microsoft / WSL

Issues found on WSL
https://docs.microsoft.com/windows/wsl
MIT License
17.46k stars 822 forks source link

Full VPN Support with WSL2 #10380

Open martencassel opened 1 year ago

martencassel commented 1 year ago

Is your feature request related to a problem? Please describe. Many people work from home with WSL2 and connect to a corporate networking using VPN. The issues has been that either you choose WSL1 or you have to go to the office.

Describe the solution you'd like Making WSL2 network connectivity seamless work with any VPN solution.

Describe alternatives you've considered The only stable way i've found is https://github.com/sakai135/wsl-vpnkit and Windows 11 Version 22H2 (OS Build 22621.1992). It works but on startup the system will "freeze" for ca 1-2 minutes.

Question Is VPN support on any of your roadmap ?

ascheel commented 1 year ago

https://github.com/deanmcniven/wsl2-vpn-support

Depending on your VPN, the above may work. It's just a PowerShell script that adds the appropriate routes, giving WSL2 network access the way it should.

ThaDaVos commented 1 year ago

I can add that if I use VPN in Windows (before starting WSL 2 - but sometimes also after starting WSL 2) - it also works from within WSL 2 - I used VPN inside Windows and the OpenVPN client, both successfully

liam-baker-sm commented 1 year ago

Usually it works because Windows will create a NAT for your WSL2, and route through the VPN in Windows (i.e. it comes out of the WSL2 NAT, hits the Windows routing table and enters your VPN). The problem I have seen is the IP address range used in WSL2 conflicts with internal network ranges i.e. (172.16.0.0/12) often used in corporate networks.

gwd666 commented 10 months ago

Ok here is my 2 cents (or experience) with this. I/we work behind (http) proxies On-site (ie w/o VPN) all green. From home with VPN (Pulse Secure / Juniper) to corp network -> issues.

Some details (steps taken to try and fix this)! How internet via VPN will work for "some amount of time".
WSL2 internet connectivity will work if there is no vEthernet (WSL) showing up in netsh interface show interface before I connect via VPN. Then I will activate or connect via VPN. netsh interface show interface will now show vEthernet (WSL) as Enabled in State Connected. Everything "roses" ie curl, wget, etc. all work.
BUT as soon as the VPN (even if only for the blink of an eye) looses connection and therefore immediately reconnects again, there is no way (at least I have not found one) to make the WSL2 internet connectivity work again (ie proxy sever can no longer be found, etc) EXCEPT rebooting the computer, which will remove ie again no longer showing the vEthernet (WSL) interface in the list [again].
Things I tried so far to avoid having to reboot/restart the PC.
disable/enable vEthernet (WSL) in Powershell elevated terminal Restart LxssManager
additional info: this was done in all available combinations of wsl --shutdown and VPN connect/disconnect you can think of or find on the internet. All to no avail - still the only fix -> reboot until next VPN connection loss and reconnect that breaks it.
The VPN connection loss and reconnect breaking the WSL2 internet connectivity afaict is not a "surprise" since starting WSL2 before being connected via VPN (ie this way creating an existing vEthernet (WSL) interface before there's a VPN involved) and then starting VPN connection afterwards will also result in WSL2 internet connectivity being dead.

Looking fwd to solution ideas ...

jabulon commented 9 months ago

I've struggled with this for several months. It seems that a recent update to WSL offers experimental features which resolve the issue for me. I'm using WSL2 on Windows 11 with Cisco AnyConnect VPN. In my environment, I've added the following flags to my C:\Users\_username_\.wslconfig file:

[experimental]
networkingMode=mirrored
dnsTunneling=true
joeybinz commented 9 months ago

This solution worked perfectly for me! I have been following this thread for a few months hoping for a solution to this issue and was far too excited that this worked haha. Thanks.

sgavathe commented 7 months ago

This may not be your problem but after trying numerous very different things, this was my problem. I had these experimental settings and I am on OpenVPN. I commented those in wsl.conf and everything started to flow.

https://learn.microsoft.com/en-us/windows/wsl/troubleshooting#wsl-has-no-network-connectivity-once-connected-to-a-vpn

#[experimental]
#networkingMode=mirrored
#dnsTunneling=true
#autoProxy=true
WSL connectivity issues with VPNs when Mirrored networking mode is on
Mirrored networking mode is currently an experimental setting in the WSL Configuration. The traditional NAT networking architecture of WSL can be updated to an entirely new networking mode called “Mirrored networking mode”. When the experimental networkingMode is set to mirrored, the network interfaces that you have on Windows are mirrored into Linux to improve compatibility. Learn more in the Command Line blog: WSL September 2023 update.

Some VPNs have been tested and confirmed to be incompatible with WSL, including:

"Bitdefender" version 26.0.2.1
"OpenVPN" version 2.6.501
"Mcafee Safe Connect" version 2.16.1.124
liam-baker-sm commented 7 months ago

Thanks for that information, mirrored mode looks interesting. Our current fix is to set a registry key to move the NAT to 192.168.240.0/20 This keeps WSL addresses away from our corporate and most home networks.

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Lxss
NatGatewayIpAddress 192.168.240.1
NatNetwork 192.168.240.0/20
gwd666 commented 7 months ago

update installed wsl2 with "experimental" vpn support here are the details

WSL version: 2.2.1.0 as well as 2.2.2.0
Kernel version: 5.15.150.1-2
WSLg version: 1.0.60
MSRDC version: 1.2.5105
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows version: 10.0.19045.4170

Still same issue - once the VPN gets "disconnected" (means usually due to some network stability issue - since not all network connections are 100% stable a 100% of the time) and then the vpn app re-connects itself the WSL connections are gone/dead. Only restarting PC will bring them back until the next network glitch.

dragz commented 3 months ago

I can confirm that networkingMode=mirrored mentioned above seems to solve my issues with VPN and WSL2. I've had two issues with networking/VPN/WSL2 in the six weeks using this setup where ssh and az (Azure cli) stops working while telnet and other network services like DNS works fine. Running the command

ipconfig /release

seems to resolve the problem.

I'm using Cisco Anyconnect.

ygmarchi commented 3 months ago

I've read the dns configuration in my openvpn log and configured /etc/resolv.conf accordingly, after disabling automatic generation in /etc/wsl.conf. That's the only way the worked for me, pretty empirically.

madscientist42 commented 2 weeks ago

Five years since these issues showed up. NO fixes. (I don't consider needing to reboot it all when you lose the VPN for any reasons as it being fixed...)

I mean, c'mon- VirtualBox manages this one thing right. And right now even. It's such that if I thought I could get my employer to sign off on a Linux box with their Win10 Enterprise install living in a VirtualBox sandbox, I'd go that way.