No internet connection Ubuntu-WSL while VPN

windows-10 ubuntu wsl2 windows-subsystem-for-linux vpn

WSL2 - VPN Fix:

There is an issue with DNS Forwarding in WSL2 when using VPN (see github Issue). Plus there is a issue with the Cisco AnyConnect. So here is a workaround for these problems. Should work for Ubuntu and Debian.

Workaround

  1. Find out nameserver with windows powershell (during VPN Session)

    nslookup

    You'll get the IPv4 adress of your corporate nameserver Copy this address.

  2. Disable resolv.conf generation in wsl:

    sudo nano /etc/wsl.conf

    copy this text to the file (to disable resolve.conf generation, when wsl starts up)

    [network]                                                                        
generateResolvConf = false

  3. In wsl Add your corporate nameserver to resolv.conf

    sudo nano /etc/resolv.conf

    Remove other entries and add your corporate nameserver IP (if you have a secondary nameserver, add it in a separate line)

    • nameserver X.X.X.X (where X.X.X.X is your address obtained in step 1)

  4. Set your VPN adapter (if you have Cisco AnyConnect) open a admin powershell

    • Find out your VPN adapter name: Get-NetIPInterface (in my case: "Cisco AnyConnect")
    • Set adapter metric (Replace -Match with your name), in my case I have to run this after ever reboot or VPN reconnect:
    Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

    (What is interface metric: Used to determine route, windows use interface with lowest metric)

  5. Restart wsl in powershell: wsl.exe --shutdown

  6. Test it in wsl run: wget google.com - if this command works, you are done.

In my case I get DNS issues when try to connect to internal stuff via browser (on Windows 10, f.e.: intranet), caused by the high metric value set in step 4 (basically kind of disabling VPN Route). So here is the workaround for the workaround:

  1. Check your default metric (of VPNs Interface) in powershell (replace -Match with your interface name)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Get-NetIPInterface
  1. When running into problems on Windows 10 restore this default value with admin powershell (replace value at the end with your default value):
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 1

This seems to be a bug in WSL 2, see https://github.com/microsoft/WSL/issues/4277.

The workaround offered here worked for me: Uninstall the Cisco AnyConnect client and install the version from the Microsoft Store.


The easiest workaround (before either Microsoft or Cisco come up with a permanent fix) is to launch WSL before connecting to the VPN:

wsl --shutdown
# disconnect VPN
wsl
# connect VPN again

Works on Windows 10 with WSL2+Ubuntu 20.04 and Cisco AnyConnect.

Related

Can I upgrade the RAM on my HP Pavilion Elite HPE-112y
Why does RAID 6 require at least 4 disks?
Can you attach a USB drive to the motherboard with SATA?
Sort the contents of an extremely large (800GB) text file on Windows
Use Powershell Core 6 as the default shell with shortcut Windows+X, I
534 Local policy on server does not allow TLS secure connections
What are the chances of breeding a Legendary Dragon and how can I improve them?
Minecraft yellow text is showing up with a symbol I can't remove
how to prevent wyverns from interrupting your boss battles
How many wireless xbox 360 controllers can be active in the same room?
What jobs are in the Mime (reskinned Criminal) career track in the mainland China release?
Why is the one mind upgrade not showing up?