cannot reach ipv6 only address

[andyli]

• Your Windows build number: 10.0.18980.1

• What you're doing and what's happening: (Copy&paste the full set of specific command-line steps necessary to reproduce the behavior, and their output. Include screen shots if that helps demonstrate the problem.)

I tried to access a ipv6 only website and failed. My commands run in Debian Buster with WSL 2:

$ curl -I https://ocaml.debian.net
curl: (7) Couldn't connect to server

$ sudo ping6 2001:913:c01:0:d52c:1903:be09:265f
connect: Network is unreachable

• What's wrong / what should be happening instead:

The curl command should succeed. Here is the result if I run it in Windows (outside of WSL):

>curl -I https://ocaml.debian.net
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 18 Sep 2019 04:15:40 GMT
Content-Type: text/html
Content-Length: 341
Last-Modified: Sat, 03 Aug 2019 04:57:55 GMT
Connection: keep-alive
ETag: "5d451453-155"
Accept-Ranges: bytes

>ping 2001:913:c01:0:d52c:1903:be09:265f

Pinging 2001:913:c01:0:d52c:1903:be09:265f with 32 bytes of data:
Reply from 2001:913:c01:0:d52c:1903:be09:265f: time=208ms
Reply from 2001:913:c01:0:d52c:1903:be09:265f: time=206ms
Reply from 2001:913:c01:0:d52c:1903:be09:265f: time=206ms
Reply from 2001:913:c01:0:d52c:1903:be09:265f: time=206ms

Ping statistics for 2001:913:c01:0:d52c:1903:be09:265f:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 206ms, Maximum = 208ms, Average = 206ms

FYI, here is my network interface info:

C:\Users\Andy>ipconfig

Windows IP Configuration

Ethernet adapter VPN - VPN Client:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter vEthernet (DockerNAT) 2:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.0.75.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   IPv6 Address. . . . . . . . . . . : 2002:d206:9dd2::100
   IPv6 Address. . . . . . . . . . . : 2002:d206:9dd2:0:7940:661e:9b71:38ca
   IPv6 Address. . . . . . . . . . . : fd3a:95fa:b06b::100
   IPv6 Address. . . . . . . . . . . : fd3a:95fa:b06b:0:7940:661e:9b71:38ca
   Temporary IPv6 Address. . . . . . : 2002:d206:9dd2:0:c8d1:e8bc:b818:9b48
   Temporary IPv6 Address. . . . . . : fd3a:95fa:b06b:0:c8d1:e8bc:b818:9b48
   Link-local IPv6 Address . . . . . : fe80::7940:661e:9b71:38ca%14
   IPv4 Address. . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::7ad2:94ff:fe7e:41e9%14
                                       192.168.1.1

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::e0:3fd0:91b9:ca2a%45
   IPv4 Address. . . . . . . . . . . : 172.17.96.1
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :

Ethernet adapter vEthernet (WSL):

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::d42c:c288:563c:b292%53
   IPv4 Address. . . . . . . . . . . : 172.29.48.1
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :

andy@Hawk:/mnt/c/Users/Andy$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.29.49.132  netmask 255.255.240.0  broadcast 172.29.63.255
        inet6 fe80::215:5dff:fed7:3bf8  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:d7:3b:f8  txqueuelen 1000  (Ethernet)
        RX packets 856  bytes 101884 (99.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 39  bytes 3349 (3.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[craigloewen-msft]

Could you please take some networking logs for us? Instructions on how to do so are here!

And then post the link to your feedback in this issue so we can easily find it. :) Thanks!

Also for reference for myself and the team this may be a similar issue to https://github.com/microsoft/WSL/issues/4436, however it's different enough since this is accessing an external site.

[andyli]

Here you are: https://aka.ms/AA63cvl

[ghzhou]

I have same issue. In wsl2, I have a docker of oracle bind to tcp6. From inside wsl2, I can connect with ::1 or 127.0.0.1, which means it is dual-stack. root@cnjiezhou01:/etc# netstat -an | grep 1521 | grep -i liste tcp6 0 0 :::1521 :::* LISTEN root@cnjiezhou01:/etc# telnet 127.0.0.1 1521 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. ^] telnet> quit Connection closed. root@cnjiezhou01:/etc# telnet ::1 1521 Trying ::1... Connected to ::1. Escape character is '^]'. ^] telnet> quit Connection closed.

From the host windows:

C:>netstat -an | findstr 1521 | findstr /i list TCP [::1]:1521 [::]:0 LISTENING

C:>telnet 127.0.0.1 1521 Connecting To 127.0.0.1...Could not open connection to the host, on port 1521: Connect failed

[craigloewen-msft]

As of right now the Host Network service does not support ipv6 only websites. We've filed this as a feature request with them and we will post any updates on this thread as they become available! Thank you for filing this.

[WSLUser]

@craigloewen-msft any progress with this? Also I noticed the kernel doesn't have IPv6 enabled. Could you get the kernel bits done first if we're still waiting for underlying platform support?

[craigloewen-msft]

I don't have any updates for this feature request.

@WSLUser what kernel modules would you like added to the kernel? And what workflows would it enable for you?

[WSLUser]

Basically anything that lights up usage of IPv6. I'm thinking more of a network pen test perspective using Kali tools but I'm sure there are some more enterprise-y workflows that would benefit as well if hosted on Windows Server 2019. Something that comes to mind is mostly being able to serve up DHCPv6 and DNS from WSL2 for multiple hosts.

[hcooper]

@craigloewen-msft could the wsl2 upgrade docs be updated to explicit mention breaking IPv6? I would have probably waited a little longer had I know. Thanks.

[craigloewen-msft]

@hcooper Yes! I'll add that in, thank you for the suggestion. :)

[Daemoen]

... Wow... we're in February (nearly 6 months) and this is still an issue? That's disappointing.

[treysis]

In 2020 I would expect "IPv6 first, IPv4 second". Apparently not so at Microsoft. But good to know, so I will not update to WSL 2.

[ghshephard]

Thanks for this thread - I spent about 45 minutes trying to figure out how to get IPv6 working (I have an IPv6 only site I'm trying to connect to) from WSL 2. Looking forward to seeing the protocol added!

[Tiedye]

@craigloewen-msft Any update? WSL 2 is coming close to being widely available

[craigloewen-msft]

We're working on it! This feature won't be available in the initial general release of WSL2. Thanks for your patience here, this is something that we are actively looking into improving.

[zhihuiyuze]

WSL2 has no ipv6, and mapping to the external network requires port forwarding.

[royalpudding]

Is there any kind of work around for this? We recently went completely remote at our organization and all access is being handled using Direct Access. Direct Access is completely IP6, which means WSL2 does not have any access to our internal network. I manage several dozen Linux based servers behind the firewall and my workflow has been completely stopped in its tracks. Ansible can't access any of the servers etc... Can I run WSL concurrently with WSL2? Any thoughts or ideas?

[paulstelian97]

Can I run WSL concurrently with WSL2? Any thoughts or ideas?

If you have multiple distros, you can pick and choose which of them uses WSL1 and which uses WSL2. Just do wsl --set-version "Distro name" 2 or wsl --set-version "Distro name" 1, and wait for the conversion process which can take a while and shows no progress bar (it takes longer or shorter dependent on the amount of data you already have in your distro)

[Nicholas-Johnson-opensource]

What is worse is that if you are on an IPv6-only network (NAT64 for IPv4 access), WSLv2 has no internet access whatsoever. Is there a timeline on the fix? Microsoft said they are working on it (good) but working on it could mean "will deliver in May 2021 update or even later".

[paulstelian97]

IPv6 is actually a difficult mess, I think Hyper-V needs to learn prefix delegation like VMware and the ISP must provide that (my setup with TunnelBroker didn't). I had managed to make a manual setup, configure router advertisements on the "vEthernet (WSL)" interface and gave the VM an IP address in a /64 I had allocated (and also manually added a route in my Raspberry Pi so packets returning to WSL will reach it)

[qadmium]

@paulstelian97 Can you describe more? As I see, in my case host adapter and eth0 in wsl has different ipv6 prefixes. But I didn't manage to setup routing

upd: found your question here https://superuser.com/questions/1545629/how-can-i-give-ipv6-to-wsl2

[Daniel15]

Is there any ETA for a fix for this? At Facebook, our internal network is mostly IPv6-only (see https://www.internetsociety.org/blog/2014/06/facebook-moving-to-an-ipv6-only-internal-network/) so this issue limits the usefulness of WSL2 in this environment.

[paulstelian97]

@paulstelian97 Can you describe more? As I see, in my case host adapter and eth0 in wsl has different ipv6 prefixes. But I didn't manage to setup routing

upd: found your question here https://superuser.com/questions/1545629/how-can-i-give-ipv6-to-wsl2

I managed to setup routing because the WSL network is part of a /48 that is allocated for my tunnel. That's probably what went wrong in your case.

Unless WSL2 can either use prefix delegation or a bridged adapter you'll have issues (IPv6 doesn't have NAT)

[ichdasich]

Broken IPv6 is a serious deal breaker for me. I am sitting behind a DS-lite setup, with rather painfull v4. Are there any technical issues that prevent a feature/configuration for bridging the WSL system to the host IF (or rather the bridge over that IF i have anyway for my hyperv VMs)?

[vbifonixor]

Guys, come on! I've updated to w10 2004 only because of WSL2 and I can't connect to most of my intranet? How is it still not solved since first insider builds?? Looks more like a serious bug to me, since almost everybody now uses IPv6 primarily

[paulstelian97]

Guys, come on! I've updated to w10 2004 only because of WSL2 and I can't connect to most of my intranet? How is it still not solved since first insider builds?? Looks more like a serious bug to me, since almost everybody now uses IPv6 primarily

IPv6 is actually hard to do. Hyper-V only has IPv4 NAT support, for IPv6 NAT to be supported you need something else.

I have managed to do a workaround at home for this but what is supported (without the workaround) is IPv6 servers hosted in WSL. That does work just fine via the "automatic port forwarding" that is done for IPv4 as well.

While it is surprisingly difficult to deploy IPv6 to virtual machines (including WSL2) because NAT isn't exactly Kosher in the IPv6 world (and that may be the reason Hyper-V won't support it), it can be done after a lot of work. But I wouldn't be surprised if 20H2 didn't have it; maybe 21H1? It would be nice if DHCP prefix delegation were a thing.

[ichdasich]

Well, technically i'd argue that there should not be NAT, but the hyper-v host should actually do rfc4389 (https://tools.ietf.org/html/rfc4389) style proxy nd. This is v6 after all...

[paulstelian97]

Well, technically i'd argue that there should not be NAT, but the hyper-v host should actually do rfc4389 (https://tools.ietf.org/html/rfc4389) style proxy nd. This is v6 after all...

Wasn't aware that existed, it's definitely the better path. This would allow it to work in any IPv6 network, including those that only have autoconfig (and router advertisements), like my old mock network via TunnelBroker (my ISP doesn't provide me IPv6, although I'm also in an interesting conundrum in this sense)

[yoursunny]

I found that WSL2 also does not support dual-stack listeners.

nginx site:

  listen [::]:443 default_server ipv6only=off ssl http2;

This creates one listening socket, and it should be reachable on both IPv4 and IPv6. However, in WSL2 this socket is not reachable via IPv4.

I have to use a separate IPv4 socket for the website to be accessible on IPv4:

  listen 0.0.0.0:443 default_server ssl http2;
  listen [::]:443 default_server ipv6only=on ssl http2;

[paulstelian97]

How does Node support IPv6 automatically when I listen on IPv4? Does it manually create both IPv4 and IPv6 sockets?

[treysis]

Why should listening on [::] include listening on 0.0.0.0? There are systems without IPv4-stack out there (rare, but they do exist). Also, this is the expected case for nginx. Especially since you use ipv6only=on. It's in the documentation.

And, this doesn't really belong into this discussion.

[yoursunny]

Why should listening on [::] include listening on 0.0.0.0? Especially since you use ipv6only=on. It's in the documentation.

I usually use ipv6only=off, which works on normal Linux but breaks in WSL2.

[rishitpatel]

This is a deal breaker for me as well... spent countless hours to setup a test laptop to later find out that IPv6 does not work.. Do we have an ETA on this?

[PavelSosin-320]

Different dynamic IP addresses got by the host Windows, hosted WSL VM and Mobile devices produce a very unpleasant "mixed IP" situation in the home network. In my home network, all laptops are IP6+4, Mobile devices IPV6+4 with "private" Google DNS onfigured,, smart TV IPV4, and Docker IPV6 enabled. and Ubuntu WSL is IPV4 only interconnected. In some places, support IPV6 by 1st customer request is the legal requirement.

[paulstelian97]

Different dynamic IP addresses got by the host Windows, hosted WSL VM and Mobile devices produce a very unpleasant "mixed IP" situation in the home network. In my home network, all laptops are IP6+4, Mobile devices IPV6+4 with "private" Google DNS onfigured,, smart TV IPV4, and Docker IPV6 enabled. and Ubuntu WSL is IPV4 only interconnected. In some places, support IPV6 by 1st customer request is the legal requirement.

Again until it is officially supported (it's WIP) you can always apply a workaround (I have a question on Stack Exchange whose answer contains info on how you can manually work with this; you just need to assign a subnet that is routed to you to the WSL network; or you can install TunnelBroker on WSL if you want to, though that would be a little bit weird)

[dddmello]

@craigloewen-msft just wondering if there is a rough ETA or timeline you can provide? Is v6 support something like a month or two out or something to hope for with the 20H2 release, or even further out than that?

[treysis]

Since most systems using WSL 2 probably will be configured using IPv6-SLAAC the easiest solution for IPv6 would be if WSL 2 supports bridging network adapters. And the second option some style of NDP-Proxy. I believe this is similar to what Android/iOS do when using tethering on an IPv6-only network?

[lapo-luchini]

WSL2 works like a charm already in bridge mode in my IPv4/IPv6 local network, unfortunately the bridge configuration must be done manually right now, I hope it will be automatic in the future.

[treysis]

@lapo-luchini would you mind pointing out what was necessary? Install the whole HyperV-package?

[lapo-luchini]

You can find it here: https://github.com/microsoft/WSL/issues/4150#issuecomment-647704617.

[treysis]

That doesn't give you IPv6 connectivity, does it?

[lapo-luchini]

It does, since my router is sending Router Advertisements packets, which get properly received for auto-configuration.

% ping -nc 5 google.it
PING google.it(2a00:1450:400a:800::2003) 56 data bytes
64 bytes from 2a00:1450:400a:800::2003: icmp_seq=1 ttl=120 time=8.50 ms
64 bytes from 2a00:1450:400a:800::2003: icmp_seq=2 ttl=120 time=8.48 ms
64 bytes from 2a00:1450:400a:800::2003: icmp_seq=3 ttl=120 time=8.48 ms
64 bytes from 2a00:1450:400a:800::2003: icmp_seq=4 ttl=120 time=7.54 ms
64 bytes from 2a00:1450:400a:800::2003: icmp_seq=5 ttl=120 time=8.87 ms

--- google.it ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 7.544/8.378/8.877/0.458 ms

[treysis]

And how did you set up your host?

[lapo-luchini]

That was (a bit sparse) in the link of my previous comment, but let me recap: First executing this in admin powershell first in order to configure thw "wsl" virtual switch to bridged mode ("LAN" is how I renamed by ethernet card): set-vmswitch -name wsl -NetAdapterName LAN then this in sudo bash:

rm /etc/resolv.conf
cat <<EOF > /etc/resolv.conf
nameserver 192.168.1.1
nameserver 8.8.8.8
nameserver 2001:4860:4860::8888
EOF
ip addr add 192.168.1.8/24 dev eth0
route add default gw 192.168.1.1
route del default gw 172.23.160.1

(where 192.168.1.8/24 is but the static IP I chose for my WSL2, but YMMV)

[treysis]

Right so, but as pointed out by https://github.com/microsoft/WSL/issues/4150#issuecomment-652174491 this requires a whole lot of other Hyper-V stuff to be installed. Yes, in the end it works. But it's not nice.

However, good seeing how this thread was able to pinpoint the actual issue...which is not that IPv6 isn't supported at all, but how the Hyper-V manages network interfaces (and some stuff that needs to be considered by network setups...too many still live in a NAT-solves-everything-world).

[lapo-luchini]

I'm not expert about HyperV (myself, I prefer VirtualBox as being opensource)… but AFAICT WSL2 is always using HyperV and HyperV vSwitches… what is missing to enable bridging is simply the GUI to configure it. So I guess the "important 80%" of HyperV was required already by WSL2. Anyways… yes, it's a dirty hack. I hope WSL2 offers something like wsl /net:bridge ubuntu or similar, in the future.

[craigloewen-msft]

We don't yet have a rough ETA on this item, so please stay tuned. I read the responses on this thread, so thank you for commenting to let us know about the details for why you need IPV6 support. Once we do have a concrete update I'll be sure to post here. :)

[rbairwell]

let us know about the details for why you need IPV6 support.

Today I upgraded to build 2004 and subsequently updated Docker Desktop to use WSL2 as I've been looking forward to the performance increases: I installed Ubuntu from the Microsoft Store, set it up and then ran sudo apt update: only for it to fail with fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable).

So why do I need IPv6 support? Just for the basic updating and install Linux software packages as otherwise it's broken on our dual-stack network. [edit: I can confirm I am able to connect to archive.ubuntu.com from a browser on the same host machine ]

[paulstelian97]

@rbairwell Can you try curl -4 http://archive.ubuntu.com/? I wouldn't expect it to resolve to an IPv6 address if IPv4 is available. Of course it's using the host resolver.

Can you also try the same command on the Windows host? Both with -4 and -6. If on the host the -4 variant doesn't work then you have IPv6-only connectivity on the host, for some reason.

For me it works fine, connects via IPv4.

[TurnOffNOD]

Hi, @craigloewen-msft , is there any schedule for ipv6 support?

[bluecmd]

@paulstelian97

I wouldn't expect it to resolve to an IPv6 address if IPv4 is available.

The default in a lot of distributions is to prefer public IP addresses over private. 99% of the time IPv6 is provisioned using public IPs, while 99% of the time IPv4 is provisioned using private. Furthermore, it is also common to prefer IPv6 over IPv4 wholesale when both are public.

In summary: you shouldn't be surprised to see Linux prefer IPv6. :-)

Source: man gai.conf(5) and RFC 3484

As for why WSL should add IPv6? There are homes and offices that are IPv6 only, using centralised NAT64 to get to IPv4. This means that the physical machine will never see or talk IPv4. For all these people WSL 2 is useless.