I'm trying to connect to a SQL Server instance from WSL2 (Arch Linux) with this command:
sqlcmd -S tcp:XX.XXX.XXX.XX\\stix -U service_stix -C
But I get:
Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : Login timeout expired.
Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : MAX_PROVS: Error Locating Server/Instance Specified [xFFFFFFFF]. .
Sqlcmd: Error: Microsoft ODBC Driver 18 for SQL Server : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online..
If try: nc -zv XX.XXX.XXX.XX 1433, I get: Connection to XX.XXX.XXX.XX 1433 port [tcp/ms-sql-s] succeeded!, and also:
➜ ~ telnet XX.XXX.XXX.XX 1433
Trying XX.XXX.XXX.XX...
Connected to XX.XXX.XXX.XX.
Escape character is '^]'.
In PowerShell: Test-NetConnection -ComputerName "XX.XXX.XXX.XX" -Port 1433, which yields:
ComputerName : XX.XXX.XXX.XX
RemoteAddress : XX.XXX.XXX.XX
RemotePort : 1433
InterfaceAlias : vnet-site2site
SourceAddress : 172.SS.SS.S
TcpTestSucceeded : True
Issuing the same command: sqlcmd -S tcp:XX.XXX.XXX.XX\stix -U my_user -C in CMD/PowerShell, I`m able to connect to the instance:
PS C:\Users\Windows11> sqlcmd -S tcp:XX.XXX.XXX.XX\stix -U my_user -C
Password:
1>
Is it possible to connect to an SQL Server instance in WSL2, using a VPN?
SQL Browser service is definitely running, as I've said, I can access the database from Wndows with CMD (with SQLCMD) and a NodeJS application (like Prisma).
I think that I'm missing some configuration on Windows or WSL2 part.
One problem though: I can't access the database nor it's server directly to configure something specific, I would have to ask the DBA.
The VPN:
To add context:
I'm trying to connect a NodeJS application (without Docker) within WSL2 (Arch Linux) with the following connection string structure:
DATABASE_URL=sqlserver://XX.XXX.XXX.XX\stix:1433;database=my-database;user=my_user;password=my_pass;integratedSecurity=false;trustServerCertificate=true;
But I receive an error from my healthcheck endpoint (using Prisma to make a simple query):
Invalid
prisma.$queryRaw()invocation:Error querying the database: Conversion error: SQL browser timeout
during resolving instance stix. Please check if browser is running in
port 1433 and does the instance exist.
Best Answer
If your application runs okay in WSL1, then it will often allow you to workaround VPN issues.
The problem with WSL2 and VPNs is that the WSL2 network is on a virtual Hyper-V switch and interface that is NAT'd behind the Windows host. The Windows network may route to the VPN, but the WSL2 network may not.
It sounds like some version of this might be what you are running into, but the fact that
ncstill works for you in WSL2 makes this not quite fit the "normal" VPN/WSL2 pattern.Here are a few things to try for WSL2, though:
While this question is about Cisco AnyConnect, it might have some guidance. Specifically, this and maybe this. Changing the
InterfaceMetricfor the VPN adapter seems to be one of the best solutions I've seen, but I haven't been able to test it out myself. The first one is pretty simple, so I'd try it first.In the comments, you asked for any known Github issues on this. There are two very popular ones (#5068 and #4277), but the fact that they have hundreds of comments makes them tough to sort through. The two suggestions mentioned above both come out of those issues, though.
I don't see a mention of which Windows version you are using, but if you have Windows 11 Pro or higher, there's a new, experimental WSL feature in the Preview release that allows you to create a bridged Hyper-V switch and tell WSL2 to use it. I don't know for sure that it would solve the VPN issue, but it's one of the next things (after the above) that I'd be trying. See this blog post for details.
If you do go this route, you'll probably need to install and run the VPN software inside WSL2 as well.