IP protocol traffic not registering on WSL2 network interface

[meister245]

Windows Build Number

Microsoft Windows [Version 10.0.18363.1440]

WSL Version

• WSL 2
• WSL 1

Kernel Version

5.4.72-microsoft-standard-WSL2

Distro Version

Ubuntu 20.04

Other Software

Wireshark 3.4.4

Repro Steps

This issue is happening on my work machine, running Win10. (1909 edition, build 18363.1440)
Multiple people in our organization are reporting similar problems with their Win10 WSL2 setup.

Made a clean install of Ubuntu for the test, no custom modifications.

PS C:\Users\myuser> wsl.exe --list -v
  NAME      STATE           VERSION
* Ubuntu    Running         2

1. Open Wireshark and capture traffic on vEthernet (WSL) and Wi-fi (internet) network interfaces.

Name	InterfaceDescription	ifIndex	Status	LinkSpeed
vEthernet (WSL)	Hyper-V Virtual Ethernet Adapter	18	Up	10 Gbps
Wi-Fi	Intel(R) Dual Band Wireless-AC 8265	7	Up	144.4 Mbps

2. Open WSL2 terminal and generate some network traffic

• ping 1.1.1.1
• host yahoo.com 8.8.8.8
• echo "test DNS packet" > /dev/udp/192.168.2.11/53
• echo "test NTP packet" > /dev/udp/192.168.2.11/123
• echo "test TCP traffic" > /dev/tcp/192.168.2.11/1234

Expected Behavior

Traffic should be generated from WSL2 interface and Wireshark should be able to capture it on both vEthernet (WSL) and Wi-fi (internet) interfaces.

I am attaching test results from an other Win10 machine, where WSL2 is working correctly and I executed the above commands in WSL2 terminal. this other machine is running Windows version 10.0.19041.928 using the same Linux distro.

Actual Behavior

WSL2 is not sending TCP/UDP packets from it's own interface, which renders WSL2 unusable for development.
Only ICMP traffic is getting registered on the interface.

See screenshot below (masked sensitive data)

Same result happening with or without VPN connection.

Example command failing because of this in WSL2 terminal:

$ sudo apt-get update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu focal-security InRelease
  Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'

There is some idle traffic happening on vEthernet (WSL) interface, but I believe this is not coming from WSL2. It could be coming from Windows Store apps? (Spotify)

Diagnostic Logs

No response

[meister245]

Similar issue reported on Version 10.0.18363.1139

#6427

[meister245]

Was able to locate the root cause of the issue,
On the work machine, Symantec Endpoint Protection is installed, which is actively blocking all traffic from WSL2.

[denniswed]

I know this is closed, but how did you make SEP NOT block all traffic? We are running into the same issue and it has to do with the way the NAT'ng is being done by WSLv2. WSLv1 instances, don't have any issue.

[dstabosz]

I have the same problem. If I disable Symantec Endpoint Protection firewall, I have no problems. But with SEP firewall enabled, my connections are blocked. With SEP firewall enabled I can ping, but ssh and other protocols don't work. SEP does not report anything in the Traffic Log regarding the dropped traffic.