Ubuntu WSL 2 – Fix No Network Connectivity Behind VPN

networkingUbuntuvpnwindows-10-v1909windows-subsystem-for-linux

Premise: I'm trying to run Ubuntu as a Windows 10 app using WSL.

TL;DR problem: When Ubuntu uses WSL 2, network connectivity "disappears" when using company VPN.

Trying to get Ubuntu 18.04 (downloaded from the Microsoft Store) running on a Windows 10 work laptop (IT doesn't support Linux – I'm on my own) using WSL 2. When the corporate VPN is turned off, I seem to have network connectivity; when I'm connected to the VPN, suddenly I can't connect (ping, etc.) to anything.

There's probably a cascade of problems to deal with, so I'll try to limit the scope of this question: why does Ubuntu report a wifi0 NIC when it's using WSL 1 but not when using WSL 2 (and does that matter)?

Why can't I connect to anywhere only when using WSL 2 and VPN is enabled? Is the fix just a matter of adding the right nameserver to /etc/resolv.conf? If so, what's a valid value? I've already tried 8.8.8.8 and 8.8.4.4.

Ubuntu 18.04 WSL 1:

$ ifconfig wifi0
wifi0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.96  netmask 255.255.255.0  broadcast 10.0.0.255
$ ifconfig eth0
eth0: flags=64<RUNNING>  mtu 1500
        inet 169.254.91.163  netmask 255.255.0.0

$ ping www.google.com # No VPN
PING forcesafesearch.google.com (216.239.38.120) 56(84) bytes of data.
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=1 ttl=119 time=19.8 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=2 ttl=119 time=22.0 ms

$ ping www.google.com # VPN active
PING forcesafesearch.google.com (216.239.38.120) 56(84) bytes of data.
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=1 ttl=119 time=19.8 ms
64 bytes from any-in-2678.1e100.net (216.239.38.120): icmp_seq=2 ttl=119 time=22.0 ms

Ubuntu 18.04 WSL 2:

$ ifconfig wifi0
wifi0: error fetching interface information: Device not found
$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.34.56  netmask 255.255.255.240  broadcast 192.168.34.63

$ ping www.google.com # No VPN
PING www.google.com (142.250.68.100) 56(84) bytes of data.
64 bytes from lax31s12-in-f4.1e100.net (142.250.68.100): icmp_seq=1 ttl=118 time=27.7 ms
64 bytes from lax31s12-in-f4.1e100.net (142.250.68.100): icmp_seq=2 ttl=118 time=19.6 ms

$ ping www.google.com # VPN active -- Both the generated and hand-edited /etc/resolv.conf failed
^C

Best Answer

I had similar issues with Cisco AnyConnect. I think WSL1 does it's networking through Windows (via Hyper-V?) and WSL2 is effectively a Linux Kernel running virtualised alongside Windows.

My fix was

  1. In Windows ipconfig /all get the DNS values for the VPN adaptor
  2. In WSL sudo vi /etc/resolv.conf and add the DNS values as lines nameserver <DNS IP>

You can optionally add the block below to /etc/wsl.conf to stop resolv.conf being "refreshed" (wiped) on restart. But you need to remember it's not being automatically updated in future.

   [network]  
   generateResolvConf = false

As for why you had no network connection when VPN was connected, I think it was trying to connect to the "off VPN" DNS which your VPN was blocking. There seem to be some GitHub issues around WSL2 and VPNs so I'd expect a fix to come out at some point.