-
Notifications
You must be signed in to change notification settings - Fork 823
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No internet connectivity from WSL2/Ubuntu #4926
Comments
I have the same problem, however I get this output from
$ ip route (wsl bash)
|
A colleague helpfully pointed out that Symantec Endpoint Protection includes a firewall that blocks the requests from the WSL2 context. (Incidentally, Symantec EP is according to themselves "not supported" for workloads that include running VM's in Hyper-V.) As for the NAT rules -- with the firewall temporarily disabled I can do a request to the internet, but |
@rm-bergmann Those NAT rules you're seeing could be related to other virtual switches. You should be able to find out using |
@j0057 Thank you, you have helped me solve my problem that I have been debugging for over 3 months! Those NAT rules that I had there (probably from previous VM's) were conflicting with WSL2, so I removed them with |
I ran into this for much of today on 10.0.19546. I have no NetNATs, have Windows AV, and disabled the firewall for testing. WSL1 works fine, WSL2 does not. From inside WSL2 I could ping my host interfaces and DNS worked fine, but nothing routed. I experimented with removing options, explicitly setting interface metrics, uninstalling and reinstalling docker, reboots, but nothing worked. I eventually found this partial workaround:
And it finally had internet. It goes back to defaults on wsl2 shutdown, of course. This also doesn't handle moving from wired to wireless. Something is definitely broken in the Hyper-V NAT / Routing pieces for vEthernet (WSL), but I couldn't figure it out. |
@natronkeltner Small data point: when I navigate to the |
So I went through this entire thread as well as #4731 with no solution to my problem, which is slightly different: I am able to ping internet resources, such as I went so far as to uninstall
So I thought, what else is a lightweight utility VM? Windows Sandbox! So I opened that and in there I can ping, but not browse (with edge) as well... However with |
I eventually found the underlying problem I had which caused my networking to break in WSL2. My previous fix (hack) to set up a network bridge didn't fix my underlying problem. I found that I had some NAT adapters from previous VM's that were set up in Hyper-V. Removing them fixed all my network issues. In powershell I ran the cmd |
Yeah, I tried that - I had no `NetNat` objects listed.
I should add that I'm on the latest insider build and have the Docker WSL engine installed, but I disabled that as part of hunting down this issue.
~Sidney Borne
|
I finally found the underlying problem! I installed Wireshark and attached to the WSL vSwitch to see if I could diagnose the problem there and... Turns out all the Ping replies were coming from the same MAC address - and that MAC belonged to an OpenVPN TAP NIC on my host. I uninstalled the NIC and It looks like WSL2 connects to the "best looking" NIC on the host, even if that NIC isn't network-connected. They should add a wsl.conf setting to control what NIC WSL2 gets attached to. Edit: for you poor souls finding this in 2021, disabling the NIC works as well as uninstall it! |
They should add a wsl.conf setting to control what NIC WSL2 gets attached to... and do that for each WSL2 distro, and allow not to use bridge, and... it is still going to worldwide distribution "as is" apparently as W10 2004. I had high hopes for WSL2, but as it stands now, I'm better off keep having few Linux VMs on my local Hyper-V. At least I know which VM is tied to which adapter, which VLAN, which subnet, and which (static!) IP. |
It took forever to figure this out so I'll document it here in case someone comes along and finds this. I used Microsoft Message Analyzer with the Hyper-V-VmSwitch and NDIS-PacketCapture providers, which will show exactly how the internal switches are routing packets. This allowed me to see the outbound TCP packets, the inbound TCP responses, and that they were being filtered at the switch level due to a VLAN tag.
My network port was slightly misconfigured and VLAN tagged packets were being sent to my system, but I had never noticed before because nothing connected to this switch port had ever cared before. Windows didn't care (and didn't show me, either, when using Wireshark/npcap). WSL1 also didn't care that inbound packets were tagged. WSL2, however, uses hyper-v switches, which do care about VLAN tags and silently drop packets that are tagged. Fixing my network port to strip packets of VLAN tags fixed my issue and the hyper-v switches now work fine. |
In my environment, I disabled everything in the BIOS except for the interface connected to the internet. |
my issue was wit AVG Internet security enhanced firewall |
Had the same issue here, there was a TAP NIC left from some old OpenVPN installation. Working as expected now 🚀 |
Your only options is to downgrade to wsl1 and wait for Symantec to release an update
Or ask your org it team for the setting to be changed temporarily
Anthony Somerset
Please excuse the brevity or any typos, tapped out from my iPhone
|
Hi, I solved this issue -- being able to ping addresses but not 'communicate' directly with them (in particular, github.com). I have avast firewall turned on. The adapter description was Hyper-V Virtual Ethernet Adapter #3.
I haven't done too much more at this point than verify that I can curl google, and git pull without issue within Ubuntu on WSL2. I'm on build 19041.330 |
For me, the "resolution" ended up being to restart my PC 🤦 .. |
Having the same issue, installed brand new ubuntu 20.04 with WSL 2 but cannot ping 8.8.8.8 nor any IP out in the internet from ubuntu |
@Karlheinzniebuhr make sure you didn't hit this bug #5437 |
Fixed by applying this #5336 (comment) ============================================================================= Windows Search > Network Reset Restart Windows |
Thank you for the tip. I followed these steps, but unfortunately I completely lost my internet connection even for windows... ipconfig /all shows media disconnected, and I tried methods that I found on line, but no one worked... Any clue? |
Do you need to set up a static IP with a specific gateway? I suspect your
lan has no DHCP server and you might need to setup your previous
configuration
|
Thanks for the quick reply. No, the previous setting was automatic. I don't need to set anything in principle... One of the steps I followed was to |
Issue solved: it turns out that somehow the wlan autoconfig service was not automatically started. It was fixed by |
I can confirm this helped me get around SEP (14.2.RU2 MP1 build 5569 - 14.2.5569.2100) issues. The configuration for my version of SEP also had 'allow IP traffic' on unmatched IP traffic settings but the logs were still showing it blocking wsl outbound connections. |
By adding a firewall rule on the WSL network adapter. Not the application settings, but configure firewall rules. |
Can anyone tall me what exact steps should be performed to allow WSL2 traffic from WSL2 Ubuntu to Internet trough primary host Win10 workstation? PS I have Symantec Endpoint Protection Version 14. Despite that I can successfully ping some resources PPS if I disable Symantec I have all the connectivity in Ubuntu and all works fine (docker connections. updates etc). But it's managed by my organization and it's automatically enabled after several minutes |
Thanks @anthonysomerset , I could also ping google.com but apt update or git clone fails :( I don't know if this option is completely safe or not, will try to find out more. |
I got the network working in Ubuntu 20.04 WSL2 after I unchecked IPv6 from my WLAN and VPN properties and made few changes to For the
These steps worked for me and I hope it helps others as well. Now I have network connection in Ubuntu everytime I launch it. |
Hi,我也遇到了这个问题,我是在更新了windows 6月份的补丁之后发现的这个问题,我参考这篇文章:ipconfig shows only "Windows IP Configuration" after upgrade to Win10 |
I had a similar issue - to narrow down the problem, I avoided DNS and worked with IPs - so it was a routing / nat related issue (and because I couldn't reach my windows local network from the virtual network, DNS fails, but it's not the root cause). Problem description: My Windows host is on network a.0.0.0/24 with a default gateway of a.0.0.1. from windows. I can ping from Windows to default gateway, or out onto the network (e.g. 8.8.8.8). I had full network functionality in WSL1 (Ubuntu 20). After WSL2 upgrade, networking was lost. From Ubuntu, was not able to ping a.0.0.1, my local network gateway (and therefore any external IP like 8.8.8.8). Resolution:
Reboot. After that, ping to local gateway confirmed, plus ping to external IP was possible, but DNS was not working. In Ubuntu, /etc/resolv.conf was autogenerated with a virtual network address (172.31 - the same as the WSL gateway, i.e. virtual network adapter on the Windows host). Am guessing that the DNS proxy or forwarding there was not working - I didn't resolve this by getting this dns forward / masq or whatever it is to work, but used the
1 other item worth noting, not sure if it impacted this, was that I was upgrading to WSL2 in order to get docker working in Linux. Not sure if the docker networking affected this in any way, I didn't verify networking after WSL2 before Docker installation. HTH, happy networking. |
p.s. if anyone has a solution to get the generated resolv.conf working, would be great to use this so I don't have to maintain this myself - didn't see a fix or root cause on this.
The virtual interface does respond to icmp, just no functioning resolution from it. |
Nothing works for me, I have looked at the other threads too. I am using win 10.0.19043.1081. |
Crazy idea, and it actually worked... Why not just run VPN on the VM itself?
|
Hi |
I think what helped for me was:
This is provided you have WSL 2 integration enabled in docker (WSL 1 does not work for me), and ip traffic is allowed in Symantec Endpoint Protection. No editing of /etc/resolv.conf or /etc/wsl.conf was necessary |
I think I have a similar problem: the symptom is exactly the same (DNS works but ping does not), and my physical network interface is on a VLAN. with Wireshark, when observing the vEthernet interface corresponding to the Hyper-V WSL switch, I see both the ping request and the answer. However I do not know if there is a way to make the WSL Hyper-V switch to ignore or remove the VLAN tags of incoming packets. Doas anyone know if there is a way to do this? |
This worked like a charm for me in W11 and WSL2 |
For those using Symantec Endpoint Protection, I shared a workaround at MicrosoftDocs/WSL#1046 (comment). Perhaps it could be useful for other firewalls as well. |
For anyone still struggling I have found that allowing incoming traffic on the public profile in the firewall instantly makes DNS resolution work in WSL without having to make any changes to /etc/resolv.conf or having to create /etc/wsl.conf file. Windows Defender Firewall with Advanced Security -> Windows Defender Firewall Properties -> Public Profile -> Inbound Connections set to Allow. My company uses Firewall to block certain ports which causes this issue. When I set this to allow all inbound connections DNS resolution inside WSL starts working instantly. |
IT WORKED, without even a reboot. |
works for dns and http[s], but not for ssh from wsl2 to external network |
|
Nothing works for me, so I gave my windows user Administrative access and reinstall the WSL and then It works like a charm |
Fixed it for me. Anyone create a rule to not have to allow all incoming traffic? |
Thank you! Remove-NetNat worked for me! This has been bugging me for three days! |
hello, i found a solution. dorssel/usbipd-win#714 |
I am facing this problem in company computer which is Symantec Endpoint Protection. It is no way to enable to configure SEP to enable WSL 2 to access Internet. Since WSL 1 is working fine with SEP. As Microsoft allow both WSL 1 and WSL 2 running at the same time. I just install a squid proxy at WSL 1. Configurate the WSL2 Ubuntu to use WSL1 as HTTP / HTTPS Proxy. It is working fine. But you have to manually configure for each application. |
Your Windows build number: 10.0.19041.84
What you're doing and what's happening:
I'm getting timeouts when trying to connect to internet from a WSL2 instance. DNS works, and the WSL2 instance can see/ping the host without problem.
Based on what I know about Hyper-V networking, my Internal switch may or may not route packets from the VM to the internet, but in order for packets to be routed back, the traffic from the WSL2 VM will need to be NAT'ed.
On the host, in Powershell,
Get-NetNat
returns no results:When trying to set up a new NAT rule, I get a seemingly unrelated error:
The text was updated successfully, but these errors were encountered: