wsl2 with mirrored network cannot connect to vmware workstation virtual machine

wang1zhen commented 5 months ago

Windows Version

Microsoft Windows [Version 10.0.22631.3085]

WSL Version

WSL version: 2.0.14.0 Kernel version: 5.15.133.1-1 WSLg version: 1.0.59 MSRDC version: 1.2.4677 Direct3D version: 1.611.1-81528511 DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp Windows version: 10.0.22631.3085

Are you using WSL 1 or WSL 2?

[X] WSL 2
[ ] WSL 1

Kernel Version

Linux version 5.15.133.1-microsoft-standard-WSL2 (root@1c602f52c2e4) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP Thu Oct 5 21:02:42 UTC 2023

Distro Version

Debian 12

Other Software

VMware® Workstation 17 Pro, 17.5.0 build-22583795

Repro Steps

Start vm (ubuntu 20.04) and start ssh service on it.

systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
     Active: active (running) since Thu 2024-02-01 18:09:32 PST; 4h 35min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 899 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 907 (sshd)
      Tasks: 1 (limit: 9387)
     Memory: 2.3M
     CGroup: /system.slice/ssh.service
             └─907 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

Feb 01 18:09:32 ubuntu systemd[1]: Starting OpenBSD Secure Shell server...
Feb 01 18:09:32 ubuntu sshd[907]: Server listening on 0.0.0.0 port 22.
Feb 01 18:09:32 ubuntu sshd[907]: Server listening on :: port 22.
Feb 01 18:09:32 ubuntu systemd[1]: Started OpenBSD Secure Shell server.

ip address info:

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:2b:17:46 brd ff:ff:ff:ff:ff:ff
    altname enp2s0
    inet 192.168.145.130/24 brd 192.168.145.255 scope global dynamic noprefixroute ens32
       valid_lft 1799sec preferred_lft 1799sec
    inet6 fe80::9e4e:2d4e:f20b:986/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

ssh from wsl2:

ssh -vvv 192.168.145.130
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /home/wang1zhen/.ssh/config
debug1: /home/wang1zhen/.ssh/config line 20: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.145.130 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/wang1zhen/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/wang1zhen/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.145.130 [192.168.145.130] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10

.wslconfig

[wsl2]
networkingMode=mirrored
dnsTunneling=true
autoProxy=true
firewall=true

Expected Behavior

wsl2 ssh to vmware ubuntu successfully.

Actual Behavior

ssh hangs

ssh -vvv 192.168.145.130
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /home/wang1zhen/.ssh/config
debug1: /home/wang1zhen/.ssh/config line 20: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.145.130 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/wang1zhen/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/wang1zhen/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.145.130 [192.168.145.130] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10

However, ssh.exe 192.168.145.130 from windows host or wsl2 both works:

ssh.exe -v 192.168.145.130
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 192.168.145.130 [192.168.145.130] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_rsa type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_ecdsa_sk type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_ed25519_sk type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_ed25519_sk-cert type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\wang1zhen/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
debug1: compat_banner: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.11 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 192.168.145.130:22 as 'wang1zhen'
debug1: load_hostkeys: fopen C:\\Users\\wang1zhen/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:3xtPBNTmzBJw0agVfnBIaXyyz1Y4BSSUw02font6vi0
debug1: load_hostkeys: fopen C:\\Users\\wang1zhen/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host '192.168.145.130' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\wang1zhen/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\wang1zhen/.ssh/id_rsa
debug1: Will attempt key: C:\\Users\\wang1zhen/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\wang1zhen/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\wang1zhen/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\\Users\\wang1zhen/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\wang1zhen/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\\Users\\wang1zhen/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\wang1zhen/.ssh/id_rsa
debug1: Trying private key: C:\\Users\\wang1zhen/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\wang1zhen/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\wang1zhen/.ssh/id_ecdsa_sk
debug1: Trying private key: C:\\Users\\wang1zhen/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\wang1zhen/.ssh/id_ed25519_sk
debug1: Trying private key: C:\\Users\\wang1zhen/.ssh/id_xmss
debug1: Next authentication method: password
wang1zhen@192.168.145.130's password:

Diagnostic Logs

No response

### Tasks

github-actions[bot] commented 5 months ago

Hi I'm an AI powered bot that finds similar issues based off the issue title.

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you!

Open similar issues:

Networking mirrored can't work on WSL2 (#10632), similarity score: 0.76

Closed similar issues:

After using wsl2, VMware cannot access the Internet, and VMware uses bridge mode (#10234), similarity score: 0.75
wsl2 and vmware workstation (#4264), similarity score: 0.73
wsl: Hyper-V firewall is not supported wsl: Mirrored networking mode is not supported, falling back to NAT networking (#10495), similarity score: 0.72
WSL 2.0.6 mirrored network - can not connect to Docker container ports from Windows host (#10683), similarity score: 0.72

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

elsaco commented 5 months ago

@wang1zhen since it fails with set socket 3 IP_TOS 0x10 try connecting with ssh -o IPQoS=none and see if it works.

From the ssh_config man page:

IPQoS
Specifies the IPv4 type-of-service or DSCP class for connections. Accepted values are af11, af12, af13, af21, af22, af23, af31, af32,
af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef, le, lowdelay, throughput, reliability, a numeric value,
or none to use the operating system default. This option may take one or two arguments, separated by whitespace.
If one argument is specified, it is used as the packet class unconditionally. If two values are specified, the first is
automatically selected for interactive sessions and the second for non-interactive sessions. The default is af21
(Low-Latency Data) for interactive sessions and cs1 (Lower Effort) for non-interactive sessions.

wang1zhen commented 5 months ago

ssh -o IPQoS=none

SSH now hangs here:

ssh -vvv -o IPQoS=none 192.168.145.130
OpenSSH_9.2p1 Debian-2+deb12u2, OpenSSL 3.0.11 19 Sep 2023
debug1: Reading configuration data /home/wang1zhen/.ssh/config
debug1: /home/wang1zhen/.ssh/config line 20: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname 192.168.145.130 is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/wang1zhen/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/wang1zhen/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to 192.168.145.130 [192.168.145.130] port 22.

chanpreetdhanjal commented 5 months ago

Hi. Can you please collect networking logs by following the instructions below? https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues

wang1zhen commented 5 months ago

WslNetworkingLogs-2024-02-09_13-04-47.zip

I have uploaded the networking logs according to the instructions here.

microsoft / WSL