Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No interfaces in Ubuntu when using networkingMode=mirrored #11002

Closed
1 of 2 tasks
erikspigle-payroc opened this issue Jan 9, 2024 · 27 comments
Closed
1 of 2 tasks

No interfaces in Ubuntu when using networkingMode=mirrored #11002

erikspigle-payroc opened this issue Jan 9, 2024 · 27 comments
Labels

Comments

@erikspigle-payroc
Copy link

erikspigle-payroc commented Jan 9, 2024

Windows Version

10.0.22621.2861

WSL Version

2.0.14.0

Are you using WSL 1 or WSL 2?

  • WSL 2
  • WSL 1

Kernel Version

5.15.133.1-1

Distro Version

20.04

Other Software

N/A

Repro Steps

%UserProfile%\.wslconfig

[wsl2]
networkingMode=mirrored
dnsTunneling=true

When I connect to our corporate network via GlobalProtect VPN client, which was recently re-configured from split-tunnel to full-tunnel VPN, I have no Internet (whereas it works fine while disconnected). When not using the above networkingMode=mirrored, connectivity to the Internet does not work due to GlobalProtect taking priority over all routes on the host workstation. Anything like "sudo apt update" or other things that will hit the Internet will fail. DNS resolution works just fine with the "dnsTunneling=true" setting set to true and all lookups work fine.

Once I set "networkingMode=mirrored" in the .wslconfig file, all interfaces within the Ubuntu VM disappear except for the "lo" interface. I and several others in our organization are seeing the same thing. We do have one individual in the organization that seems to be operating fine with "networkingMode=mirrored", but we have been unable to determine what is different about this individual's configuration.

Expected Behavior

With "networkingMode=mirrored", I would expect to see my host workstation interfaces mirrored into my Ubuntu instance.

Actual Behavior

All interfaces except "lo" get removed when "networkingMode=mirrored" is configured.

Diagnostic Logs

Have emailed to wsl-gh-logs@microsoft.com

Copy link

github-actions bot commented Jan 9, 2024

Hi I'm an AI powered bot that finds similar issues based off the issue title.

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you!

Open similar issues:

Closed similar issues:

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

@erikspigle-payroc
Copy link
Author

If it helps, I've tried Ubuntu 22.04 as well, and have flipped between a few wsl versions including 2.0.9 and 2.0.15 pre-release on top of what I'm testing now with the newest non-pre-release. I and a few other engineers with our company are unable to make this networkingMode=mirrored setting work without watching all of our interfaces get clobbered. I have completely uninstalled all of WSL and kernels, as well as features like Hyper-V, Virtual Machine Platform and Windows Subsystem for Linux and started all over with a basic wsl --install to start fresh, but to no avail.

@OneBlue OneBlue added the network label Jan 9, 2024
@chanpreetdhanjal
Copy link

Hi. Can you please collect networking logs by following the instructions below?
https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues

@erikspigle-payroc
Copy link
Author

I already did when I posted this issue initially and sent them to the email address indicated in my post. I was requested not to post the logs directly to here by my company's InfoSec team. They were emailed to wsl-gh-logs@microsoft.com as indicated in your link already.

@chanpreetdhanjal
Copy link

@craigloewen-msft can you share the logs?

@erikspigle-payroc
Copy link
Author

Checking back in again to see if there is anything further that I can provide. We had another ticket put in where around 15 people from a couple other departments are dealing with this and the number of reported impacted users is increasing.

I did take another opportunity to purge all things related to WSL2 / Hyper-V / Virtual Machine Platform from my system and then re-install with "wsl --install" once rebooted and back. There must be some residual settings or something else that keeps impacting this. I took the opportunity to update to the latest 2.1.0.0 release as well, but that made no difference. I did take an opportunity to look at my Windows "System" event viewer log and there are around 80 entries getting logged every 30 seconds connected to the "Hyper-V-VmSwitch" and "VfpExt" sources. The events show NICs and vSwitches being created and deleted repeatedly with a friendly name of "FSE HostVnic". I cannot find much about what this is.

Let me know if there is any further log information that I can provide.

@erikspigle-payroc
Copy link
Author

@chanpreetdhanjal I just emailed over additional WSL logs generated from collect-wsl-logs.ps1 to go along with the ones collected by collect-networking-logs.ps1

@erikspigle-payroc
Copy link
Author

It has been well over a week since last response to this issue. Are there additional details that I can provide to work towards resolution? We have a large number of engineers affected by this still. People are using various workarounds in the interim (either falling back to WSL1, not ideal, or keeping networkingMode set to NAT and running a workaround PowerShell script to adjust route metrics on the host workstation to get around imposed full VPN tunnel routes).

@chanpreetdhanjal
Copy link

I am not getting the messages. @craigloewen-msft can you please pass along the logs and details? @erik-spigle-payroc our team is on it and we will get back to you as soon as we have an update for you. Thanks!

@erikspigle-payroc
Copy link
Author

Thanks for checking back in. If there is another secure means to send the logs over, I'm happy to pursue another avenue to do-so.

Thanks.

@chanpreetdhanjal
Copy link

Nope we have the logs now.

@J0F3
Copy link

J0F3 commented Feb 8, 2024

@chanpreetdhanjal: Any thing new about this issue?

I can reproduce the issue reliable when disabling IPv6 according to this guide: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows (by setting the Registry Key DisabledComponents to 0xFF)
When IPv6 is disabled through the Registry Key and networkingMode=mirrored is set in .wslconfig then in WSL the loopback interface is the only interface available.

Windows Version: 10.22631.3007 - Windows 11 23H2
WSL Version: 2.0.14.0
Distro Version: Ubuntu 22.04

@erik-spigle-payroc: Maybe you have a similar configuration?
At least the GlobalProtect VPN in Full/Force Tunneling Mode is one thing we have both im common.

@erikspigle-payroc
Copy link
Author

@J0F3: I am seeing the same value in my registry. Now I am wondering if at one point in time our organization was doing something to disable IPv6 (some legacy GPO or the like that may no longer exist). I will compare a bit against one of our newer machines that is not having problems using networkingMode=mirrored.

@erikspigle-payroc
Copy link
Author

erikspigle-payroc commented Feb 8, 2024

@J0F3: You, my friend, may be a huge lifesaver here. We are still internally testing with others, but I found that users who have no issues only have the Dhcpv6DUID value defined directly under the Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters key and nothing else. I wiped out the DisabledComponents value and a couple others (DisableIPSourceRouting and TcpMaxDataRetransmissions just to match with our other friends who have no issues / to match a freshly deployed machine) and rebooted. What do you know, networkingMode=mirrored is now working as advertised. Next stop is to see if we possibly had a GPO getting pushed out in the past to our Hybrid AD joined machines that disabled IPv6.

@J0F3
Copy link

J0F3 commented Feb 8, 2024

@erikspigle-payroc 😄 👍🏻
Wild guess, but I would assume the reason is the GlobalProtect VPN and the switch to the full-tunnel VPN. Most probably IPv6 connectivity is bypassing the VPN because the VPN does not Support IPv6 / has no IPv6 route. So the lazy and easiest "fix" was to disable IPv6 on the client completely. 🙈 At least that is why I ran in this issue...

@keith-horton
Copy link
Member

"When IPv6 is disabled through the Registry Key" - I'm suspecting this is the reason that it's not showing up. I think HNS (which WSL uses to create endpoints through vswitch) requires/assumes both IPv4 and IPv6 interfaces.

@J0F3 : is IPv6 required to be completely unbound?

@erikspigle-payroc
Copy link
Author

erikspigle-payroc commented Feb 13, 2024

I did want to circle back and say we had done some more pilot testing with those who are affected, and we had set the DisabledComponents registry entry to a value of 32 (decimal), which enables IPv6, but prefers IPv4 over it. We're doing this as a stopgap until we're entirely sure that some previous engineers who set this up (some GPO to disable IPv6) didn't have another reason for it before we hopefully arrive at a state where we just get rid of this registry entry and fall on the default behavior that MS recommends, which is keep IPv6 enabled and prefer it over v4.

Otherwise, I think we can consider my issue resolved. It may not hurt to update documents regarding networkingMode=mirrored requiring IPv6 not be disabled in the registry. We're likely not the only organization who may be impacted like this without it being patently obvious that IPv6 being disabled is causing the problem. We had seen no issues with IPv6 disabled when using the default NAT based networking.

@keith-horton
Copy link
Member

@erikspigle-payroc , thank you for confirming!
@J0F3 : can you make a registry change, either just default IPv6 interface creation, or set it as suggested above?

@J0F3
Copy link

J0F3 commented Feb 15, 2024

@keith-horton Unfortunately not. The reason why I cam across this was because my company wants to disable IPv6 completely on the clients because IPv6 connections would bypass the force-tunneling VPN (because the VPN connection is not IPv6 capable).

But I think also that the issue can be considered as resolved because we found the root cause of the issue.
I mean the documentation clearly says:

We do not recommend that you disable IPv6 or its components. If you do, some Windows components may not function.

So WSL with mirror networking mode seems then to be on of that components which I think is perfectly fine. 😊
The only thing which can probably be done is, like @erikspigle-payroc also already wrote, to add a note in the WSL documentation so that it is absolutely clear that the mirror networking mode is dependent of IPv6 to be enabled.

@keith-horton
Copy link
Member

@J0F3 . Thanks. Just FYI, I tested WSL with mirroring enabled after disabling IPv6 with the only known supported way that I know of - using Powershell to disabling the v6 binding:

Set-NetAdapterBinding -Name Wi-Fi -ComponentID ms_tcpip6 -Enabled $false

(just replace "Wi-Fi" with the name of the interface you want to modify - as reported by "Get-NetAdapter")

After running the above and rebooting (sadly, we need a reboot for our FSE driver to see the binding change), WSL continued to work great, and v6 addresses were not assigned.

@keith-horton
Copy link
Member

@J0F3 , could you share the registry value you are changing? I'll look to add to our WSL documentation for v6 support.

@erikspigle-payroc
Copy link
Author

@keith-horton: I am fairly sure he's referring to the information he linked to previously:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows

Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters
Name: DisabledComponents
Type: REG_DWORD
Min Value: 0x00 (default value)
Max Value: 0xFF (IPv6 disabled)

By default, DisabledComponents does not exist, and thus defaults to 0 (IPv6 is not disabled). If you create this REG_DWORD and set it to a value of 0xFF (hex) or 255 (decimal), this will disable the entire IPv6 stack at the OS level (which is different from what you were doing with removing the IPv6 binding from an adapter). If you were to create and set this to 0xFF (hex) or 255 (decimal) and reboot, I would wager you would find that networkingMode=mirrored would no longer work (and you would only see a lo adapter in an Ubuntu WSL2 VM) as IPv6 would be fully disabled at the OS level, no matter how your bindings are set for adapters.

In our case, a prior systems engineer, who is no longer at our company, had created a group policy to apply this REG_DWORD with a value of 0xFF (hex) and deployed it to all workstations. Once we determined that this was the culprit, and we didn't feel there was a compelling reason to have IPv6 fully disabled, we updated the group policy to change the value to 0x20 (hex) or 32 (decimal) to re-enable IPv6, but to prefer IPv4 over IPv6. This worked for us. I'm not sure what setting to the other documented values would do, but the safest tested options on our end are a value of 0 or 0x20 (hex), which both leave IPv6 enabled and thus allow networkingMode=mirrored to work.

@J0F3
Copy link

J0F3 commented Feb 19, 2024

@keith-horton Yes, @erikspigle-payroc is absolutely right. I was referencing the DisabledComponents Registry Key.

disabling IPv6 with the only known supported way that I know of - using Powershell to disabling the v6 binding
Yea, we tried that also and that works - keeps mirror Networking in WSL alive but then there is that statement 🤷🏻‍♂️ 😄:
"Using the network properties GUI to disable IPv6 is not supported" -> https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-ipv6-in-windows#using-the-network-properties-gui-to-disable-ipv6-is-not-supported

Thx!

@SimonCahill
Copy link

Hi there,

I'd just like to add to the conversation, because I've had a similar issue which I was able to resolve.

I'd just activated mirrored networking in my Ubuntu 24.04 instance and then applied the following .wslconfig:

[wsl2]

networkingMode = mirrored
dnsTunneling = true

After rebooting the instance:

simon@ODIN: /home/simon
➜   ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:84:95:1f:5b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 96  bytes 7256 (7.2 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 96  bytes 7256 (7.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

simon@ODIN: /home/simon
➜   ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:84:95:1f:5b brd ff:ff:ff:ff:ff:ff

no interfaces were found.

In this post, IPv6 was mentioned, so I enabled it via the Settings app on my Ethernet and now:

➜   ifconfig
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:84:95:1f:5b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.88.170  netmask 255.255.255.0  broadcast 10.0.88.255
        inet6 fe80::d0f4:38a4:6ec6:9714  prefixlen 64  scopeid 0x20<link>
        inet6 fdc5:40e9:cbfb:eb0b:3058:4320:5b88:a1a9  prefixlen 128  scopeid 0x0<global>
        inet6 fdc5:40e9:cbfb:eb0b:92f:b864:8287:418b  prefixlen 64  scopeid 0x0<global>
        ether 04:7c:16:70:67:ec  txqueuelen 1000  (Ethernet)
        RX packets 10  bytes 574 (574.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 15  bytes 1470 (1.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1420
        inet 10.69.151.59  netmask 255.255.255.255  broadcast 10.69.151.59
        inet6 fc00:bbbb:bbbb:bb01::6:973a  prefixlen 128  scopeid 0x0<global>
        ether 00:15:5d:e0:08:78  txqueuelen 1000  (Ethernet)
        RX packets 14  bytes 888 (888.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 1808 (1.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 508  bytes 38480 (38.4 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 508  bytes 38480 (38.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

loopback0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:15:5d:6a:b6:43  txqueuelen 1000  (Ethernet)
        RX packets 6  bytes 308 (308.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I have more interfaces than ever before.

Maybe this will help someone in the future, although I also feel this is a bug that is potentially caused by my Insiders build.

Windows version info:

Microsoft Windows
version 2342 (0S Build 22635.4145)
Windows Feature Experience Pack 1000.22700.1039.0
@ Microsoft Corporation. All rights reserved.


@Anders-Fromell-ITxPT
Copy link

Anders-Fromell-ITxPT commented Sep 25, 2024

Is there a way to limit or sellect what interfaces that are mirrored ?

I first tried to use the bridged mode,
It worked after creation of a vSwitch (that is my trunk interface (hybrid mode) however it only created wsl interface for the "untagged" network, and I didn't find any information on how to create VLAN interfaces in a wsl. Also there are no information if the vmSwitch settings can take multiple interfaces (Ex. vmSwitch=wsl-WAN, wsl-VLAN100
Also ubuntu netplan does not work in wsl, if it had, it would be easy to add vlan interfaces from the bridged trunk.

My initial intended usage was to have multiple "distros" (clones of ubuntu 22.04) with individual network combinations and tools installed, runnimg as individual (isolated from the host) similar to a linux container)

Maybe wsl is not the tool I need.. Is there another way than using Docker? or full Hyper-V virtualization?

Best regards,
Anders

@keith-horton
Copy link
Member

@Anders-Fromell-ITxPT , mirroring is "on or off" -- internally, network adapters get mirrored, then WSL creates a network device in Linux for those networks.

Mirrored mode today only supports a single WSL instance :(

@Anders-Fromell-ITxPT
Copy link

@Anders-Fromell-ITxPT , mirroring is "on or off" -- internally, network adapters get mirrored, then WSL creates a network device in Linux for those networks.

Mirrored mode today only supports a single WSL instance :(

@keith-horton, thanks for the clarification..
Can you provide som good links about bridge mode and network settings in a wsl with ubuntu 22.04 dist? the ubuntu default "netplan" handling seams to be overrided.. :-(

Best regards,
Anders

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

7 participants