest image, does anyone have experience with that combo?