Created
February 3, 2022 20:34
-
-
Save brunoalr/6d605d1e9392d7c7d2b2eb434dbf87b6 to your computer and use it in GitHub Desktop.
WSL2 + vpn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From: https://github.com/microsoft/WSL/issues/5068#issuecomment-970049434 | |
https://github.com/sakai135/wsl-vpnkit with Pulse Secure Desktop Client | |
I had used this successfully but my company was skeptical with using a public GitHub repo solution and recommended not having it. | |
In my context of using Pulse Secure VPN, I fixed this by both changing /etc/resolv.conf as well as adjusting the networks MTU value to match the VPN's. Here's how: | |
From WSL, edit /etc/wsl.conf (if not present, create it with touch /etc/wsl.conf): | |
[network] | |
generateResolvConf = false | |
Exit WSL | |
From CMD, run wsl --shutdown (maybe even restart your computer to be safe) | |
From CMD, run ipconfig /all | |
Locate the VPN entry (in Pulse Secure VPN's case, it's Description is "Juniper Networks Virtual Adapter") | |
Take note of it's entry header (for this example, it is "Ethernet adapter Ethernet 3") | |
Take note of the Connection-specific DNS Suffix (for this example, it is "my.corp.vpn") | |
Take note of the DNS Servers values (for this example, they are 12.3.456.789 and 98.7.654.321) | |
From WSL, run: sudo rm -f /etc/resolv.conf && sudo touch /etc/resolv.conf | |
From WSL, edit /etc/resolv.conf with the values we recorded: | |
search my.corp.vpn | |
nameserver 12.3.456.789 | |
nameserver 98.7.654.321 | |
nameserver 8.8.8.8 | |
nameserver 4.4.4.4 | |
From CMD, run netsh interface ipv4 show subinterface | |
Locate the Interface who matches the entry header value we recorded (in this example, "Ethernet 3") | |
Record it's MTU value (in this example, it's 1400) | |
From WSL, run sudo ip link set eth0 mtu 1400 | |
Halp, the resolv.conf file keeps getting regenerated! | |
I've read that Windows will be fixing WSL to properly respect /etc/wsl.conf but in the meantime, you can fix this by first updating the /etc/resolv.conf to what it should be then running: sudo chatt +i /etc/resolv.conf. This will make the file immutable and thus will not change again. To later change it if needed, run sudo chatt -i /etc/resolv.conf to make it mutable again. | |
So why does the MTU matter? | |
Based on my limited knowledge of how MTU works, if the VPN has a lower value than what the default Windows and WSL MTU is set to, the WSL connection is basically trying to push too much data through the pipe at a time. This causes connections to deny the data and request it be further fragmented to fit the pipe. Setting the MTU to match what the VPN expects allows the data to properly fit through the pipe thus restoring connection. Ref: https://www.sonicwall.com/support/knowledge-base/set-mtu-in-vpn-environment-in-case-of-throughput-issues/170705131319789/ | |
Thanks for sharing the steps @ValorMorgan. The Connection-specific DNS Suffix mentioned in Step. 6 is not available. Can you suggest what should be used in its place? | |
VPN | |
Uses AlgoVPN on an AWS server. | |
Device Info: | |
Windows | |
Device name DESKTOP-B3CS5F7 | |
Processor Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz 1.19 GHz | |
System type 64-bit operating system, x64-based processor | |
Pen and touch No pen or touch input is available for this display | |
Edition Windows 10 Home Single Language | |
Version 21H1 | |
OS build 19043.1348 | |
Experience Windows Feature Experience Pack 120.2212.3920.0 | |
WSL2 | |
Ubuntu 18.04.6 LTS | |
Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment