11-06-2020 02:33 AM - edited 11-06-2020 02:35 AM
After starting anyconnect I find network connectivity stops working under WSL2 (Windows Substem for Linux)
the fix seems to be:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 4000
Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" | Set-NetIPInterface -InterfaceMetric 1
we are using version 4.5.000 I have searched the release notes and can find no metion of wsl so I presume it's still broken in the latest
Is it possible this change could be incorporated into the product?
11-13-2020 01:33 PM - edited 11-13-2020 01:35 PM
I too have the same problem. Changing the metric did not work. As soon as i connect to Cisco VPN, WSL2 looses connectivity to the internet as well connectivity to the host via WSL network adapter. Ping using loopback IPs 127.0.1.1 works but not via the virtual ethernet adapters.
Host IP:
WSL info:
11-18-2020 02:11 PM
My team member had this problem too. Of three people on my team with nominally the same setup (Ubuntu 18.04 in WSL2), only one has run into this. Setting the Interface Metric initially fixed it, but then after a few hours (without restarting the VPN or WSL) it stopped again, and resetting them has not restored the connection.
11-18-2020 04:33 PM
Interesting! Only 1 of 3 is facing the issue? If you search the internet it is a wide spread issue to people using Cisco Anyconnect. I think it is something todo with bypassing VPN for local routes and/or NATing.
11-19-2020 09:42 AM
Yeah, still not sure why only one of the team ran into this, but the solution for us was the combination of the Set-NetIPInterface commands above and replacing the /etc/resolv.conf file as described here or here. (The resolv.conf fix by itself was not enough.)
#!/bin/bash TMP=`mktemp` trap ctrlC INT removeTempFiles() { rm -f $TMP } ctrlC() { echo echo "Trapped Ctrl-C, removing temporary files" removeTempFiles stty sane } echo "Current resolv.conf" echo "-------------------" cat /etc/resolv.conf echo echo "Creating new resolv.conf" echo "------------------------" { head -1 /etc/resolv.conf | grep '^#.*generated' for i in `/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command "Get-DnsClientServerAddress -AddressFamily ipv4 | Select-Object -ExpandProperty ServerAddresses"`; do echo nameserver $i done tail -n+2 /etc/resolv.conf | grep -v '^nameserver' } | tr -d '\r' | tee $TMP (set -x; sudo cp -i $TMP /etc/resolv.conf) removeTempFiles
05-03-2021 01:33 AM
I had the same issue and your PowerShell Solution worked for me but it was very annoying to do it manually every time AnyConnect established a VPN Connection.
I now found out that installing Hyper-V on my machine somehow fixed the Problem. I initially wanted to check if there was anything in the Hyper-V Network settings i could change but i didn't need to configure anything. Simply installing Hyper-V was enough.
05-04-2021 01:23 AM
ok, maybe i was a bit too fast. it somehow worked for a while but now i'm back to powershell
05-05-2021 08:38 AM
This worked for me, thanks for posting your solution. Now just need to automate this step.
05-05-2021 09:15 AM
I created 2 powershell scripts to accomplish the automation. One launches powershell as admin and the second executes the network interface commands. I added the following to my .bashrc: powershell.exe -F "C:\Users\jedunn\pwsh\doit.ps1". The only annoying issue is that it still has a UAC prompt.
1st script contents of doit.ps1
start-process powershell -verb runas -ArgumentList '-F "netinterface.ps1"'
2nd scripts contents of netinsterface.ps1
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 4000
Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" | Set-NetIPInterface -InterfaceMetric 1
08-25-2021 07:35 AM
I tried this step here an that work. I can now ping 8.8.8.8 or anything. Now I just can't resolved by dns by names.
08-25-2021 07:46 AM
You may need to modify your /etc/resolv.conf with your DNS servers
07-08-2021 05:16 PM - edited 07-08-2021 05:34 PM
Like @ramuddan, the 2 powershell commands (Get-NetAdapter and Get-NetIPInterface) + using the dns servers returned by Get-DnsClientServerAddress -AddressFamily ipv4 | Select-Object -ExpandProperty ServerAddresses in the wsl2 /etc/resolv.conf didn't solve this issue for me. It seems to me that the wsl2 machine cannot reach the dns servers. For example, dig www.youtube.com returns connection timed out; no servers could be reached and this command git clone git@my-company-git:xxx returns ssh: could not resolve host name ...
My AnyConnect version is 4.9.04053.
When I don't have Cisco AnyConnect running, the wsl2 machine cannot connect to the Internet either. Maybe because I'm using Symantec Endpoint Protection + windows Defender Firewall. This is what I have to do to make the wsl2 machine connect to the Internet:
- windows ipconfig /all returns
Ethernet adapter vEthernet (WSL):
IPv4 Address. . . . . . . . . . . : 192.168.137.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
- in the wsl2 machine, I need to run:
ip addr add 192.168.137.2/24 dev eth0
ip route delete default
ip route add default via 192.168.137.1
- add the dns servers my windows machine uses to /etc/resolv.conf
- and have to enable the "Allow other network users ..." in the Wi-Fi adapter
07-09-2021 01:31 AM
Have you tried turing off ipv6 support on your main network adaptor?
Not a long term solution I know but it might eliminate one more thing...
08-24-2021 02:38 PM
I had follow the steps here without success.
12-13-2021 02:24 AM
Hi,
A workaround is using Dockers open source vpnkit. Search for wsl vpnkit and follow the instructions there. It allows you to use the same tech docker is using to provide internet access to your docker containers.
Hope this helps,
Zsolt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide