Open eclay11 opened 5 years ago
KinIcy
commented
4 years ago Jason, I would rather simply install Cisco AnyConnect from Microsoft Store. it simple works without any hassle.
I tried that, but my company requires logging into Okta to connect to VPN. This was not possible with the store version.
matheuscanela
commented
4 years ago One way to workaround this is for me was:
cat << EOF | sudo tee -a /etc/wsl.conf [network] generateResolvConf = false EOFecho "nameserver <CORP DNS SERVER>" > /etc/resolv.confand... in elevated windows every single time I connect to to VPN 😢 (fortunately, not very often)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
that worked for me!
phueac
commented
4 years ago I worked around this using the following PowerShell script hack:
# Set the interface metric for the virtual WSL network (named "vEthernet (WSL)" by default) to the highest possible priority
Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" | Set-NetIPInterface -InterfaceMetric 1
# Set the interface metric for the virtual network interface created by Cisco AnyConnect (named "Ethernet 2" on my machine) to a much lower priority
$VPNInterfaceName = "Ethernet 2"
Get-NetIPInterface -InterfaceAlias $VPNInterfaceName | Set-NetIPInterface -InterfaceMetric 5001Unfortunately, like @matheuscanela mentions above, you have to run this after you connect to the VPN each time.
I'm not sure if the fault lies more with WSL or Cisco AnyConnect, but it would be great not to have to resort to hacky workarounds for this.
chrisjones-brack3t
commented
4 years ago @phueac You sir deserve a cookie or something. This finally works for me. Without setting the priority on the WSL connection, VSCode + WSL was broken for me.
I'm using the standard Anyconnect client, 2FA via Okta. I set the corp DNS in resolv.conf. Connect to VPN and run the metric commands for both Anyconnect and WSL and things are finally all working. It would be great if MS or Cisco actually fixed this, but for now at least I can work.
shelper
commented
4 years ago I worked around this using the following PowerShell script hack:
# Set the interface metric for the virtual WSL network (named "vEthernet (WSL)" by default) to the highest possible priority Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" | Set-NetIPInterface -InterfaceMetric 1 # Set the interface metric for the virtual network interface created by Cisco AnyConnect (named "Ethernet 2" on my machine) to a much lower priority $VPNInterfaceName = "Ethernet 2" Get-NetIPInterface -InterfaceAlias $VPNInterfaceName | Set-NetIPInterface -InterfaceMetric 5001Unfortunately, like @matheuscanela mentions above, you have to run this after you connect to the VPN each time.
I'm not sure if the fault lies more with WSL or Cisco AnyConnect, but it would be great not to have to resort to hacky workarounds for this.
Does not work for me... even i have the below output saying the command is run correctly...
ifIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp ConnectionState PolicyStore
------- -------------- ------------- ------------ --------------- ---- --------------- -----------
59 vEthernet (WSL) IPv6 1500 1 Enabled Connected ActiveStore
59 vEthernet (WSL) IPv4 1500 1 Disabled Connected ActiveStore
66 vEthernet (Ethernet 2) IPv6 1500 5001 Enabled Connected ActiveStore
66 vEthernet (Ethernet 2) IPv4 1500 5001 Disabled Connected ActiveStore
eladavron
commented
4 years ago The metering solution (scripted or otherwise) worked fine for a couple of days and then suddenly stopped. Nothing I do at the moment brings back the connectivity. :-(
matheuscanela
commented
4 years ago Hi folks,
I may have a solution to run the script automatically :)
Basically, I have created a Windows Task to fire every time that a Cisco Connected event is registered from the Cisco client. I am not sure if it will fit everyone here as we may have different versions; however, it is worth trying.
cisco.ps1 script
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
Command to run
powershell.exe -executionpolicy bypass -file "C:\cisco.ps1"
Next steps
Fully automated solution hahahah
shelper
commented
4 years ago i have a problem even worse, my tracepath only show the localhost in my wsl2 env....
~/develop tracepath 8.8.8.8
1?: [LOCALHOST] pmtu 1500
1: no reply ...for me it was working for a while without any custom configuration and suddenly, connection in wsl2 stopped working.
another thing is i found if i use the wsl2 vm installed by docker-desktop (the distro name is called docker-desktop, which is installed when you install docker desktop from https://hub.docker.com/editions/community/docker-ce-desktop-windows ), then the connection within that distro is fine... so there must be some configuration that controls that.
abhijeetchopra
commented
4 years ago Replacing the SSL VPN client from Cisco AnyConnect to OpenConnect worked for a colleague.
sumitkumarm
commented
4 years ago Yes we are tracking this and are looking into solutions with the networking team! I'll post any updates here as soon as they become available.
Hey @craigloewen-msft , wondering if there's an update to this. The Microsoft Store version of Cisco AnyConnect VPN seems to work better, but the UX requires multiple steps unlike the native Cisco client. If not a perm fix, at least a recommended workaround will be great.
Thanks!
shelper
commented
4 years ago i found wsl2 distro created by docker-desktop works fine with vpn.
StevenSong
commented
4 years ago Hi folks,
I may have a solution to run the script automatically :)
Basically, I have created a Windows Task to fire every time that a Cisco Connected event is registered from the Cisco client. I am not sure if it will fit everyone here as we may have different versions; however, it is worth trying.
cisco.ps1 script
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000Command to run
powershell.exe -executionpolicy bypass -file "C:\cisco.ps1"Next steps
- Update the ps1 script to collect the DNS and update a file inside the Ubuntu Image
- Then, create a trigger inside the Ubuntu image to update the /etc/resolv.conf with the correct DNS
Fully automated solution hahahah
This solution works amazingly for me!
A friendly tip though if you use a laptop on battery to disable the option "Start only if on AC power" - I spent a little too long figuring this out
Edit: Additionally, if you're using battery saver mode on your laptop, windows 10 delays scheduled tasks until the system is no longer in battery saver mode. the tasks are delayed on battery saver if any of the following are true for the task (microsoft docs):
I had to run only when the user is logged on for my laptop on battery saver
This creates a new issue if the user is set to your account, when the task is run, it opens the powershell window which I find annoying. I changed the user in the task to SYSTEM which resolves it
rtellez91
commented
4 years ago I worked around this using the following PowerShell script hack:
# Set the interface metric for the virtual WSL network (named "vEthernet (WSL)" by default) to the highest possible priority Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" | Set-NetIPInterface -InterfaceMetric 1 # Set the interface metric for the virtual network interface created by Cisco AnyConnect (named "Ethernet 2" on my machine) to a much lower priority $VPNInterfaceName = "Ethernet 2" Get-NetIPInterface -InterfaceAlias $VPNInterfaceName | Set-NetIPInterface -InterfaceMetric 5001Unfortunately, like @matheuscanela mentions above, you have to run this after you connect to the VPN each time.
I'm not sure if the fault lies more with WSL or Cisco AnyConnect, but it would be great not to have to resort to hacky workarounds for this.
Hi, thanks for this; it worked but the connection is really slow. Is this the behaviour of the command? I'm using wifi, when I'm not in the VPN my download speed is up to +20mb, but with the vpn it rarely exceeds 8mb
phueac
commented
4 years ago Hi @rtellez91, in my experience traffic over the VPN is often much slower then without the VPN, even when not using WSL at all. This is probably more of a VPN congestion/configuration issue on the corporate side, I don't think my PowerShell commands have any effect on speed.
ReyoungLee
commented
4 years ago I was able to resolve this by installing anyconnect pwa from the windows store the vpn connection now works with WSL when my stand alone installation of anyconnect 4.6 does not work... hope this helps someone
OMG you really saved me. thank you very much
PeterTaps
commented
4 years ago Just installed wsl 2 (Ubuntu 18.04). I am using Cisco AnyConnect. I cannot get domain lookup to work at at all.
When not connected to VPN, nslookup works on host as well as guest OSes. When connected to VPN, nslookup works on host but NOT on guest.
Figured there is a problem with domain nameserver resolution (as has been suggested here). So I tried a simple test:
On the host machine, enter nslookup. It shows the nameserver address as 123.45.67.89.
On the guest system:
$ nslookup
> server 123.45.67.89
> yahoo.comIt just times out.
If this basic test doesn't work, there is no point in updating resolv.conf.
To make sure it is not really a problem with Cisco VPN, I ran a guest OS under VMWare workstation. I don't see any nslookup issues in this guest OS.
So the problem seems to be with wsl.
Does anyone have any thoughts?
Thanks Peter
jagimene
commented
4 years ago I was having the same issue; i found that Anyconnect was setup to do full-tunnel, and therefore a route existed to throw all traffic through the VPN connection (likely including packets destined for the WSL2 vm).
WSL2 routes are configured with a metric of 5256, and anyconnect routes have a metric of 2, and therefore take priority. I amended the routes for anyconnect (where metric == 2) to be 5257 instead, which seems to largely work. I used "NetRouteView" run as Admin to do the changes because I was too lazy to find the powershell equivilent commands :)
Windows Routes before:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.80 45 0.0.0.0 0.0.0.0 On-link 10.61.168.144 2 10.61.168.144 255.255.255.255 On-link 10.61.168.144 257 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 144.254.221.45 255.255.255.255 192.168.0.1 192.168.0.80 46 169.254.0.0 255.255.0.0 On-link 169.254.255.180 281 169.254.0.0 255.255.0.0 On-link 10.61.168.144 2 169.254.255.180 255.255.255.255 On-link 169.254.255.180 281 169.254.255.255 255.255.255.255 On-link 169.254.255.180 281 169.254.255.255 255.255.255.255 On-link 10.61.168.144 257 172.21.48.0 255.255.240.0 On-link 172.21.48.1 5256 172.21.48.0 255.255.240.0 On-link 10.61.168.144 2 172.21.48.1 255.255.255.255 On-link 172.21.48.1 5256 172.21.63.255 255.255.255.255 On-link 172.21.48.1 5256 172.21.63.255 255.255.255.255 On-link 10.61.168.144 257 192.168.0.0 255.255.255.0 On-link 192.168.0.80 301 192.168.0.0 255.255.255.0 On-link 10.61.168.144 2 192.168.0.1 255.255.255.255 On-link 192.168.0.80 46 192.168.0.80 255.255.255.255 On-link 192.168.0.80 301 192.168.0.255 255.255.255.255 On-link 192.168.0.80 301 192.168.0.255 255.255.255.255 On-link 10.61.168.144 257 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 169.254.255.180 281 224.0.0.0 240.0.0.0 On-link 192.168.0.80 301 224.0.0.0 240.0.0.0 On-link 172.21.48.1 5256 224.0.0.0 240.0.0.0 On-link 10.61.168.144 257 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 169.254.255.180 281 255.255.255.255 255.255.255.255 On-link 192.168.0.80 301 255.255.255.255 255.255.255.255 On-link 172.21.48.1 5256 255.255.255.255 255.255.255.255 On-link 10.61.168.144 257 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 169.254.0.0 255.255.0.0 169.254.246.207 1 169.254.0.0 255.255.0.0 192.168.0.145 1 169.254.0.0 255.255.0.0 192.168.0.190 1 169.254.0.0 255.255.0.0 192.168.56.1 1 ===========================================================================Windows routes after:
IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.80 45 0.0.0.0 0.0.0.0 On-link 10.61.168.144 5257 10.61.168.144 255.255.255.255 On-link 10.61.168.144 257 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 144.254.221.45 255.255.255.255 192.168.0.1 192.168.0.80 46 169.254.0.0 255.255.0.0 On-link 169.254.255.180 281 169.254.0.0 255.255.0.0 On-link 10.61.168.144 5257 169.254.255.180 255.255.255.255 On-link 169.254.255.180 281 169.254.255.255 255.255.255.255 On-link 169.254.255.180 281 169.254.255.255 255.255.255.255 On-link 10.61.168.144 257 172.21.48.0 255.255.240.0 On-link 172.21.48.1 5256 172.21.48.0 255.255.240.0 On-link 10.61.168.144 5257 172.21.48.1 255.255.255.255 On-link 172.21.48.1 5256 172.21.63.255 255.255.255.255 On-link 172.21.48.1 5256 172.21.63.255 255.255.255.255 On-link 10.61.168.144 257 192.168.0.0 255.255.255.0 On-link 192.168.0.80 301 192.168.0.0 255.255.255.0 On-link 10.61.168.144 5257 192.168.0.1 255.255.255.255 On-link 192.168.0.80 46 192.168.0.80 255.255.255.255 On-link 192.168.0.80 301 192.168.0.255 255.255.255.255 On-link 192.168.0.80 301 192.168.0.255 255.255.255.255 On-link 10.61.168.144 257 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 169.254.255.180 281 224.0.0.0 240.0.0.0 On-link 192.168.0.80 301 224.0.0.0 240.0.0.0 On-link 172.21.48.1 5256 224.0.0.0 240.0.0.0 On-link 10.61.168.144 257 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 169.254.255.180 281 255.255.255.255 255.255.255.255 On-link 192.168.0.80 301 255.255.255.255 255.255.255.255 On-link 172.21.48.1 5256 255.255.255.255 255.255.255.255 On-link 10.61.168.144 257 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 169.254.0.0 255.255.0.0 169.254.246.207 1 169.254.0.0 255.255.0.0 192.168.0.145 1 169.254.0.0 255.255.0.0 192.168.0.190 1 169.254.0.0 255.255.0.0 192.168.56.1 1 ===========================================================================This restored connectivity, but I found DNS to still be broken with the WSL default resolvconf (
nameserver 172.21.48.1) so i dropped innameserver 1.1.1.1instead which seems OK. Will likely replace this with the work DNS for work resources to resolve nicely :) and now full connectivity is working; no additional changes needed; but this likely will need applying each time I start anyconnect.
this works, thanks
elnotcho
commented
4 years ago I worked around this using the following PowerShell script hack:
# Set the interface metric for the virtual WSL network (named "vEthernet (WSL)" by default) to the highest possible priority Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" | Set-NetIPInterface -InterfaceMetric 1 # Set the interface metric for the virtual network interface created by Cisco AnyConnect (named "Ethernet 2" on my machine) to a much lower priority $VPNInterfaceName = "Ethernet 2" Get-NetIPInterface -InterfaceAlias $VPNInterfaceName | Set-NetIPInterface -InterfaceMetric 5001Unfortunately, like @matheuscanela mentions above, you have to run this after you connect to the VPN each time.
I'm not sure if the fault lies more with WSL or Cisco AnyConnect, but it would be great not to have to resort to hacky workarounds for this.
The int metric hack didn't work for me. Had to revert to wsl 1. Employer/secops requires their implimentation of AnyConnect. :-(
jsteenri
commented
4 years ago WSL2 routes are configured with a metric of 5256, and anyconnect routes have a metric of 2, and therefore take priority. I amended the routes for anyconnect (where metric == 2) to be 5257 instead, which seems to largely work.
The workaround from @dalgibbard did not work in my case... Even with the same external 'NetRouteView' program, when it did not error on "Can't find file" (yes, was Administrator), it actually caused a VPN disconnect which gave the appearance of restoring functionality. I was unsuccessful in finding the right power shell commands to match; "Set-NetRoute -RouteMetric N" is NOT it.
However, the other workaround in here from @matheuscanela (and @StevenSong) does seem to work:
cisco.ps1 script
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
CompSciMaj13
commented
4 years ago Hi folks,
I may have a solution to run the script automatically :)
Basically, I have created a Windows Task to fire every time that a Cisco Connected event is registered from the Cisco client. I am not sure if it will fit everyone here as we may have different versions; however, it is worth trying.
cisco.ps1 script
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000Command to run
powershell.exe -executionpolicy bypass -file "C:\cisco.ps1"Next steps
- Update the ps1 script to collect the DNS and update a file inside the Ubuntu Image
- Then, create a trigger inside the Ubuntu image to update the /etc/resolv.conf with the correct DNS
Fully automated solution hahahah
A couple improvements I found were to set the event ID to 3002, which is Initiating VPN connection to the secure gateway.... I found that Event ID 3020 would trigger on VPN connect/disconnect up to 2 to 3 times, which was not ideal. Event ID 3002 only happens on connect. I also added a 15 second delay to the event to give the VPN time to connect after it start initializing the VPN connection.
Not sure if people are aware, but for the computer geeks who rather use command line tools, there is a vpncli.exe in C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\. If you add this to your systems environment variable Path, you can run this via powershell.exe or from within your linux environment. I have a task like this one to connect to the VPN programatically.
From PS
vpncli -h
vpncli connect {vpn_name}or from WSL
vpncli.exe -h
vpncli.exe connect {vpn_name}If vpncli.exe is used to connect, make sure to set the Source to acvpncli for the above scheduled task.
justin-caldicott
commented
4 years ago For me the AnyConnect app from the Windows Store works where the standalone app does not, as per here.
marwatk
commented
4 years ago Just tested and can confirm that GlobalProtect also prevents WSL 2 from talking to any external hosts.
athenor
commented
4 years ago This may only apply to Ubuntu 20.04, but I just managed to get my DNS to work, at least temporarily.
I'm running: Cisco AnyConnect 4.6.04054 Windows Terminal Preview Ubuntu 20.04 for WSL2
Our environment is a split tunnel setup. In ubuntu, I could ping any IP, but not resolve domains.
Using the advice of this thread I went in and looked at my /etc/resolv.conf There, 3 nameservers were defined: 192.168.1.1 (internal DNS of my company 1) (internal DNS of my company 2)
I commented out 192.168.1.1 and suddenly everything worked.
In my case, I'm going to re-order my local DNS so that things still work if I'm not on the VPN, but this does seem promising, and indicates an order of operations issue.
I am sure I am missing something because this seems so simple.
ealap
commented
4 years ago One way to workaround this is for me was:
cat << EOF | sudo tee -a /etc/wsl.conf [network] generateResolvConf = false EOFecho "nameserver <CORP DNS SERVER>" > /etc/resolv.confand... in elevated windows every single time I connect to to VPN 😢 (fortunately, not very often)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
In my case, I found that this hack doesn't work when you have more than one WSL 2 distribution. I had to revert back my other one to WSL 1. I am not familiar with how it works, do I need to set it to a different priority value?
zmamujee
commented
4 years ago Thanks to @AdonisLL for the suggestion. I installed the client from the store and it works.
httpdss
commented
4 years ago I was able to resolve this by installing anyconnect pwa from the windows store the vpn connection now works with WSL when my stand alone installation of anyconnect 4.6 does not work... hope this helps someone
SOLVED! THANKS!!
vnijs
commented
4 years ago Thanks for re-posting @httpdss. I hadn't noticed this suggestion before but had tried most of the other suggestions posted in issues for WSL2. I was using anyconnect 4.9.00086 through my university. However, the version from the windows store (4.7.20031) allows me to use SSH, git, etc. directly from WSL2 (Ubuntu 20.04) !!!
jbragdon1
commented
4 years ago I seem to remember this working fine if you start off in WSL1 -- and then update to WSL2. It specifically only happens when Cisco Anyconnect clamps on and forces 0.0.0.0 over VPN and then adds itself as a higher metric than just about everything else as previously commented. I cannot use the Windows Store version - because - it limits download/upload to 10 Mbs for whatever silly reason. There is no configuration options from what I can see - so I get stuck there too.
Most Anyconnect installs have the option of skipping over a range. If we could adjust the DHCP scope options in WSL2 - or perhaps put its metric as 1 on the outset - it might resolve this issue. Doing it each time we VPN in, is a good workaround- but not a great solution. In my case - it failed.
vnijs
commented
4 years ago @jbragdon1 I can confirm the 10MB upload and download restriction with the version of anyconnect on the windows store. I can get around that reasonably well with the "split" connection option so that only specific traffic goes through VPN. Not ideal though I agree. Thanks for posting that additional information!
SahanaBanerjee
commented
4 years ago One way to workaround this is for me was:
cat << EOF | sudo tee -a /etc/wsl.conf [network] generateResolvConf = false EOFecho "nameserver <CORP DNS SERVER>" > /etc/resolv.confand... in elevated windows every single time I connect to to VPN 😢 (fortunately, not very often)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000that worked for me!
This solution worked for me amazingly. Haven't tried the automated script approach yet so do have to repeat the process of altering the route tables each time vpn connected. But this works!! Finally!
bragdonjm
commented
4 years ago This did not work for me as Cisco Anyconnect was set to auto redo any attempt at changing Metric on routes. My only work around as to disable WSL2 and go back to WSL1 --- works fine now.
SahanaBanerjee
commented
4 years ago This did not work for me as Cisco Anyconnect was set to auto redo any attempt at changing Metric on routes. My only work around as to disable WSL2 and go back to WSL1 --- works fine now.
Well I am using Ubuntu 20.04 for starters. Also for me it was imperitive to use wsl2 to leverage docker which is not wsl1 compatible. But yeah wsl1 works like a charm. No modifications required there.
espower
commented
4 years ago I used the AnyConnect app from the windows store and wsl2 networking worked perfectly, with the minor annoyance that it was crazy slow (~10Mbps) as previously stated.
A new issue just came up and I will lose my ability to log in to my profile (bad password) after lock, at which point IT has to contact me, have me log in a Administrator, change user to myself, login, and reboot. Then everything works okay for a while until it again says my password is bad. Then call IT again ...
At no point did i actually need to change my password. if i only use the standard IT provided client (not the one from the windows store) then this does not occur.
sakai135
commented
3 years ago I got WSL2 working with our Cisco AnyConnect VPN using VPNKit and npiperelay. This requires no settings changes or admin privileges on the Windows side. Basically what Docker Desktop does for containers, just applied to the WSL2 VM.
marwatk
commented
3 years ago @sakai135 Got details on how you made that all work together? Doing something like that sounds like the only viable option given the route capture.
sakai135
commented
3 years ago @marwatk here's the scripts I'm using. It's a bit of a mash right now, but should be simple to edit and setup your own. https://github.com/sakai135/wsl-vpnkit
dalgibbard
commented
3 years ago Just wanted to drop in and say thanks @sakai135 - this is working great for me. It would be great if the WSL team could use vpnkit out of the box (or even enable systemd so we can make it a service :) ), but I guess good things come to those who wait. This is a great interim fix, and I can finally use the full-fat Anyconnect Client again to get some real speeds :) (Windows store app is terribly slow!)
alexxonline
commented
3 years ago I confirm I can connect using the Windows Store AnyConnect app
wirtsi
commented
3 years ago @marwatk you are genius, this was the only thing that works. Thanks. How on earth did you figure out this monster hack? :-)
I had to prepare everything under wsl1 (because hey, no internet without vpn for me) and then switched to wsl2.
Last thing I never got running was speaking to an x-server on the windows host, let's see how that goes now
marwatk
commented
3 years ago @marwatk you are genius, this was the only thing that works. Thanks. How on earth did you figure out this monster hack? :-)
Credit goes to @sakai135!
wirtsi
commented
3 years ago Blimey, you are right ... @sakai135 you are genius, sorry about this.
In case anyone is interested, here's what the script does (how I understood it)
Now two thing are still open for me:
dalgibbard
commented
3 years ago @wirtsi using this I can access services running on WSL from Windows (I think it requires WSL to be started after the VPN connection still though). Haven't tried the reverse though.
sakai135
commented
3 years ago @wirtsi Yup. I would add that socat and npiperelay communicate over some inter-process integration between WSL processes and Windows host processes. I'm not sure if this has changed significantly since, but here is a blog post from 2016 for WSL1. I'm guessing the WSL2 one is something like this combined with Hyper-V sockets.
localhost through the built-in WSL2 integrations.VPNKIT_HOST_IP (192.168.67.2 if you're using my values) to access ports on the Windows host from WSL2.
jamespotz
commented
3 years ago Anyone having trouble with Cisco Anyconnect with 2FA, you can now use Cisco Anyconnect from Microsoft Store it does support 2FA now :)
rofrol
commented
3 years ago @jamespotz Nope. Does not work for me with 2FA.
jamespotz
commented
3 years ago @rofrol. I guess it just works for Okta
KinIcy
commented
3 years ago @rofrol. I guess it just works for Okta
how did you get that prompt? My company requires okta to login to the VPN. When I add it to AnyConnect, it asks me for User/Password instead of opening okta.
jamespotz
commented
3 years ago @KinIcy on the server name just add your company vpn address with https
e.g https://vpn.company.net.
KinIcy
commented
3 years ago @jamespotz still not working for me. It will ask me for user/password.
do you have any other idea that I can try?
jamespotz
commented
3 years ago Sorry @KinIcy that's just the settings I changed and nothing more. On the VPN it also requires me for username/password and after that it requires a verification from okta.
Please fill out the below information:
Your Windows build number: (Type
verat a Windows Command Prompt) Microsoft Windows [Version 10.0.18932.1000]What you're doing and what's happening: (Copy&paste the full set of specific command-line steps necessary to reproduce the behavior, and their output. Include screen shots if that helps demonstrate the problem.) I've installed ubuntu 18.04 and converted it to wsl v2 using the following command in windows powershell running as administrator. PS C:\WINDOWS\system32> wsl --set-version Ubuntu-18.04 2
When I start the Ubuntuu 18.04 instance I'm able to communicate with resources using IPs and hostnames.
Once I connect to my work VPN using cisco annyconnect client v 4.7.00136 I'm not longer able to connect to IP resources.