No internet connection Ubuntu-WSL while VPN

WSL2 - VPN Fix:

There is an issue with DNS Forwarding in WSL2 when using VPN (see github Issue). Plus there is a issue with the Cisco AnyConnect. So here is a workaround for these problems. Should work for Ubuntu and Debian.

Workaround

  1. Find out nameserver with windows powershell (during VPN Session)

    nslookup
    

    You'll get the IPv4 adress of your corporate nameserver Copy this address.

  2. Disable resolv.conf generation in wsl:

    sudo nano /etc/wsl.conf
    

    copy this text to the file (to disable resolve.conf generation, when wsl starts up)

    [network]                                                                        
    generateResolvConf = false
    
  3. In wsl Add your corporate nameserver to resolv.conf

    sudo nano /etc/resolv.conf
    

    Remove other entries and add your corporate nameserver IP (if you have a secondary nameserver, add it in a separate line)

    • nameserver X.X.X.X (where X.X.X.X is your address obtained in step 1)
  4. Set your VPN adapter (if you have Cisco AnyConnect) open a admin powershell

    • Find out your VPN adapter name: Get-NetIPInterface (in my case: "Cisco AnyConnect")
    • Set adapter metric (Replace -Match with your name), in my case I have to run this after ever reboot or VPN reconnect:
    Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
    

    (What is interface metric: Used to determine route, windows use interface with lowest metric)

  5. Restart wsl in powershell: wsl.exe --shutdown

  6. Test it in wsl run: wget google.com - if this command works, you are done.

In my case I get DNS issues when try to connect to internal stuff via browser (on Windows 10, f.e.: intranet), caused by the high metric value set in step 4 (basically kind of disabling VPN Route). So here is the workaround for the workaround:

  1. Check your default metric (of VPNs Interface) in powershell (replace -Match with your interface name)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Get-NetIPInterface
  1. When running into problems on Windows 10 restore this default value with admin powershell (replace value at the end with your default value):
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 1

This seems to be a bug in WSL 2, see https://github.com/microsoft/WSL/issues/4277.

The workaround offered here worked for me: Uninstall the Cisco AnyConnect client and install the version from the Microsoft Store.


The easiest workaround (before either Microsoft or Cisco come up with a permanent fix) is to launch WSL before connecting to the VPN:

wsl --shutdown
# disconnect VPN
wsl
# connect VPN again

Works on Windows 10 with WSL2+Ubuntu 20.04 and Cisco AnyConnect.