-
Notifications
You must be signed in to change notification settings - Fork 823
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WSL2 , problem with network connection when VPN used (PulseSecure) #5068
Comments
Does anyone can help ...? |
I'm troubling with the samilar problem here. It's frustrating |
same problem, wsl1 working fine, all the distros in wsl2 is not connecting to internet |
I am having a similar issue when I'm on the GlobalProtect VPN connection to our corporate network. One workaround I've found is to add the IP for your router to /etc/resolv.conf as a nameserver entry. |
Same here, seems to be intermittent though. Also have docker desktop running and stopping that has fixed it a couple of times but not always. |
i have the same problem |
Same problem here. WSL2 can't access internet after connecting to VPN. If I turn it off, things are OK again. Using windows VPN configuration (IKEv2), no special VPN app. |
Latest pulse secure vpn client for corp vpn connection and experiencing the same issue. |
Same issue happens on released Windows 10 2004, run Ubuntu 20.04 on WSL2 when connect to Pulse Secure. I have tried solutions mentioned in |
same problem for me, cisco anyconnect vpn client running Windows 10 2004 WSL2 Ubuntu 18.04 and 20.04 |
Interestingly i can curl http sites while on vpn but not https. |
okay it is resolve for me, apparently IT had a transparent url filtering proxy when i am connected to VPN and needed bypass, it also works when i set http_proxy/https_proxy and proxy for apt within WSL2 to the corp proxy. |
@peterhorvath is your anyconnect setup to use full tunnel? |
it is pulse secure vpn but yes it is full tunnel.
|
I'm having same issues, have read multiple reports on here and elsewhere. Everything worked against Cisco AnyConnect when using WSL v1. After upgrading to latest Windows and updating to WSL v2, my internet connectivity inside WSL is broken. I'm in split-tunnel mode, but will try full-tunnel. |
When WSL2 is started after connecting to VPN through Pulse Secure, WSL2 can access the Internet, but not https. |
if you have corporate proxy try to set http_proxy in WSL2
talk to your IT team, (out comapny using mcafee web gateway and client proxy) |
I have same problem..frustrated |
Same problem here, with CiscoAnyconnect... |
I have exactly same issue and solved it by
No issue so far |
our windows store is blocked O_o |
I'm using a straight Windows IPSec VPN connection to my organisation and I too am unable to do anything from my WSL2 container once the VPN is initiated. Is there anything settings I can change on the Hyper-v vEthernet adapter to work around this? EDIT: A little more context:
I don't think the VPN and vEthernet adapters are clashing.... VPN is on |
@daviddyball check route print on your windows. you might have clash in your routing table |
Looking into it more I'm starting to think that the issue is that my VPN is using a clashing subnet (thanks @peterhorvath for pointing me in that direction) Given that I think this issue also relates to #4467, in that we need some form of configurability on the Hyper-V vSwitch to say "I want this subnet". Right now it appears that it's completely up to chance whether we get a conflicting network segment or not. |
Hey, thanks for sharing this. Here |
in my case whatever.com is not the vpn gateway but the corporate web proxy on the VPN network. |
My corporate VPN forces setting routes to 172.16.0.0/12 to use the VPN as gateway. This means that if VPN is started after the WSL vEthernet, adapter I lose all network connectivity inside my WSL2 distributions. The only workaround I've found (that doesn't require administratore rights) is to start the VPN before any WSL distribution and reboot after disconnecting from the VPN. It would be great if it was possible to configure WSL to another range of networks. |
@pmakholm I know it's not ideal, but your steps have at least got me the ability to use WSL, so thanks ❤️ |
Hmm well, I only have the gateway and my credentials to connect to my VPN. Guess I gotta figure out something else. Thanks! |
I have the solution to the Cisco VPN Anyconnect thanks to this blog post: https://jamespotz.github.io/blog/how-to-fix-wsl2-and-cisco-vpn Given that you have the correct DNS server in the /etc/resolv.conf, the solution in the blog will work. |
It's helped me, thank you |
You shouldn't change the Interface-Metric due to the than different routing. See the following blogpost for explanation: https://janovesk.com/wsl/2022/01/21/wsl2-and-vpn-routing.html The problem of not using the correct DNS-Server is properly explained and the suggested solution should be used from networking point of view. For the IP-Range problem you have only the following two options:
How second could work, is shown in this Microsoft Q&A: https://learn.microsoft.com/en-us/answers/questions/1123820/set-wsl2-subnet TLDR: Change SubNet of WSL NAT-Router to a different one which does not collide with your Company-VPN subnet. To do so got to regedit and edit the following entries: Again: Please don't change the InterfaceMetric! |
had same problem before the latest(windows 11 7/12/2023) updates I've installed today, now wsl2 work under GlobalProtect |
For me the update did not helped, just updated (12th July 2023) Win11 Pro to Version 10.0.22621 Build 22621 |
Thank you !!!! That was EXACTLY my problem : could not SSH to my home server from WSL when using WireGuard on my Windows host. So if I understand well it would be a MTU problem ? I would be interested in finding the root cause but I am not sure this issue is the right place ? |
+1 when using Citrix Secure Access (VPN). I downgraded to WSL V1 for now. UPDATE: Found a way for this to work (WSL2). Details here: #10104 |
I had problem with openvpn connect, changed to openvpn community client and problem disappear. |
@dylangovender , downgrading to WSL v1 is not a feasible option for most everybody. My understanding is that it uses a vastly different network stack. |
I was not suggesting others downgrade, I was merely explaining what worked for me. Also, I did update my post later with a fix that is working with WSL2. |
Your XML query structure needs tweaked a bit. Naturally, use your GUID, but try:
Great lead though! |
Hi folks, we have put out a new update that aims to address networking issues in WSL. In your More info on this release and the changes can be found here in the blog post. |
lol |
Any indication when the WSL2 changes are going to move beyond Canary ? |
These new networking features are now available on the latest version of Win11 22H2! Please make sure you're on the latest build to get these features, you can do that by clicking "Check for Updates" in Windows settings. You can check you have the right build by either ensuring you have KB5031354 installed, or run |
Are there any plans to make these new networking features available in Win10 22H2? |
Currently these features are Win11 only, we are investigating ways to see if we can make them available to earlier versions as well. |
I have Win11 now with build number is 22621.2428, I tried out these new features ( |
Ditto here, I ran into the same problem after updating to the same version of Win11. It would be helpful if someone could show an example of a |
Sorry for the VPN compat issues. It's a hard problem with some VPNs. I would consider trying changing the interface metrics & route metrics so that the WSL virtual NIC is preferred over the VPN interface. Thanks. |
Same as folks here, we are using corporate VPN IvantiSecure (formerly Pulse secure), we fixed the issue thanks to experimental features as @craigloewen-msft advised. .wslconfig:
Version:
Version 2.0.9 is pre-release, install it with Edit [2023.11.19]: Now it's my docker containers with port forwarding that are not working 😫, workaround above is not ready for Docker users. |
A warning to people, not sure if it is due to some corporate configuration. But my system became unusable after enabling networkMode mirrored and it didn't work when disabling again. So I had to reinstall my system (did this twice to realise this was the cause). After I have used networkMode mirrored, processes that normally idle was eating all the CPU with Network Store Interface Service clearly taking the lead. Rebooting the computer didn't help and same behaviour occurred as soon as Windows was launched. Any operation was lagging, clicking the start menu, sometimes even right click anywhere resulting in a crashed process. Uninstalling WSL didn't resolve this either. Me or the technicians couldn't find any way to get it back in a working state. So networkMode=mirrored is doing something that it doesn't revert after being disabled. Edit/Update:
|
Related problem "here" with CheckPoint VPN. When the network is enabled, the Ubuntu machine can use the VPN network, but it "slows down" when packets start to walk the VPN. If I try to copy a "big" file (hundreds of megabytes) from the WSL guest to a remote machine, it initially works properly (about 10Mb/sec), then it progressively slows down to just a few Kb/sec. |
Don't know if anyone still needs this, but this helped me https://jamespotz.github.io/blog/how-to-fix-wsl2-and-cisco-vpn (Cisco AnyConnect) |
I'm not 100% certain, but have just had (temporary?) success in getting all networking functioning when I went from WireGuard back to OpenVPN, and also disabled Split Tunnels. Since I changed two things, not certain which one helped. But DNS and Internet connectivity available from PS prompt, WSL prompt, and all browsers working again. Suspecting split tunneling, as at one point just before the reboot, I had Chrome browser working, but not Brave browser (they were configured explicitly differently in split tunneling). |
I'm using MS v. 2004 (build 19041) with UBUNTU linux on WSL2.
When I don't use VPN on windows , everything is fine - I have internet connection on windows and wsl2 ubuntu.
But when established connection via VPN (on windows) then on windows still is OK - I have both internet and vpn connection , but on Ubuntu there is no network connection at all (no internet , no vpn access).
I suspect there is a problem with NAT (on Hyper-V default switch)
Any idea what could be wrong ?
Additionally: on wsl1 everything worked fine (also when VPN enabled)
Currently on wsl2 it looks like this :
fibu@DESKTOP-3N4US3P:/mnt/c/Users/fibu2$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.30.123.209 netmask 255.255.240.0 broadcast 172.30.127.255
inet6 fe80::215:5dff:fe41:b550 prefixlen 64 scopeid 0x20
ether 00:15:5d:41:b5:50 txqueuelen 1000 (Ethernet)
RX packets 263 bytes 27705 (27.7 KB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 223 bytes 34352 (34.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 2 bytes 56 (56.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 56 (56.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
fibu@DESKTOP-3N4US3P:/mnt/c/Users/fibu2$
fibu@DESKTOP-3N4US3P:/mnt/c/Users/fibu2$ ping google.com
ping: google.com: Temporary failure in name resolution
fibu@DESKTOP-3N4US3P:/mnt/c/Users/fibu2$
fibu@DESKTOP-3N4US3P:/mnt/c/Users/fibu2$ netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.30.112.1 0.0.0.0 UG 0 0 0 eth0
172.30.112.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
fibu@DESKTOP-3N4US3P:/mnt/c/Users/fibu2$ cat /etc/resolv.conf
nameserver 172.30.112.1
fibu@DESKTOP-3N4US3P:/mnt/c/Users/fibu2$
The text was updated successfully, but these errors were encountered: