-
Notifications
You must be signed in to change notification settings - Fork 823
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS server coming from vpn network is not reflected in WSL #1350
Comments
@asvetliakov - Thanks for reporting the issue. Yes, we are aware of issues with VPN, as you can also see in #416. We are actively working on a solution for this. @misenesi as FYI. |
Hi @asvetliakov, could you please provide output when you do: ipconfig /all ? I have a fix prepared for this, but need to verify that your VPN networking interface is reported as point-to-point interface. |
The one with name 'freechat.com' is my VPN |
Thank you @asvetliakov . I have checked in a fix that will address some of the VPN DNS resolving issues, including yours. Currently for DNS resolving we update /etc/resolv.conf from the service. In this fix I added the capability to manually modify the /etc/resolv.conf file if you wish so, disabling its automatic regeneration. However, due to how DNS resolving works for various VPN solutions, this fix will only work with strict force tunnel VPN that do not hide their DNS servers for privacy or security reasons. I have a proposal for better solution that is currently under discussion that would work for all VPN scenarios. |
@misenesi With creators update installed, the automic generation cannot be disabled on my system. Even if I remove the first line, it still get regenerated every single time. It's working for /etc/hosts though. |
@blemasle - @misenesi is no longer with MSFT. Here is the background. By default, bash.exe will auto-generate |
I don't know if this is still a problem for anyone else. I am on build 16232.rs_prerelease.170624-1334 using WSL with Ubuntu 16.04.2 LTS from the Windows Store and CISCO AnyConnect version 21.12020 , and I still can't connect. I tried removing the commented line in |
The problem I'm seeing is that the ordering of the dns servers is incorrect when the vpn is connected. as a reslult, I can't resolve any of the hosts behind the vpn. I'm running windows 15063.483 with Cisco Anyconnect. The dns bindings in windows are the following:
in ubuntu the are the following:
|
If you are connected to a VPN and lose connectivity within bash, please try the workaround posted here. It should work for Creators Update and above. Post Fall Creators Update, we will be looking at a better support for other VPN solutions. Thanks to @bradley101, who first pointed out the workaround. |
Thank you that works around that. The only other thing is to get the list of domain suffixes, but that is 2nd order. |
here's a more automatic workaround that works for me - in my case I only ever connect to one VPN at a time and its nameserver is at the very end of /etc/resolv.conf, which of course is no good. YMMV but, first... create a file in /etc/sudoers.d with allowing your username to run sudo with no password; you can restrict this to specific commands if you want but I do it for all (please adjust for your needs). For example let's say your username is linux, so create the file /etc/sudoers.d/00-linux (you can call this whatever you want), with the following text in it:
you'll need to of course sudo to root to create that file. Be sure to replace "linux" with whatever your username is in WSL. Close the shell and all instances of WSL and run a new one, and try it - type sudo -s Next, create this python file in your home directory = call it resolv_flip.py :
finally, add this to the end of your ~/.bashrc file:
from that point forward every time you run the WSL shell it will flip the nameservers so that anything that doesn't start with 8. will be at the top, but it won't disturb the comment header that is used to autogenerate the file (because we need that information in order for this to work). It's not perfect but it works fine for me, and it's dead simple. Enjoy, |
Don't forget to make /etc/resolv.conf file immutable after editing to avoid Windows overwrite it
I also was struggling with using wireguard tunnel |
This comment has the solution that worked best for me on WSL2 |
|
don't forget to make sure your VPN's |
Here's my solution, it takes what @cod3monk3y did, and makes it automatic it so you don't have to run anything manually anymore. It's geared towards the Cisco AnyConnect client, so if you you're using something different, you would just need to figure out the events in the event log to trigger off of. https://www.frakkingsweet.com/automatic-dns-configuration-with-wsl-and-anyconnect-client/ |
Works like a charm, thanks. |
This comment was marked as outdated.
This comment was marked as outdated.
isn’t wsl-vpnkit working for you? |
A reboot fixed it 🤷♂️ |
All the presented "solutions" seem to involve modifying resolv.conf. The default(?) WSL setup has resolv.conf pointing to an internal IP address, and the same address is also used as default route. The failure seems to be that WSL (which handles this internal routing and DNS server / proxy) is not tracking resolver changes on the windows side. All the modifications to resolv.conf are just workarounds for WSL's failure, not fixes to WSL. Why are windows applications able to track resolver changes, but WSL isn't? |
Hi, is the VPN in development plan? We are waiting for this. |
unlike #2884 (comment) which push DNS from Windows to WSL hope it helps ;) |
Thanks. Still I would need something more instant for enterprise environment. |
For me the new WSL2dns tunneling feature solved the problem, see https://learn.microsoft.com/en-us/windows/wsl/wsl-config#main-wsl-settings Add the following to # Settings apply across all Linux distros running on WSL 2
[wsl2]
# Changes how DNS requests are proxied from WSL to Windows
dnsTunneling=true |
Thanks for pointing that out. Unfortunately, it's only available in Windows 11. 😢 |
This was the only think that have worked for me and resolved the issue. |
Guys, are there any plans to completely fix this issue in the future? |
Hi ! Please try the latest networking features that we've added in WSL. Those should greatly improve compatibility with VPN's. If the issue still remains, please reopen this issue. |
That link doesn't state it, but the linked page "Advanced settings configuration in WSL" makes it clear that these settings require Windows 11. @OneBlue do you know if there are plans to support |
Unfortunately, those features won't be backported to Windows 10. |
unfortunately I'm stuck with corporate windows 10 for another year or two
sigh...
…On Wed, May 15, 2024, 20:19 Blue ***@***.***> wrote:
@OneBlue <https://github.com/OneBlue> do you know if there are plans to
support dnsTunneling and autoProxy on Windows 10?
Unfortunately, those features won't be backported to Windows 10.
—
Reply to this email directly, view it on GitHub
<#1350 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABTBB5KPUO74RBM2S7XWEDZCORMFAVCNFSM4CWBLNU2U5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TEMJRGMYTMNJSHE4Q>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Don't be too sad about it, it is not sure that it will fix the issues anyways. I am currently using Citrix Secure Access and I still have to use wsl-vpnkit to get connectivity when on the VPN.
|
|
What about WSL 1? Due to the filesystem performance issue in WSL 2, it remains unusable for my needs. If I'm understanding this new feature correctly, it's only available to WSL 2. This issue is rather frustrating, as it doesn't always not work with a VPN. I was testing earlier connecting and disconnecting VPN (OpenVPN Connect) and the Using I would be happy with something as simple as a command that just resets the process that's supposed to sync the DNS settings. At least if I could do that, I could automate it and wouldn't need to shut down WSL entirely. If someone knows a way to do this, it would be greatly appreciated. I certainly shouldn't need to use my own or a third party script to update the file, when it actually does work some of the time. |
A brief description
I've L2TP/IPsec vpn connection without default gateway set and own DNS server
Expected results
Bash should add VPN DNS IP to /etc/resolv.conf
Actual results (with terminal output if applicable)
No VPN DNS IP in /etc/resolve.conf . It works though if i set "use default gateway on remote network" (generally i don't want) setting in vpn configuration.
Your Windows build number
14965.1001
The text was updated successfully, but these errors were encountered: