No internet connection Ubuntu-WSL while VPN
WSL2 - VPN Fix:
There is an issue with DNS Forwarding in WSL2 when using VPN (see github Issue). Plus there is a issue with the Cisco AnyConnect. So here is a workaround for these problems. Should work for Ubuntu and Debian.
Workaround
-
Find out nameserver with windows powershell (during VPN Session)
nslookup
You'll get the IPv4 adress of your corporate nameserver Copy this address.
-
Disable resolv.conf generation in wsl:
sudo nano /etc/wsl.conf
copy this text to the file (to disable resolve.conf generation, when wsl starts up)
[network] generateResolvConf = false
-
In wsl Add your corporate nameserver to
resolv.conf
sudo nano /etc/resolv.conf
Remove other entries and add your corporate nameserver IP (if you have a secondary nameserver, add it in a separate line)
-
nameserver X.X.X.X
(where X.X.X.X is your address obtained in step 1)
-
-
Set your VPN adapter (if you have Cisco AnyConnect) open a admin powershell
- Find out your VPN adapter name:
Get-NetIPInterface
(in my case:"Cisco AnyConnect"
) - Set adapter metric (Replace -Match with your name), in my case I have to run this after ever reboot or VPN reconnect:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
(What is interface metric: Used to determine route, windows use interface with lowest metric)
- Find out your VPN adapter name:
-
Restart wsl in powershell:
wsl.exe --shutdown
-
Test it in wsl run:
wget google.com
- if this command works, you are done.
In my case I get DNS issues when try to connect to internal stuff via browser (on Windows 10, f.e.: intranet), caused by the high metric value set in step 4 (basically kind of disabling VPN Route). So here is the workaround for the workaround:
- Check your default metric (of VPNs Interface) in powershell (replace -Match with your interface name)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Get-NetIPInterface
- When running into problems on Windows 10 restore this default value with admin powershell (replace value at the end with your default value):
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 1
This seems to be a bug in WSL 2, see https://github.com/microsoft/WSL/issues/4277.
The workaround offered here worked for me: Uninstall the Cisco AnyConnect client and install the version from the Microsoft Store.
The easiest workaround (before either Microsoft or Cisco come up with a permanent fix) is to launch WSL before connecting to the VPN:
wsl --shutdown
# disconnect VPN
wsl
# connect VPN again
Works on Windows 10 with WSL2+Ubuntu 20.04 and Cisco AnyConnect.