Skip to content
/ claude-cowork-vpn-fix Public

Route Claude Cowork VM traffic through host VPN on macOS. Fixes slow connections and timeouts caused by MTU mismatch with VPN tunnels.

11 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vec715/claude-cowork-vpn-fix

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
screenshot.png
screenshot.png
 
 

Repository files navigation

Claude Cowork VPN Fix

Route Claude Cowork VM traffic through your host VPN on macOS.

Caution

Your network setup might differ (different VPN, interface names, subnets). If you run into issues, paste the error or ifconfig output into Claude Code and ask it to help adapt these commands for your setup.

The Problem

Claude Cowork runs in a Linux VM using Apple's Virtualization.framework. By default, the VM's network traffic bypasses your VPN, even when VPN is connected on the host.

Even worse: if traffic does route through the VPN, there's an MTU mismatch (VM uses 1500, VPN tunnel is ~1376) causing packets to drop and connections to fail silently.

Symptoms:

  • Cowork requests hang or timeout
  • Extremely slow responses

Screenshot

Quick Fix

# 1. Find your VPN interface (look for one with inet 10.x.x.x)
ifconfig | grep -A2 "^utun"

# 2. Apply fix (replace utun4 with yours)
sudo pfctl -a com.apple/vm-vpn-nat -f - <<'EOF'
scrub on bridge100 max-mss 1300
nat on utun4 from 192.168.64.0/24 to any -> (utun4)
EOF

# 3. Verify
sudo pfctl -a com.apple/vm-vpn-nat -s all

This fix is temporary and won't survive a reboot. See below for persistent setup.

Persistent Setup

1. Create the pf anchor file

sudo tee /etc/pf.anchors/vm-vpn-nat <<'EOF'
scrub on bridge100 max-mss 1300
nat on utun4 from 192.168.64.0/24 to any -> (utun4)
EOF

Note: Replace utun4 with your VPN interface from ifconfig | grep -A2 "^utun"

2. Register the anchor

sudo tee -a /etc/pf.anchors/com.apple <<'EOF'

#
# VM VPN NAT for Cowork
#
load anchor "vm-vpn-nat" from "/etc/pf.anchors/vm-vpn-nat"
EOF

3. Load and verify

sudo pfctl -f /etc/pf.conf
sudo pfctl -a com.apple/vm-vpn-nat -s all

You should see both rules listed. The fix will now persist across reboots.

Verify It Works

# Check your host's public IP
curl -s ifconfig.me

# Ask Cowork to run the same command
# Both IPs should match

How It Works

Two pf rules:

  1. nat on utun4 — Masquerades VM traffic (192.168.64.0/24) through the VPN interface so it exits via the VPN tunnel instead of the regular network.

  2. scrub max-mss 1300 — Clamps TCP MSS to prevent packets larger than the VPN tunnel can handle. Without this, large packets get fragmented or dropped, causing connections to reset.

Tested With

  • macOS 26 Tahoe
  • AmneziaWG (WireGuard-based)
  • Claude Cowork (January 2026)

Should work with any VPN that creates a utun interface.

About

Route Claude Cowork VM traffic through host VPN on macOS. Fixes slow connections and timeouts caused by MTU mismatch with VPN tunnels.

Resources

Readme
Activity

Stars

11 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors