M HYPE SPLASH
// general

No internet connection Ubuntu-WSL while VPN

By Sarah Scott

I have a Ubuntu-20.04 Version 2 WSL running on my Windows 10 Laptop. Everything works fine, I have internet connection. But only as long as I am not connected to a VPN network.

If I connect to my the network of my university using Cisco AnyConnect, I can no longer connect to the internet on WSL, while everything works fine using e.g. firefox in the windows system. I get: ping: google.de: Temporary failure in name resolution

I already tried the following:

Open windows cmd in admin mode and type these commands:

netsh winsock reset
netsh int ip reset all
netsh winhttp reset proxy
ipconfig /flushdns
reboot

That worked once, I had access to the internet. But as soon as I disconnected the VPN connection and connected again, I had the same problem all over again. I tried to just execute the commands again and rebooted, but now thats not working anymore.

So I really do not know what else to do. I really need to use WSL while being connected via VPN

1

10 Answers

WSL2 - VPN Fix:

There is an issue with DNS Forwarding in WSL2 when using VPN (see github Issue). Plus there is a issue with the Cisco AnyConnect. So here is a workaround for these problems. Should work for Ubuntu and Debian.

Workaround

  1. Find out nameserver with windows powershell (during VPN Session)

    nslookup

    You'll get the IPv4 adress of your corporate nameserver Copy this address.

  2. Disable resolv.conf generation in wsl:

    sudo nano /etc/wsl.conf

    copy this text to the file (to disable resolve.conf generation, when wsl starts up)

    [network]
generateResolvConf = false

  3. In wsl Add your corporate nameserver to resolv.conf

    sudo nano /etc/resolv.conf

    Remove other entries and add your corporate nameserver IP (if you have a secondary nameserver, add it in a separate line)

    • nameserver X.X.X.X (where X.X.X.X is your address obtained in step 1)

  4. Set your VPN adapter (if you have Cisco AnyConnect) open a admin powershell

    • Find out your VPN adapter name: Get-NetIPInterface (in my case: "Cisco AnyConnect")
    • Set adapter metric (Replace -Match with your name), in my case I have to run this after ever reboot or VPN reconnect:
    Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

    (What is interface metric: Used to determine route, windows use interface with lowest metric)

  5. Restart wsl in powershell: wsl.exe --shutdown

  6. Test it in wsl run: wget google.com - if this command works, you are done.

In my case I get DNS issues when try to connect to internal stuff via browser (on Windows 10, f.e.: intranet), caused by the high metric value set in step 4 (basically kind of disabling VPN Route). So here is the workaround for the workaround:

  1. Check your default metric (of VPNs Interface) in powershell (replace -Match with your interface name)
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Get-NetIPInterface
  1. When running into problems on Windows 10 restore this default value with admin powershell (replace value at the end with your default value):
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 1
3

The easiest workaround (before either Microsoft or Cisco come up with a permanent fix) is to launch WSL before connecting to the VPN:

wsl --shutdown
# disconnect VPN
wsl
# connect VPN again

Works on Windows 10 with WSL2+Ubuntu 20.04 and Cisco AnyConnect.

1

This seems to be a bug in WSL 2, see .

The workaround offered here worked for me: Uninstall the Cisco AnyConnect client and install the version from the Microsoft Store.

1

I solved the problem.open Microsoft Store -> Search and Install Anyconnect -> the vpn connection now works with WSL2.

1

This might be obvious but I did not think of this. Another workaround is to install VPN in wsl if that is an option for the VPN you are using.

I was skeptical at first about hsq_roy's method, but since none of the workarounds worked for me I just did what hsq_roy was suggesting.

  1. I deleted my Cisco Anyconnect client
  2. I reinstalled it via Windows Store.
  3. I opened Anyconnect and clicked on manage VPN which forwarded me to the Windows System settings.
  4. I set up a new VPN connection within the Windows settings choosing Anyconnect instead of Windows (integrated).
  5. I started WSL and it connected to the internet while using a VPN in Windows. It works perfectly fine for me, with no issues whatsoever.
3

The answer from @kraego worked for me.

I was though unable to make out the adapter fromGet-NetIPInterface

but I used insteadGet-NetAdapter

And I verified it by looking at the results with and without the VPN connection active.

1

In my case, i set VPN network interface metric to 6000 and both vpn and internet within wsl is now working:Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

Cisco AnyConnect mentioned in command above is my VPN. yours could be different. along with the metric number.

and then used following to fix the DNS:
echo "nameserver 8.8.8.8" | tr -d '\r' | sudo tee /etc/resolv.conf
echo "nameserver 8.8.4.4" | tr -d '\r' | sudo tee /etc/resolv.conf

You can also put DNS fix into .bashrc

The problem is that the VPN Ethernet Adaptor's DNS server settings are not taken by the WSL. These steps worked for me to add these settings manually:

  1. cd ~/../../etc (go to etc folder in WSL).
  2. echo "[network]" | sudo tee wsl.conf (Create wsl.conf file and add the first line).
  3. echo "generateResolvConf = false" | sudo tee -a wsl.conf (Append wsl.conf the next line).
  4. wsl -l (Get the . Debian-XX or Ubuntu-XX (Default) etc.)
  5. wsl --terminate (Terminate WSL in Windows cmd, from the step 4).
  6. cd ~/../../etc (go to etc folder in WSL).
  7. sudo rm -Rf resolv.conf (Delete the resolv.conf file).
  8. In windows cmd, ps or terminal with the vpn connected do: Get-NetIPInterface or ipconfig /all for get the dns primary and secondary. Look for Ethernet adaptor with Description "Cisco AnyConnect...". From under it take values for DNS Servers. It has primary and secondary DNS server IPs.
  9. Use commands in next two steps by replacing X.X.X.X for values of Primary and Secondary DNS server IPs respectively
  10. echo "nameserver X.X.X.X" | sudo tee resolv.conf (Create resolv.conf and append the line.)
  11. echo "nameserver X.X.X.X" | sudo tee -a resolv.conf (Append the line in resolv.conf)
  12. wsl --terminate (Terminate WSL in Windows cmd, from the step 4).
  13. sudo chattr +i resolv.conf
  14. And finally in windows cmd, ps or terminal: Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

Credit: @MartinCaccia, @yukosgiti, @machuu and @AlbesK:

Original resoltuion:

  1. Create a file: /etc/wsl.conf.
  2. Put the following lines in the file in order to ensure the your DNS changes do not get blown away

[network] generateResolvConf = false

  1. In a cmd window, run wsl --shutdown
  2. Restart WSL2
  3. Create a file: /etc/resolv.conf. If it exists, replace existing one with this new file.
  4. Put the following line in the file

nameserver 8.8.8.8 # Or use your DNS server instead of 8.8.8.8 which is a Google DNS server

  1. Repeat step 3 and 4. You will see git working fine now.

Credit: Sign up for free

Steps are also documented here:

I have forked and updated the steps by to make them easier.

4
  1. uninstall anyconnect
  2. download and reinstall anyconnect from Windows Store

This worked for me

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in general

Fortnite Screen Won't Resize PC

'Doctor Sleep' and the Problem of the Impossible Sequel