No internet connection Ubuntu-WSL while VPN

I have a Ubuntu-20.04 Version 2 WSL running on my Windows 10 Laptop. Everything works fine, I have internet connection. But only as long as I am not connected to a VPN network.

If I connect to my the network of my university using Cisco AnyConnect, I can no longer connect to the internet on WSL, while everything works fine using e.g. firefox in the windows system. I get: ping: google.de: Temporary failure in name resolution

I already tried the following:

Open windows cmd in admin mode and type these commands:

netsh winsock reset
netsh int ip reset all
netsh winhttp reset proxy
ipconfig /flushdns
reboot

That worked once, I had access to the internet. But as soon as I disconnected the VPN connection and connected again, I had the same problem all over again. I tried to just execute the commands again and rebooted, but now thats not working anymore.

So I really do not know what else to do. I really need to use WSL while being connected via VPN

Asked By: Hball99
||

Answer #1:

This seems to be a bug in WSL 2, see https://github.com/microsoft/WSL/issues/4277.

The workaround offered here worked for me: Uninstall the Cisco AnyConnect client and install the version from the Microsoft Store.

Answered By: Tobias

Answer #2:

WSL2 - VPN Fix:

There is an issue with DNS Forwarding in WSL2 when using VPN (see github Issue). So here is a workaround for this problem. Should work for Ubuntu and Debian.

Workaround

  1. Find out nameserver with windows powershell (during VPN Session)

    nslookup
    

    You'll get the IPv4 adress of your corporate nameserver Copy this address.

  2. Disable resolv.conf generation in wsl:

    sudo nano /etc/wsl.conf
    

    copy this text to the file (to disable resolve.conf generation, when wsl starts up)

    [network]                                                                        
    generateResolvConf = false
    
  3. In wsl Add your corporate nameserver to resolv.conf

    sudo nano /etc/resolv.conf
    

    Remove other entries and add your corporate nameserver IP (if you have a secondary nameserver, add it in a separate line)

    • nameserver X.X.X.X (where X.X.X.X is your address obtained in step 1)
  4. Set your VPN adapter open a admin powershell

    • Find out your VPN adapter name: Get-NetIPInterface (in my case: "Cisco AnyConnect")
    • Set adapter metric (Replace -Match with your name), in my case i have to run this after ever reboot or VPN reconnect:
    Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
    
  5. Restart wsl in powershell: wsl.exe --shutdown

  6. Test it in wsl run: wget google.com - if this command works, you are done.

In my case I sometimes get DNS issues when try to connect to internal stuff via browser (on Windows 10), caused by the high metric value set in step 4. So here is the workaround for the workaround:

  1. Check your default metric (of VPNs Interface) in powershell (replace -Match with your interface name)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Get-NetIPInterface
  1. When running into problems on Windows 10 restore this default value with admin powershell (replace value at the end with your default value):
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 1
Answered By: kraego
The answers/resolutions are collected from stackoverflow, are licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0 .



# More Articles