cannot reach ipv6 only address

[andyli]

• Your Windows build number: 10.0.18980.1

• What you're doing and what's happening: (Copy&paste the full set of specific command-line steps necessary to reproduce the behavior, and their output. Include screen shots if that helps demonstrate the problem.)

I tried to access a ipv6 only website and failed. My commands run in Debian Buster with WSL 2:

$ curl -I https://ocaml.debian.net
curl: (7) Couldn't connect to server

$ sudo ping6 2001:913:c01:0:d52c:1903:be09:265f
connect: Network is unreachable

• What's wrong / what should be happening instead:

The curl command should succeed. Here is the result if I run it in Windows (outside of WSL):

>curl -I https://ocaml.debian.net
HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Wed, 18 Sep 2019 04:15:40 GMT
Content-Type: text/html
Content-Length: 341
Last-Modified: Sat, 03 Aug 2019 04:57:55 GMT
Connection: keep-alive
ETag: "5d451453-155"
Accept-Ranges: bytes

>ping 2001:913:c01:0:d52c:1903:be09:265f

Pinging 2001:913:c01:0:d52c:1903:be09:265f with 32 bytes of data:
Reply from 2001:913:c01:0:d52c:1903:be09:265f: time=208ms
Reply from 2001:913:c01:0:d52c:1903:be09:265f: time=206ms
Reply from 2001:913:c01:0:d52c:1903:be09:265f: time=206ms
Reply from 2001:913:c01:0:d52c:1903:be09:265f: time=206ms

Ping statistics for 2001:913:c01:0:d52c:1903:be09:265f:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 206ms, Maximum = 208ms, Average = 206ms

FYI, here is my network interface info:

C:\Users\Andy>ipconfig

Windows IP Configuration

Ethernet adapter VPN - VPN Client:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter vEthernet (DockerNAT) 2:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.0.75.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   IPv6 Address. . . . . . . . . . . : 2002:d206:9dd2::100
   IPv6 Address. . . . . . . . . . . : 2002:d206:9dd2:0:7940:661e:9b71:38ca
   IPv6 Address. . . . . . . . . . . : fd3a:95fa:b06b::100
   IPv6 Address. . . . . . . . . . . : fd3a:95fa:b06b:0:7940:661e:9b71:38ca
   Temporary IPv6 Address. . . . . . : 2002:d206:9dd2:0:c8d1:e8bc:b818:9b48
   Temporary IPv6 Address. . . . . . : fd3a:95fa:b06b:0:c8d1:e8bc:b818:9b48
   Link-local IPv6 Address . . . . . : fe80::7940:661e:9b71:38ca%14
   IPv4 Address. . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::7ad2:94ff:fe7e:41e9%14
                                       192.168.1.1

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::e0:3fd0:91b9:ca2a%45
   IPv4 Address. . . . . . . . . . . : 172.17.96.1
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :

Ethernet adapter vEthernet (WSL):

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::d42c:c288:563c:b292%53
   IPv4 Address. . . . . . . . . . . : 172.29.48.1
   Subnet Mask . . . . . . . . . . . : 255.255.240.0
   Default Gateway . . . . . . . . . :

andy@Hawk:/mnt/c/Users/Andy$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.29.49.132  netmask 255.255.240.0  broadcast 172.29.63.255
        inet6 fe80::215:5dff:fed7:3bf8  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:d7:3b:f8  txqueuelen 1000  (Ethernet)
        RX packets 856  bytes 101884 (99.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 39  bytes 3349 (3.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[paulstelian97]

@paulstelian97

I wouldn't expect it to resolve to an IPv6 address if IPv4 is available.

The default in a lot of distributions is to prefer public IP addresses over private. 99% of the time IPv6 is provisioned using public IPs, while 99% of the time IPv4 is provisioned using private. Furthermore, it is also common to prefer IPv6 over IPv4 wholesale when both are public.

In summary: you shouldn't be surprised to see Linux prefer IPv6. :-)

Source: man gai.conf(5) and RFC 3484

As a bonus, WSL2 always has private IP address for IPv4... It does NOT have the host IP address. It's a NAT with extra tricks.

The surprise is why prefer IPv6 if it's NOT CONFIGURED? No public IPv6 (router advertisement, DHCP etc) reaches the WSL2 distro.

[bluecmd]

@paulstelian97

Ah, gotcha. Good to clear that out. Yes, unless Linux believes it can route IPv6 it shouldn't use it -- unless the user is on an IPv6 only network using NAT64 maybe? Then the DNS resolution would always return AAAA and no A I think

EDIT: To be clear, what I am suggesting above would definitely 100% require WSL 2 to support and provision IPv6, I am merely suggesting a possible configuration that would lead to IPv6 resolutions being the only thing being tried (unsuccessfully) in a IPv4-only environment - where normally a IPv4 try would be done.

[paulstelian97]

@paulstelian97

Ah, gotcha. Good to clear that out. Yes, unless Linux believes it can route IPv6 it shouldn't use it -- unless the user is on an IPv6 only network using NAT64 maybe? Then the DNS resolution would always return AAAA and no A I think

Issue still remains. WSL2 only has IPv4 in the 172.x.y.z (forgot what x was exactly) and no IPv6 at all (unless I do weird tricks on the host). Any NAT64 and shit available on the host Windows system never reaches the WSL2 distro.

I don't think Windows will even proxy the IPv4 requests through the NAT64...

[themiron]

If by a chance you have VMWare Workstation installed, it's possible to bridge Hyper-V switch to VMware VMnet, which is capable enough to perform IPv6 NAT, using host's IPv6 address and routing. Hyper-V VM/WSL2 --> Hyper-V bridge switch to "external" VMnet NAT interface --IPv6 NAT--> Host's IPv6 network p.s as a bonus - IPv4 NAT with stable address space

[paulstelian97]

If by a chance you have VMWare Workstation installed, it's possible to bridge Hyper-V switch to VMware VMnet, which is capable enough to perform IPv6 NAT, using host's IPv6 address and routing. Hyper-V VM/WSL2 --> Hyper-V bridge switch to "external" VMnet NAT interface --IPv6 NAT--> Host's IPv6 network p.s as a bonus - IPv4 NAT with stable address space

What if I want a public IPv6 address? I'm only using IPv6 specifically due to lack of requirement for NAT. Is there a variant to run a NDP proxy on Windows 10?

[themiron]

If by a chance you have VMWare Workstation installed, it's possible to bridge Hyper-V switch to VMware VMnet, which is capable enough to perform IPv6 NAT, using host's IPv6 address and routing. Hyper-V VM/WSL2 --> Hyper-V bridge switch to "external" VMnet NAT interface --IPv6 NAT--> Host's IPv6 network p.s as a bonus - IPv4 NAT with stable address space

What if I want a public IPv6 address? I'm only using IPv6 specifically due to lack of requirement for NAT. Is there a variant to run a NDP proxy on Windows 10?

well, outgoing connections will have public address of the host. as for incoming connections, seems not possible - VMWare allows only IPv4 port forwarding

[WSLUser]

I thought Hyper-v itself had IPv6 support. Shouldn't enabling it and doing something for WSL2 to recognize the network adapter in hyper-v for ipv6 support work?

[paulstelian97]

I thought Hyper-v itself had IPv6 support. Shouldn't enabling it and doing something for WSL2 to recognize the network adapter in hyper-v for ipv6 support work?

I'm not aware of any Hyper-V support except for manual configuration or bridged. The WSL adapter isn't bridged. I had managed to do manual configuration before. I wonder how I could make IPv6 static routes on my router...

[WSLUser]

Since there's a powershell module you can use for managing Hyper-V, I wonder if it could be used for WSL2 in some way for allowing a bridge. Official bridge support is still pending though.

[hcooper]

@craigloewen-msft any chance we can lock this issue until there's an update on the MS side? I'd like the say subscribed to the issue so I know when I can try wsl2 again, however it's getting rather noisy here and I'm on the verge of unsubscribing. Thanks :-)

[paulstelian97]

Since there's a powershell module you can use for managing Hyper-V, I wonder if it could be used for WSL2 in some way for allowing a bridge. Official bridge support is still pending though.

@WSLUser I have tried manually setting a bridge and, while that works immediately, after reboot everything messes up and a NEW adapter for WSL2 is created. It's not a persistent configuration. WSL itself messes you up.

[themiron]

Since there's a powershell module you can use for managing Hyper-V, I wonder if it could be used for WSL2 in some way for allowing a bridge. Official bridge support is still pending though.

@WSLUser I have tried manually setting a bridge and, while that works immediately, after reboot everything messes up and a NEW adapter for WSL2 is created. It's not a persistent configuration. WSL itself messes you up.

yes, each time WSL2 is started (means - not only on reboot), WSL adapter is recreated and manual bridging to anyting (incl. VMnet) is being lost.

[lapo-luchini]

Also, (at least to me) not only briding is lost, but old bridged interface remains in a "half bridged" state and I have to manually disable bridging before functionality is recovered (thus, after each reboot I'm offline until I do it), which is even worse. Still, I prefer to do that that using WSL2 in the default IPv4-only NAT mode.

[paulstelian97]

I actually had TunnelBroker for IPv6 initially and had reserved a /64 for WSL2, plus adding manual routing on my Pi (which did the TunnelBroker connection) so that packets destined for that /64 actually go to my laptop. That worked BEAUTIFULLY with no need for extra configuration. I however don't know how to do an equivalent setup with my router (does Windows have anything to request prefix delegation?)

[treysis]

(does Windows have anything to request prefix delegation?)

Not that I am aware of. But you could manually route a prefix to your Windows PC.

[paulstelian97]

(does Windows have anything to request prefix delegation?)

Not that I am aware of. But you could manually route a prefix to your Windows PC.

Are you aware on how to do it on my TP-Link Archer C6? (now I have native IPv6 from my ISP...) I can't seem to find static routing options for IPv6, only for IPv4...

[treysis]

@paulstelian97 maybe not with the stock firmware. OpenWrt can do.

[WSLUser]

I have tried manually setting a bridge and, while that works immediately, after reboot everything messes up and a NEW adapter for WSL2 is created. It's not a persistent configuration. WSL itself messes you up.

@paulstelian97 can you provide steps here? Probably should add the removal of the old bridge as part of the process based on comments above. Should be easy to add it to Task Manager so it happens upon login.

[paulstelian97]

I have tried manually setting a bridge and, while that works immediately, after reboot everything messes up and a NEW adapter for WSL2 is created. It's not a persistent configuration. WSL itself messes you up.

@paulstelian97 can you provide steps here? Probably should add the removal of the old bridge as part of the process based on comments above. Should be easy to add it to Task Manager so it happens upon login.

Not sure, I just did it manually from the GUI (select the "vEthernet (WSL)" interface and my Wi-Fi interface, right click, create bridge). Sure that sometimes f's up badly with Wi-Fi... So my setup was actually a different one which relied on how TunnelBroker's tunnels worked (had a tunnel on my Raspberry Pi, did some static routing and fixed IP addresses both on my laptop and my Pi).

[craigloewen-msft]

Locking this issue until we have updates on IPV6 support. Thanks all for your patience!

Also working on getting a method for the surrounding discussions to still take place. Stay tuned! :)

[craigloewen-msft]

I've created a page for this on a new feature called "Discussions" for users who wish to keep discussing this feature request and any workarounds.

https://github.com/microsoft/WSL/discussions/5855

Learn more about this discussions feature here: https://github.com/microsoft/WSL/discussions/5854

We will post any updates to this thread on this feature as they are available.

Thanks all!

[craigloewen-msft]

Hi folks, we have put out a new update that aims to address networking issues in WSL. In your .wslconfig file you can set experimental.networkingMode=mirrored, as well as some other key settings that should improve your network compatibility, and add support for IPv6! Please try them out and let us know what you think.

More info on this release and the changes can be found here in the blog post.

Please note: You need to be on a Windows Insiders version to use the new networking settings (Any channel of Windows Insiders will do, including release preview). If you see the "These are not supported" messages it means that your current Windows version doesn't have support, and you will need to upgrade. These features will eventually be coming to Windows 11 22H2.

[NiKiZe]

Will the fix also reach win10?

[maurice-w]

@craigloewen-msft Good news! Could you elaborate on how this mirrored mode works? Does it create an external virtual switch just like you can in regular Hyper-V? This works great for Ethernet, but I never got it to work on WiFi, probably due to lack of an ND proxy. I would be willing to switch to an Insiders version to get IPv6 in WSL, but only if WiFi is supported.

[craigloewen-msft]

These new networking features are now available on the latest version of Win11 22H2!

@NiKiZe currently this is not planned to go back to Win10.

Please make sure you're on the latest build to get these features, you can do that by clicking "Check for Updates" in Windows settings. You can check you have the right build by either ensuring you have KB5031354 installed, or run cmd.exe /c ver and ensure that your build number is 22621.2428 or higher (Including the minor build number which is after the . as this was a backport!)

[maurice-w]

Thanks @craigloewen-msft, tried it and it works great for me on WiFi! Windows 11 22H2 10.0.22621.2428, WSL 2.0.6. I now understand that mirrored mode is indeed not a bridge, but shares the IPv6 addresses of the host system. No NAT and no ND proxy required. 👍

Will this eventually make its way into Windows Subsystem for Android?

[TurnOffNOD]

These new networking features are now available on the latest version of Win11 22H2!

@NiKiZe currently this is not planned to go back to Win10.

Please make sure you're on the latest build to get these features, you can do that by clicking "Check for Updates" in Windows settings. You can check you have the right build by either ensuring you have KB5031354 installed, or run cmd.exe /c ver and ensure that your build number is 22621.2428 or higher (Including the minor build number which is after the . as this was a backport!)

Hi, does "latest version of Win11 22H2" mean latest stable, which is 22H2 or latest insider version, which belongs to 22H2 branch?

[maurice-w]

@TurnOffNOD Latest stable, you don't need an Insiders version anymore.

[githubsean]

For those playing at home, you may need to run: wsl --update --pre-release

[gund]

For me it did not work initially even though I had the latest version. Then I tried wsl --update --pre-release which completely broke WSL2 for me (distro was just crashing after startup). After that I ran just wsl --update and magically everything was fixed and IPv6 started working!

[Flipez]

For everyone having issues, in the meantime it's without the experimental prefix

[wsl2]
networkingMode=mirrored

[nileshgr]

This one worked for me: https://www.marvinweber.net/posts/wsl2-ipv6-support/

It's in bridge mode though.

But I already run a VM in Hyper V in bridge mode, so as long as it doesn't break other stuff I will continue with this.

[fedorzh]

These new networking features are now available on the latest version of Win11 22H2!

@NiKiZe currently this is not planned to go back to Win10.

Please make sure you're on the latest build to get these features, you can do that by clicking "Check for Updates" in Windows settings. You can check you have the right build by either ensuring you have KB5031354 installed, or run cmd.exe /c ver and ensure that your build number is 22621.2428 or higher (Including the minor build number which is after the . as this was a backport!)

I am actually on Version 10.0.22631.3296 and still cannot reach ipv6 websites...

ping 6 google.com
ping: google.com: Temporary failure in name resolution

Setting .wslconfigwith

[wsl2]
# Changes how DNS requests are proxied from WSL to Windows
dnsTunneling=true

networkingMode=mirrored

doesn't help either.

[githubsean]

Mine now works on windows 11

sean@ANTEC:~$ uname -a
Linux ANTEC 5.15.133.1-microsoft-standard-WSL2 #1 SMP Thu Oct 5 21:02:42 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
sean@ANTEC:~$ ping -6 google.com
PING google.com(syd15s17-in-x0e.1e100.net (2404:6800:4006:812::200e)) 56 data bytes
64 bytes from syd15s17-in-x0e.1e100.net (2404:6800:4006:812::200e): icmp_seq=1 ttl=119 time=2.94 ms
64 bytes from syd15s17-in-x0e.1e100.net (2404:6800:4006:812::200e): icmp_seq=2 ttl=119 time=3.03 ms
64 bytes from syd15s17-in-x0e.1e100.net (2404:6800:4006:812::200e): icmp_seq=3 ttl=119 time=2.63 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 2.633/2.865/3.025/0.167 ms
sean@ANTEC:~$

[megamisan]

[wsl2]
networkingMode=mirrored

Worked for me too.

>ver

Microsoft Windows [version 10.0.22631.3447]

[xairoo]

[wsl2]
networkingMode=mirrored

Have done that on 2 systems. One worked, one not. Both running WSL 2.2.4.0. I tried also the [experimental] config.

I can ping the own WSL IPv6 but not a IPv6 outside of WSL... Network is unreachable. I can connect to any IPv6 from Windows, but not the WSL IPv6.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:cd:1b:fb brd ff:ff:ff:ff:ff:ff
    inet 172.23.124.191/20 brd 172.23.127.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fecd:1bfb/64 scope link
       valid_lft forever preferred_lft forever

[Rakeda]

Writing to confirm that I have had success creating a .wslconfig file and having the following entry:

[experimental]
networkingMode=mirrored