New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sudo apt-get update not work #979

Closed
Cheshkin opened this Issue Aug 24, 2016 · 20 comments

Comments

Projects
None yet
10 participants
@Cheshkin

Cheshkin commented Aug 24, 2016

cheshkin@DESKTOP-ICS68DB:~$ sudo apt-get update [sudo] password for cheshkin: Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB] Get:2 http://security.ubuntu.com trusty-security/main amd64 Packages [517 kB] Get:3 http://security.ubuntu.com trusty-security/restricted amd64 Packages [13.0 kB] Get:4 http://security.ubuntu.com trusty-security/universe amd64 Packages [133 kB] Get:5 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [4,990 B] Get:6 http://security.ubuntu.com trusty-security/main Translation-en [284 kB] Get:7 http://security.ubuntu.com trusty-security/multiverse Translation-en [2,570 B] Get:8 http://security.ubuntu.com trusty-security/restricted Translation-en [3,206 B] Get:9 http://security.ubuntu.com trusty-security/universe Translation-en [78.7 kB] Ign http://archive.ubuntu.com trusty InRelease Ign http://archive.ubuntu.com trusty-updates InRelease Err http://archive.ubuntu.com trusty Release.gpg Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1560:8001::14). - connect (113: No route to host) [IP: 2001:67c:1560:8001::14 80] 100% [Connecting to archive.ubuntu.com (91.189.88.152)]

@aseering

This comment has been minimized.

Show comment
Hide comment
@aseering

aseering Aug 24, 2016

Contributor

Thanks @Cheshkin for posting! Do other network commands also fail for you, or just apt-get?

Contributor

aseering commented Aug 24, 2016

Thanks @Cheshkin for posting! Do other network commands also fail for you, or just apt-get?

@arundasan91

This comment has been minimized.

Show comment
Hide comment
@arundasan91

arundasan91 Aug 24, 2016

@Cheshkin , If you are using AVAST or similar antivirus, try turning off the Firewall of it. I faced similar issues with apt-get update.
Thanks.

arundasan91 commented Aug 24, 2016

@Cheshkin , If you are using AVAST or similar antivirus, try turning off the Firewall of it. I faced similar issues with apt-get update.
Thanks.

@arundasan91

This comment has been minimized.

Show comment
Hide comment
@arundasan91

arundasan91 Aug 24, 2016

@Cheshkin , also, please try running Bash as Administrator.

right click -> More -> Run as administrator.

arundasan91 commented Aug 24, 2016

@Cheshkin , also, please try running Bash as Administrator.

right click -> More -> Run as administrator.

@Cheshkin

This comment has been minimized.

Show comment
Hide comment
@Cheshkin

Cheshkin Aug 25, 2016

@aseering had tried. ping also does not go.
@arundasan91 Run as administrator. Same. Does not work. I do not think that this antivirus is guilty.

Cheshkin commented Aug 25, 2016

@aseering had tried. ping also does not go.
@arundasan91 Run as administrator. Same. Does not work. I do not think that this antivirus is guilty.

@arundasan91

This comment has been minimized.

Show comment
Hide comment
@arundasan91

arundasan91 Aug 25, 2016

@Cheshkin , I thought the same with AVAST. What antivirus are you using? I can try installing it just to verify if you like.

arundasan91 commented Aug 25, 2016

@Cheshkin , I thought the same with AVAST. What antivirus are you using? I can try installing it just to verify if you like.

@Cheshkin

This comment has been minimized.

Show comment
Hide comment
@Cheshkin

Cheshkin Aug 25, 2016

@arundasan91 symantec endpoint protection x64

Cheshkin commented Aug 25, 2016

@arundasan91 symantec endpoint protection x64

@rodrymbo

This comment has been minimized.

Show comment
Hide comment
@rodrymbo

rodrymbo Aug 25, 2016

For completeness, if the AV is confirmed to not be the cause, one might want to confirm that the firewall in use in Windows allows the WSL environment to communicate outbound on the network. It is a bit different from other Windows apps, so there's a chance it could be blocked. But the AV itself could be interfering so who knows.

To do a lot of normal network tests one might have to either elevate Bash.exe or use sudo within Bash.exe; but normal activity doesn't need that. For example, ping or traceroute might not work without elevation (until they get fixed), but dig or wget or apt-get should work without elevation as long as Windows programs (in general) are allowed to work that way.

rodrymbo commented Aug 25, 2016

For completeness, if the AV is confirmed to not be the cause, one might want to confirm that the firewall in use in Windows allows the WSL environment to communicate outbound on the network. It is a bit different from other Windows apps, so there's a chance it could be blocked. But the AV itself could be interfering so who knows.

To do a lot of normal network tests one might have to either elevate Bash.exe or use sudo within Bash.exe; but normal activity doesn't need that. For example, ping or traceroute might not work without elevation (until they get fixed), but dig or wget or apt-get should work without elevation as long as Windows programs (in general) are allowed to work that way.

@Cheshkin

This comment has been minimized.

Show comment
Hide comment
@Cheshkin

Cheshkin Aug 25, 2016

@rodrymbo
thank you all. Turned off the firewall, antivirus and the update went.

Cheshkin commented Aug 25, 2016

@rodrymbo
thank you all. Turned off the firewall, antivirus and the update went.

@Cheshkin

This comment has been minimized.

Show comment
Hide comment
@Cheshkin

Cheshkin Aug 25, 2016

Unpacking libudev1:amd64 (204-5ubuntu20.19) over (204-5ubuntu20.18) ...
Preparing to unpack .../bash-completion_1%3a2.1-4ubuntu0.2_all.deb ...
Unpacking bash-completion (1:2.1-4ubuntu0.2) over (1:2.1-4ubuntu0.1) ..
```.

Cheshkin commented Aug 25, 2016

Unpacking libudev1:amd64 (204-5ubuntu20.19) over (204-5ubuntu20.18) ...
Preparing to unpack .../bash-completion_1%3a2.1-4ubuntu0.2_all.deb ...
Unpacking bash-completion (1:2.1-4ubuntu0.2) over (1:2.1-4ubuntu0.1) ..
```.
@rodrymbo

This comment has been minimized.

Show comment
Hide comment
@rodrymbo

rodrymbo Aug 25, 2016

@Cheshkin - Excellent.

It is another workaround. Something to let us get work done.

You might want to be helpful to others by listing the specific firewall/AV you had to turn off, so if they search here they can find a reference. If you have time, it might be helpful as well to see if you can isolate it to one or the other, if it is not both. But just leaving keywords here can be helpful. Maybe even change the title, since the issue seems to be about WSL networking being incompatible with something (AV/firewall), not apt-get failing.

rodrymbo commented Aug 25, 2016

@Cheshkin - Excellent.

It is another workaround. Something to let us get work done.

You might want to be helpful to others by listing the specific firewall/AV you had to turn off, so if they search here they can find a reference. If you have time, it might be helpful as well to see if you can isolate it to one or the other, if it is not both. But just leaving keywords here can be helpful. Maybe even change the title, since the issue seems to be about WSL networking being incompatible with something (AV/firewall), not apt-get failing.

@Cheshkin

This comment has been minimized.

Show comment
Hide comment
@Cheshkin

Cheshkin Aug 26, 2016

@rodrymbo
Symantec endpoint protection - Change parameters - Network threat protection - Firewall - Disable
The question is how to add an exception to it.

Cheshkin commented Aug 26, 2016

@rodrymbo
Symantec endpoint protection - Change parameters - Network threat protection - Firewall - Disable
The question is how to add an exception to it.

@arundasan91

This comment has been minimized.

Show comment
Hide comment
@arundasan91

arundasan91 Aug 26, 2016

@Cheshkin , Good Job.

I tried to add an exception to Bash.exe in AVAST. But while browsing to Windows/System32, (through AVAST) I wasn't able to find Bash.exe listed in it. Bash.exe can be found by browsing through the normal File Explorer, not through AVAST.

In AVAST, firewall exclusions can be given by adding new application rule:

Tools -> Firewall -> Application Rules (bottom)

As I mentioned, I was unable to find Bash.exe and thus adding an exclusion didn't work out.

I found this while searching for Symantec firewall exception. Please check it out.

Thanks,
Arun

arundasan91 commented Aug 26, 2016

@Cheshkin , Good Job.

I tried to add an exception to Bash.exe in AVAST. But while browsing to Windows/System32, (through AVAST) I wasn't able to find Bash.exe listed in it. Bash.exe can be found by browsing through the normal File Explorer, not through AVAST.

In AVAST, firewall exclusions can be given by adding new application rule:

Tools -> Firewall -> Application Rules (bottom)

As I mentioned, I was unable to find Bash.exe and thus adding an exclusion didn't work out.

I found this while searching for Symantec firewall exception. Please check it out.

Thanks,
Arun

@rodrymbo

This comment has been minimized.

Show comment
Hide comment
@rodrymbo

rodrymbo Aug 26, 2016

In my experience, the main reason you can't find Bash.exe is because you are using a 32-bit Explorer, which transparently (or perhaps blindly) redirects you to SysWOW64, where there is no Bash.exe. There are probably other situations that can cause Bash.exe to appear not present. (You can experiment by copying or perhaps windows-hard-linking Bash.exe to some other folder where Explorer doesn't play games with it. As far as I can tell, Bash.exe can be started by a 32-bit process without apparent problems.)

The other problem is that WSL doesn't run from Bash.exe. Bash.exe only initializes it. There's a service (lxssmanager) and other technologies. It looks like it happens at a much different level than your standard windows firewall could have imagined six months ago.

I've been just using the standard Windows firewall, which allows most all outbound connections by default. I opened an inbound port (not tied to any application, and not the standard port 22) for sshd and that seems to work.

Until the Dev folks come up with some guidance, I'm not sure what else we can do. I doubt the other firewall makers want to try to reverse engineer something that is still changing so quickly.

rodrymbo commented Aug 26, 2016

In my experience, the main reason you can't find Bash.exe is because you are using a 32-bit Explorer, which transparently (or perhaps blindly) redirects you to SysWOW64, where there is no Bash.exe. There are probably other situations that can cause Bash.exe to appear not present. (You can experiment by copying or perhaps windows-hard-linking Bash.exe to some other folder where Explorer doesn't play games with it. As far as I can tell, Bash.exe can be started by a 32-bit process without apparent problems.)

The other problem is that WSL doesn't run from Bash.exe. Bash.exe only initializes it. There's a service (lxssmanager) and other technologies. It looks like it happens at a much different level than your standard windows firewall could have imagined six months ago.

I've been just using the standard Windows firewall, which allows most all outbound connections by default. I opened an inbound port (not tied to any application, and not the standard port 22) for sshd and that seems to work.

Until the Dev folks come up with some guidance, I'm not sure what else we can do. I doubt the other firewall makers want to try to reverse engineer something that is still changing so quickly.

@arundasan91

This comment has been minimized.

Show comment
Hide comment
@arundasan91

arundasan91 Aug 26, 2016

@rodrymbo , That's new info for me. Thanks !

arundasan91 commented Aug 26, 2016

@rodrymbo , That's new info for me. Thanks !

@jschraub

This comment has been minimized.

Show comment
Hide comment
@jschraub

jschraub Dec 6, 2016

Has there been any movement/information on this topic? I am running Symantec for work and would really like to figure out how to add Bash for Windows as an exception to its rules.

jschraub commented Dec 6, 2016

Has there been any movement/information on this topic? I am running Symantec for work and would really like to figure out how to add Bash for Windows as an exception to its rules.

@aseering

This comment has been minimized.

Show comment
Hide comment
@aseering

aseering Dec 6, 2016

Contributor

If you're having trouble due to your firewall, I'd suggest following issue #475 . Basically, at this point, your firewall vendor (Symantec in your case) has to release an update to support WSL.

Contributor

aseering commented Dec 6, 2016

If you're having trouble due to your firewall, I'd suggest following issue #475 . Basically, at this point, your firewall vendor (Symantec in your case) has to release an update to support WSL.

@benhillis benhillis closed this Aug 11, 2017

@kenden

This comment has been minimized.

Show comment
Hide comment
@kenden

kenden Apr 17, 2018

If you are behind a proxy, you need to add configuration to apt-get for it to work.
See https://askubuntu.com/questions/164169/unable-to-connect-error-with-apt-get

kenden commented Apr 17, 2018

If you are behind a proxy, you need to add configuration to apt-get for it to work.
See https://askubuntu.com/questions/164169/unable-to-connect-error-with-apt-get

@jszoja

This comment has been minimized.

Show comment
Hide comment
@jszoja

jszoja Apr 30, 2018

I resolved it in AVG advance firewall settings:
image

jszoja commented Apr 30, 2018

I resolved it in AVG advance firewall settings:
image

@DarthSpock

This comment has been minimized.

Show comment
Hide comment
@DarthSpock

DarthSpock Apr 30, 2018

Great to see they have that option but that's not exactly the most secure thing to do either. They should be doing what Defender does in Skip-Ahead: per-process control the same way Windows processes are controlled. Odd Avast got their AVG working but not Avast proper? FWIW I did file an issue on the Avast forums for implementation awhile back but has been left alone by the Avast devs.

DarthSpock commented Apr 30, 2018

Great to see they have that option but that's not exactly the most secure thing to do either. They should be doing what Defender does in Skip-Ahead: per-process control the same way Windows processes are controlled. Odd Avast got their AVG working but not Avast proper? FWIW I did file an issue on the Avast forums for implementation awhile back but has been left alone by the Avast devs.

@Biswa96

This comment has been minimized.

Show comment
Hide comment
@Biswa96

Biswa96 Apr 30, 2018

I am wondering how AVG blocks all the WSL binaries. Can one block all ELF binaries with one Firewall rule?

Biswa96 commented Apr 30, 2018

I am wondering how AVG blocks all the WSL binaries. Can one block all ELF binaries with one Firewall rule?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment