I have to launch one, two or three times the disto for it to work on my laptop.
I think it is the bug in WSL you have already create:
microsoft/WSL#6917

As a workaround, instead of calling this:
wsl.exe -d wsl-vpnkit service wsl-vpnkit start

I remove background option of wsl-vpnkit.service and keep wsl.exe process in background like this:

wsl.exe -d wsl-vpnkit sed -i '/--background/d' /app/distro/wsl-vpnkit.service
wsl.exe -d wsl-vpnkit sed -i '/--stdout/d' /app/distro/wsl-vpnkit.service
wsl.exe -d wsl-vpnkit sed -i '/--stderr/d' /app/distro/wsl-vpnkit.service
nohup sh -c "wsl.exe -d wsl-vpnkit service wsl-vpnkit start" 2>&1 </dev/null &

Have you a better solution?

https://docs.microsoft.com/en-us/windows/wsl/networking#accessing-windows-networking-apps-from-linux-host-ip

Keep DNS pointed to VPNKit gateway IP.

#52

Nevermind, I executed wsl-vpnkit.exe instead of wsl-vpnkit. Mistake on my part. Thanks for your work!

plz let me know

First of all thank you so much for this project, Sakai135!!

installed wsl vpn kit through the wrapper https://github.com/mbl-35/wsl-vpnkit. everything working good but upon starting docker, wsl vpn service getting broken with the below error.

Failed to read a packet header from host Error: 0. No error information
2021/06/24 12:56:58 open //./pipe/wsl-vpnkit: The system cannot find the file specified.
EOF reading from socket: closing

Failed to read hello from client
Failed to negotiate vmnet connection
2021/06/24 12:56:59 open //./pipe/wsl-vpnkit: The system cannot find the file specified.
EOF reading from socket: closing

is this a limitation of either of docker or wsl vpn kit only one runs at a time? if not, can you please guide me on fixing this?

Thanks in advance!!

At my company, we're using AppLocker to lock down the executables people can run on their Windows machines. There are just some limited paths where I'm allowed to run things. The user profile folder isn't one of those locations unfortunately.

Would it be possible to make the location for executables on the windows host system configurable?

It looks to me like this works, but you need to change the alpine distro to WSL2, so maybe add to your instructions:
wsl --set-version wsl-vpnkit 2

I've got it installed, I can see it as an option in the Windows Terminal which when I open it shows some information on how to use it.

When in a powershell terminal I run wsl.exe -d wsl-vpnkit service wsl-vpnkit start a handful of terminal windows open, some have [process exited with code 128 (0x00000080)] in them, others are blank.

https://i.imgur.com/Y6CbQZM.png

If I try and close the terminal windows that are opened a seemingly endless number of them open one after another, I need to reboot my machine to get them to stop.

Hi! Thanks for your great job!

I was able to use this project but for some reason I had very slow dns lookups. ping 8.8.8.8 goes ok (50ms), but git clone github.com/some/repo takes 10 second to just start cloning.

So I looked at other solutions and found this that helped me. Basically it gets DNS server addresses from VPN internet adapter and writes it to /etc/resolv.conf (and restores original dns providers when out of vpn).

Are the vpn wsl problems solved by yours and theirs solutions exact same problems?

If so, yours is monstreously more hard to use. Shouldn't we redirect new users to more lightweight solutions?

Hi,

Thanks for wsl-vpnkit, Docker containers of Docker CE (not docker desktop) on wsl2 can connect to external hosts by specifying ip address under VPN(PANGP) environment. But, it seems not be able to resolve hostname so the following curl command fails on the containers.

$ docker exec  -it hoge2 curl --head www.google.com
curl: (6) Could not resolve host: www.google.com; Unknown error

I checked the nameserver on docker containers are set to the address of virtual ethernet adapter for WSL and confirmed ping command to the address done successfully. And I can make the dns name resolution success when I disable the VPN or tweak metrics value of network adapters. Attaching containers to docker host (not bridge) network seems work as well.

As far as appearances go, only the access to the WSL virtual adapter per se for name resolution fails still using wsl-vpnkit. Is it an expected behavior?

Regards,

Is the MIT licence compatible with the upcoming licence changes for the Docker Desktop installer?

The instructions in the README seem to use apt to install packages from within WSL 2, but, as far as I understand, the purpose of the software is to provide internet access to the VM. In my case, for example, I cannot use apt as it is listed in the README commands, even with Docker Desktop for Windows installed, as it fails to resolve the request to the package repository.

Am I missing something, or does this software require a functioning apt get to work? Thanks, if I could get it working this would be extremely helpful for several people on my team. In any case, I am thinking I may be able to download the packages manually and install with dpkg.

Great work, very useful!

Is it an idea to make it a tiny bit more "generic" so that it can run, for example, in an Alpine distro with default shell?

I have been working on a version which seems close:

main...albertony:busybox

Most of it is quite straight forward changes I think, but the trap/cleanup logic is a bit hard to get right. When first making the script valid #! /bin/sh I kept getting two vpnkit-tap-vsockd left after exit (Ctrl+C) - when running from Alpine's sh, but also Debian's sh. This never happens when running with bash, in fact I could even remove the existing kill $PID_RELAY $PID_TAP and it seems to always stop all the the subshells/processes on exit! The only way to make it kill the vpnkit-tap-vsockd was to add a kill 0 at the end of the close function, which I guess is a bit dirty?

Hi!

As mentioned in the title, npiperelay is flagged by multiple AVs as dangerous software: https://www.virustotal.com/gui/file/9a9beb0286434d7250f4d95777210a61cbea23abf73f275625b813b05c562570/detection . It also appears to be unmaintained (last commit to master 2y agos, stale PRs and Issues, etc...). Is there another solution to use wsl-vpnkit that does not involve using npiperelay? It would make my corporate security team very happy! Thanks.

Thanks for the suggestion. I have tested wsl-vpnkit, here it works partially: local network and Internet access are ok, but I can't reach any host inside my VPN network (i.e. ping fails, ssh login fails). Looks like all traffic is routed outside the VPN, not sure - further investigation is needed... Maybe I need to setup some routing for hosts inside VPN. Any clues?

Originally posted by @kingsumos in microsoft/WSL#5068 (comment)

It looks like your tee command in document is not working on Ubuntu

I think it should be changed to

$ sudo tee /etc/wsl.conf > /dev/null <<EOL
[network]
generateResolvConf = false
EOL

Hello,

I want to check as I start my distro (debian) if wsl-vpnkit service is up. So I added a script at my .login:

  read "wsl_vpnkit_yn? * Do you want to start wsl-vpnkit ? y/n "
  echo

  if [[ "$wsl_vpnkit_yn" =~ ^[Yy]$ ]]; then
    echo "Start wsl-vpnkit ..."
    wsl.exe -d wsl-vpnkit service wsl-vpnkit start
  fi
fi

Is there anyway to obtain the information and put it in the "WSL_KIT" variable ?

I keep getting an access denied error and my account does not even have permissions to execute or delete / modify the .exe file. Am I missing some config here?

Hello

I've used your script a lot with Windows 10 and now, I've migrated to W11 and I see that $env:USERPROFILE isn't recognized anymore by the console. The command wsl --import wsl-vpnkit $env:USERPROFILE\wsl-vpnkit wsl-vpnkit.tar.gz --version 2 isn't working under W11 and should be replaced by wsl --import wsl-vpnkit %USERPROFILE%\wsl-vpnkit wsl-vpnkit.tar.gz --version 2.

Thanks for wsl-vpnkit!

First, thanks for your great work, last release with separate distro and iptables is awesome 🎉 !

At work, some PC have Windows system in an other drive than C:, exemple D:.
You can also configure directory where drives are mounted, in /etc/wsl.conf, see https://docs.microsoft.com/en-us/windows/wsl/wsl-config:

Section: [automount]
root (default: /mnt/): Sets the directory where fixed drives will be automatically mounted.
For example, if you have a directory in WSL at /windir/ and you specify that as the root, you would expect to see your fixed drives mounted at /windir/c

I think you use these code to find real values:
https://github.com/wslutilities/wslu/blob/173da54ec9b138c1c5d13dd24398ed1d114024f8/src/wslu-header#L111-L146

function interop_prefix {

	win_location="/mnt/"
	if [ -f /etc/wsl.conf ]; then
		tmp="$(awk -F '=' '/root/ {print $2}' /etc/wsl.conf | awk '{$1=$1;print}')"
		[ "$tmp" == "" ] || win_location="$tmp"
		[[ "$win_location" =~ ^.*/$ ]] || win_location="$win_location/" # make sure it always end with slash
		unset tmp
	fi
	echo "$win_location"

	unset win_location
}

function sysdrive_prefix {
	win_location="$(interop_prefix)"
	hard_reset=0
	for pt in $(ls "$win_location"); do
		if [ $(echo "$pt" | wc -l) -eq 1 ]; then
			if [ -d "$win_location$pt/Windows/System32" ]; then
				hard_reset=1
				win_location="$pt"
				break
			fi
		fi 
	done

	if [ $hard_reset -eq 0 ]; then
		win_location="c"
	fi

	echo "$win_location"

	unset win_location
	unset hard_reset
}

Am I right, that "standalone" script must have wsl-vpnkit repo cloned and these instructions must be run from cloned repo folder?
I know, it's silly, but it's not harm to add note in this script for users.

Seems like resolving PTR DNS records is not working from WSL2. DNS resolution works correctly though.

A from WSL2:

# nslookup host.example.com
Server:         192.168.67.1
Address:        192.168.67.1#53

Non-authoritative answer:
Name:   host.example.com
Address: 10.28.83.140

PTR from WSL2:

# nslookup 10.28.83.140
** server can't find 140.83.28.10.in-addr.arpa: NXDOMAIN

However, resolving from Windows host works correctly:

# nslookup 10.28.83.140
Server:  dns.example.com
Address:  10.2.90.1

Name:    host.example.com
Address:  10.28.83.140

Hello,

First of all, thank you @sakai135 for this work/repo it's been a great help.

I have difficulties with my current WSL2 setup.

Once i restart my computer, the Hyper-V virtual Ethernet Adapter used by WSL is remove and a new one is created as soon as a new linux distro is launched.
I did not find how to make it permanent if it's even possible.

The consequence is the IP range change every time and i have to rewrite the wsl-vpnkit.conf file each time.

I have to do this because the IPs does not match the default ones, which are in the 192.168.67.0/24 range, but are in a 172.x.y.0/20 range.

I also have to set VPNKIT_GATEWAY_IP to non allocated IP (ex: X.Y.Z.254) because, as soon i configure that to be equal to VPNKIT_HOST_IP which seem to always be the first IP in the IP range, i get network unreachable errors.
I did not find any dedicated IP in the WLS2 vethernet card's IP range.

(setting it to the last IP in the range seem to work).

Is there a way to have some kind of automatic configurations before launching the proxy process ?

Config values could be computed from powershell commands:

Get-NetIPAddress -InterfaceAlias "vEthernet (WSL)"  -AddressFamily IPv4
Get-DnsClientServerAddress -InterfaceAlias "*local*" -Family IPv4

Am I missing something from the documentation which would help solving my problems ?

PS: does wls-vpnkit iptables rules compatible with IP range different than /24 ?

Best regards.

I have to work with multiple WSL distro running at same time.
Is it possible to use your script with more than one distro running at same time?

I'm facing an issue where after a bit of time my X11 windows disappear with this in the vpnkit log:

wsl-vpnkit.exe: [WARNING] TCP 192.168.67.3:56138 > 192.168.67.2:6000 closing flow due to idle port disconnection

After using some google-fu I found this moby/vpnkit#414 and docker/for-win#2639

Is there a way to disable or set port-max-idle-time option in wsl-vpnkit?

The netdev group (used for the socat command) is a debian only thing. This group doesn't appear to exist in fedora or other distros. I'm not sure which group to go for otherwise. I use systemd-network for now until I find a better one or maybe it's already the right one?

When running the service with the WSL Preview 0.48.2.0 results in Windows executables showing up as separate windows. For now, the workaround is to run the script directly and keep the terminal open.

wsl.exe -d wsl-vpnkit wsl-vpnkit

microsoft/WSL#7568

Hello,
my behaviour with vpnkit:

vpn off:
dns is working
wsl2 has internet connection
wsl2 has (of course) no connection to corp. intranet

vpn on:
dns is working
wsl2 lost partial internet connection: ping is possible, all other connections will timeout
wsl2 has connection to corp.intranet

My question: can I somehow route only corp intranet traffic (whole x.x.x.x/8 network) through vpn and leave the rest as it is without vpn ?

Unless I'm missing something, is there a clever workaround to expose a port on WSL2 while WSL-VPNkit is active?

Example

In WSL2:

python3 -m http.server

In windows:

curl http://???/

Note: IPv6 works, but that's not using WSL-vpnkit, that's just a side that on my VPN, IPv6 apparently still works even without WSL-vpnkit

Hello thanks for the program, I'm a total newbie with docker, can you give more information about http_proxy.json and gateway_forwards.json? I found these file in my APPDATA folder on the host after installing Docker, are they correctly configured automatically by docker itself after turning on the VPN (I use Cisco AnyConnect)?

At the moment, after running ./wsl-vpnkit i get:

successfully created TAP device eth1
starting in connect mode with path=/var/run/wsl-vpnkit.sock and tap=eth1
Server reports version 22, commit 0123456789012345678901234567890123456789
VMNET VIF has MAC 02:50:00:00:00:01

but i still can't access the network with wsl, sometimes I also get this error (seems to appear randomly):

vpnkit.exe: [INFO] Setting handler to ignore all SIGPIPE signals
vpnkit.exe: [INFO] Version is 218f01482560cba2fa863f9ad872ad51d1e717fc
vpnkit.exe: [INFO] System SOMAXCONN is 2147483647
vpnkit.exe: [INFO] Will use a listen backlog of 32
vpnkit.exe: [INFO] No periodic Gc.compact enabled
vpnkit.exe: [WARNING] There is no database: using hardcoded network configuration values
vpnkit.exe: [INFO] DNS server configured with no builtin DNS names; everything will be forwarded
vpnkit.exe: [INFO] 2 upstream DNS servers are configured
vpnkit.exe: [INFO] Disabling transparent HTTP redirection
vpnkit.exe: [INFO] Updating resolvers to use host resolver
vpnkit.exe: [INFO] Secure random number generator is available
vpnkit.exe: [INFO] Add(3): DNS configuration changed to: use host resolver
vpnkit.exe: [INFO] DNS server configured with builtin DNS names [ gateway.internal -> 192.168.67.1, host.internal -> 192.168.67.2, vm.internal -> 192.168.67.3 ]
vpnkit.exe: [INFO] Will use the host's DNS resolver
vpnkit.exe: [INFO] Transparent HTTP redirection configuration file C:\Users\lpuglia\AppData\Roaming/Docker/http_proxy.json has changed
vpnkit.exe: [INFO] Reading transparent HTTP redirection from C:\Users\lpuglia\AppData\Roaming/Docker/http_proxy.json
vpnkit.exe: [INFO] Watching transparent HTTP redirection configuration file C:\Users\lpuglia\AppData\Roaming/Docker/http_proxy.json for changes
vpnkit.exe: [INFO] New Gateway forward configuration: []
vpnkit.exe: [INFO] Gateway forwards file C:\Users\lpuglia\AppData\Roaming/Docker/gateway_forwards.json has changed
vpnkit.exe: [INFO] Reading gateway forwards file from C:\Users\lpuglia\AppData\Roaming/Docker/gateway_forwards.json
vpnkit.exe: [INFO] Watching gateway forwards file C:\Users\lpuglia\AppData\Roaming/Docker/gateway_forwards.json for changes
vpnkit.exe: [INFO] Configuration server_macaddr = f6:16:36:bc:f9:c6; max_connection = None; dns_path = None; dns = ; resolver = Host; domain = None; allowed_bind_addresses = 0.0.0.0; gateway_ip = 192.168.67.1; host_ip = 192.168.67.2; lowest_ip = 192.168.67.3; highest_ip = 192.168.67.14; dhcp_json_path = None; dhcp_configuration = None; mtu = 1500; http_intercept = None; http_intercept_path = C:\Users\lpuglia\AppData\Roaming/Docker/http_proxy.json; port_max_idle_time = 300; host_names = host.internal; gateway_names = gateway.internal; vm_names = vm.internal; udpv4_forwards = []; tcpv4_forwards = []; gateway_forwards_path = C:\Users\lpuglia\AppData\Roaming/Docker/gateway_forwards.json; pcap_snaplen = 128
vpnkit.exe: [INFO] Updating transparent HTTP redirection: {
  "exclude": "",
  "transparent_http_ports": [
    80
  ],
  "transparent_https_ports": [
    443
  ]
}
vpnkit.exe: [INFO] New Gateway forward configuration: [{"protocol":"udp","external_port":53,"internal_ip":"127.0.0.1","internal_port":54216},{"protocol":"tcp","external_port":53,"internal_ip":"127.0.0.1","internal_port":53271}]
vpnkit.exe: [ERROR] Failed to parse address '' from hosts file
vpnkit.exe: [INFO] C:\Windows\System32\drivers\etc\hosts file has bindings for host.docker.internal gateway.docker.internal kubernetes.docker.internal
successfully created TAP device eth1
starting in connect mode with path=/var/run/wsl-vpnkit.sock and tap=eth1
Server reports version 22, commit 0123456789012345678901234567890123456789
VMNET VIF has MAC 02:50:00:00:00:01

Start wsl-vpnkit from your other WSL 2 distros. Add the command to your .profile or .bashrc to start wsl-vpnkit when you open your WSL terminal.

wsl.exe -d wsl-vpnkit service wsl-vpnkit start

How do you start wsl-vpnkit from other distros?

add messaging and timeout to the socket and tap checks added in #33

I've been using this kit for a while without a problem:

• Windows 10 Pro,
• WSL2 fedoraremix distribution
• VPN Cisco AnyConnect mobility 4.10.x
  The drill was to launch the fedoraremix and afterwards launch wsl-vpnkit using: wsl.exe -d wsl-vpnkit service wsl-vpnkit start from inside a script in the fedoraremix distribution.

For two days now, this is not working anymore. I'm not sure wheter is some kind of policy enforcement from my corporation. What I've noticed:

• Connection from WSL2 to internet with the VPN off is possible. However is not practical for remote working.
• As soon as I launch the vpn, outbound connections are lost. Cant' resolve names is one of the messages I've saw using ping.

I don't remember the exact version 0.2.x I was using (I've been switching from the latest to 0.2.5 these days trying to fix it) What I've noticed:

• v0.2.x the eth1 interface exists but with no ip address assigned. (at least not shown)
• v0.3.2 No eth1 interface. However eth0 has two similar ips:
  4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:15:5d:92:c9:ce brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65521 numtxqueues 64 numrxqueues 64 gso_max_size 62780 gso_max_segs 65535 inet 172.24.124.229/20 brd 172.24.127.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.24.124.229/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::215:5dff:fe92:c9ce/64 scope link valid_lft forever preferred_lft forever

So I don't know if it has to do with permissions, firewall, policies or something like it. I also don't know how to properly debug the issue and find out where the traffic is being blocked. My network expertise is low.

Appreciate any help

Hello,
sudo /.wsl-vpnkit is not working for me: command not found

I followed your instructions, and no clue about my issue

Thank you

when I scan the file wsl-gvproxy.exe mcafee doesn't alert anything, after I run this command
wsl.exe -d wsl-vpnkit service wsl-vpnkit start a minute later mcafee quarantines the file wsl-gvproxy.exe
only information is Real Protect-PENGSD5!4F037B7EED59.
i've google'd it nothing comes up. I downloaded latest build just yesterday v0.3.2.

anybody else having this issue!

Getting the following failure when running the script, used to work before.

vpnkit.exe: [INFO] C:\Windows\System32\drivers\etc\hosts file has bindings for host.docker.internal gateway.docker.internal kubernetes.docker.internal
TUNSETIFF failed Error: 16. Resource busy

Please fix reference to wsl-vpnkit script in standalone script using block

# download the wsl-vpnkit script to current directory
wget https://raw.githubusercontent.com/sakai135/wsl-vpnkit/main/wsl-vpnkit 

to

# download the wsl-vpnkit script to current directory
wget https://raw.githubusercontent.com/sakai135/wsl-vpnkit/v0.2.x/wsl-vpnkit 

I'm running into a very peculiar problem with wsl-vpnkit. I just installed the program after a few months of messing with resolv.conf every week. Basically wsl-vpnkit manages to nslookup example.com twice before it decides to stop working until a WSL terminate, where the same thing happens. Logs:

>  wsl.exe -d wsl-vpnkit tail -f /var/log/wsl-vpnkit.log
check: ✔️ nslookup success for example.com AAAA using 192.168.67.1
check: ✔️ nslookup success for example.com AAAA using 192.168.67.1
nslookup: can't connect to remote host (172.31.240.1): Network unreachable
check: ❌ nslookup fail for example.com AAAA using 172.31.240.1
nslookup: can't connect to remote host (1.1.1.1): Network unreachable
check: ❌ nslookup fail for example.com AAAA using 1.1.1.1
ping: bad address 'example.com'
check: ➖ ping fail to IPv6 external host (example.com)
wget: bad address 'example.com'
check: ❌ wget fail for https://example.com

I'm using Surfshark VPN with OpenVPN (UDP). Starting the service does not change anything from my WSL linux instance, still cannot connect.

$ wsl.exe -d wsl-vpnkit service wsl-vpnkit start
$ sudo ping google.com
ping: google.com: Temporary failure in name resolution
$ dig google.com # freezes
^C^C
$ nslookup google.com # also freezes
^C
^C
$ sudo ping 172.217.25.14
ping: connect: Network is unreachable

I'm not sure if I need to change the wsl-vpnkit config in order to make it work, since the documentation isn't very clear. Should I be changing something in /etc/resolv.conf on my linux instance?

Edit: I nslookup'd google.com in powershell and attempted to ping that IP in the linux instance. However that still errors, meaning that it is not (only) a DNS issue.

I'm running into some problem using the WSL VPN Kit (running in Ubuntu-20.04 WSL2) from alpine in WSL2

Steps to reproduce

1. Setup wsl-vpnkit in Ubuntu-20.04

2. Restart Ubuntu-20.04 and start wsl-vpnkit

   • Internet works in Ubuntu-20.04 while on VPN now 👍

3. Start alpine (3.13.4, if that matters. Installed from MS Store fresh today)

4. Edit /etc/wsl.conf just like I did in Ubuntu

   [network]
   generateResolvConf = false

5. Edit /etc/resolv.conf to read nameserver 192.168.67.1

6. Restart Alpine to make sure everything is happy.

What doesn't work

Anything that needs dns resolution

• ping www.google.com
  • ping: bad address 'www.google.com'
• wget http://www.example.com
  • wget: bad address 'www.example.com'

I get the same failures both on and off of VPN

What does work

DNS resolution and internet traffic actually both work

• nslookup example.com

  Server:         192.168.67.1
  Address:        192.168.67.1#53
  
  Non-authoritative answer:
  Name:   example.com
  Address: 93.184.216.34
  ** server can't find example.com: NXDOMAIN
  

• wget http://45.33.7.16/

  Connecting to 93.184.216.34 (93.184.216.34:80)
  wget: server returned error: HTTP/1.1 404 Not Found
  

• ip route

  default via 192.168.67.1 dev eth1
  172.22.224.0/20 dev eth0 scope link  src 172.22.226.58
  192.168.67.0/24 dev eth1 scope link  src 192.168.67.3
  

I get the same results both on and off of VPN

Additional: If I delete /etc/wsl.conf and /etc/resolv.conf and restart WSL while off of VPN, everything works as normal, but only when not on VPN. So alpine is working when not using vpnkit

What I expect

Internet should be working, especially if wget by IP and and nslookup are both clearly working. What could be going on to prevent this from functioning as intended?

For the past 6 month I was using the AmmarRahman's version of wsl-vpn but his new changes won't work anymore and I can't get any connection.

I tried your solution and I can reach the internal network just fine. But I cannot reach external networks (internet). Could you help me please getting this fixed/working?

best regards

I have wsl-vpnkit working as root user. However, I am facing one issue. Name resolution works as root user, but not as a non privileged user. I am using the wsl-vpnkit default gateway in the resolve.conf file per the instructions.

Hi there.

Any idea why I can't run this inside a tmux session? I get:

myuser@LAPTOP ~ % sudo ./wsl-vpnkit.sh
successfully created TAP device eth1
starting in connect mode with path=/var/run/wsl-vpnkit.sock and tap=eth1
Failure reading from socket: closing: Connection reset by peer
Failed to read hello from client
Failed to negotiate vmnet connection
Failure reading from socket: closing: Connection reset by peer
Failed to read hello from client
Failed to negotiate vmnet connection

But in a regular terminal:

myuser@LAPTOP ~ % sudo ./wsl-vpnkit.sh
vpnkit.exe: [INFO] Setting handler to ignore all SIGPIPE signals
vpnkit.exe: [INFO] Version is 218f01482560cba2fa863f9ad872ad51d1e717fc
vpnkit.exe: [INFO] System SOMAXCONN is 2147483647
vpnkit.exe: [INFO] Will use a listen backlog of 32
vpnkit.exe: [INFO] No periodic Gc.compact enabled
vpnkit.exe: [WARNING] There is no database: using hardcoded network configuration values
vpnkit.exe: [INFO] DNS server configured with no builtin DNS names; everything will be forwarded
vpnkit.exe: [INFO] 2 upstream DNS servers are configured
vpnkit.exe: [INFO] Disabling transparent HTTP redirection
vpnkit.exe: [INFO] Updating resolvers to use host resolver
vpnkit.exe: [INFO] Secure random number generator is available
vpnkit.exe: [INFO] Add(3): DNS configuration changed to: use host resolver
vpnkit.exe: [INFO] DNS server configured with builtin DNS names [ gateway.internal -> 192.168.67.1, host.internal -> 192.168.67.2, vm.internal -> 192.168.67.3 ]
vpnkit.exe: [INFO] Will use the host's DNS resolver
vpnkit.exe: [INFO] New Gateway forward configuration: []
vpnkit.exe: [INFO] Configuration server_macaddr = f6:16:36:bc:8a:c6; max_connection = None; dns_path = None; dns = ; resolver = Host; domain = None; allowed_bind_addresses = 0.0.0.0; gateway_ip = 192.168.67.1; host_ip = 192.168.67.2; lowest_ip = 192.168.67.3; highest_ip = 192.168.67.14; dhcp_json_path = None; dhcp_configuration = None; mtu = 1500; http_intercept = None; http_intercept_path = None; port_max_idle_time = 300; host_names = host.internal; gateway_names = gateway.internal; vm_names = vm.internal; udpv4_forwards = []; tcpv4_forwards = []; gateway_forwards_path = None; pcap_snaplen = 128
vpnkit.exe: [ERROR] Failed to parse address '' from hosts file
vpnkit.exe: [INFO] C:\Windows\System32\drivers\etc\hosts file has bindings for vmware-localhost vmware-localhost host.docker.internal gateway.docker.internal kubernetes.docker.internal
successfully created TAP device eth1
starting in connect mode with path=/var/run/wsl-vpnkit.sock and tap=eth1
vpnkit.exe: [INFO] Vmnet.Server.negotiate: received { magic = VMN3T; version = 22; commit =                                          }
Server reports version 22, commit 0123456789012345678901234567890123456789
vpnkit.exe: [INFO] Generated UUID on behalf of client: 0656efd6-6cfe-88af-a0f2-8a98a931cc47
vpnkit.exe: [INFO] Vmnet.Server.negotiate: received Ethernet 0656efd6-8cfe-49af-a0f2-8a98a931cc47
vpnkit.exe: [INFO] Vmnet.Server.negotiate: sending { mtu = 1500; max_packet_size = 1550; client_macaddr = 02:5a:00:00:00:01 }
vpnkit.exe: [INFO] Vmnet.Server.listen: rebinding the primary listen callback
vpnkit.exe: [INFO] Vmnet.Server.listen: starting event loop
vpnkit.exe: [INFO] Connected Ethernet interface f6:16:36:8a:f9:c6
VMNET VIF has MAC 02:5a:00:00:00:01
vpnkit.exe: [INFO] Client mac: 02:5a:00:00:00:01 server mac: f6:16:36:8a:f9:c6
vpnkit.exe: [INFO] TCP/IP ready
vpnkit.exe: [INFO] TCP/IP stack connected

And finally: Thank you SO much for this! Very creative and useful.

Expected Behavior

Expect vscode to be able to open in wsl2 while connected to VPN.

Also, tried to follow steps to configure vs code remote extension, but cannot find the necessary function to change.
async function P(e,t,s){if(l.isWSL1(s))return"127.0.0.1";}

Current Behavior

Vscode cannot establish a remote connection to wsl2 when connected to VPN.

Possible Solution

Work around, turn off vpn, connect to wsl2 with vscode, turn on vpn.

Possible reason for not being able to find the function is I'm using a new version of vscode remote wsl extensions:
~/.vscode/extensions/ms-vscode-remote.remote-wsl-0.54.6/dist/wslDaemon.js

Context (Environment)

wsl: 2
Windows 10: 19042.928
VS Code Remote WSL Extension: 0.54.6

Notes

Any help is appreciated!

wsl.exe -d wsl-vpnkit tail -f /var/log/wsl-vpnkit.log

Hi,

is there a way to configure wsl-vpnkit to use a corporate proxy ?

wget, used in checks fail because it cannot get a website outside of my corporate network.

I saw a PR about HTTP_PROXY_CONFIG_PATH (#76) but i assume it was related to docker's vpnkit.

My current workaround is to configure CHECK_HOST to use a domain inside my corporate network.

Best regards.

wsl-gvproxy.exe is considered malicious by mc afee. And it is blocked when I start a wsl distribution.
Do you have any solution ?

The current script is a great, educational example on how one can use vnpkit to use WSL2 in a VPN environment.

I ended up making a number of adjustments to the script to:
a) If the script is executed again, kill all lingering processes from last run both on windows and linux side, as currently it would start to stack processes and wouldn't work right.

#pre-cleanup any running processes
echo "Cleaning up anything left running..."
PROCS=("socat" "vpnkit-tap-vsockd")
for value in "${PROCS[@]}"
do
while pidof $value; do
echo "Killing ${value}...$(pidof $value)"
kill $(pidof $value)
done
done

b) Look up the vpnkit parent id before killing to ensure I'm not killing an active 'docker desktop' instance of vpnkit.

cleanup_vpnkit() {
PIDS="$(${POWERSHELL_PATH} -Command "(Get-Process "vpnkit").Id")"
echo "PIDS: $PIDS"
mypids=( $(echo "$PIDS" | fmt -999) )
for i in "${mypids[@]}"; do
PID="$(echo "$i" | tr -d '\n' | tr -d '\r')"
PARENT="$(${POWERSHELL_PATH} -Command "(Get-Process -Id ((gwmi win32_process |? processid -eq $PID).parentprocessid)).ProcessName" | tr -d '\n\r')"
echo "Parent: '$PARENT'"
if [ ! "$PARENT" = "Docker Desktop" ]; then
echo "Delete it!"
${POWERSHELL_PATH} -Command "Stop-Process -Id $PID"
else
echo "Keep it!"
fi
done
}

Lastly, I wrapped the script with something that runs it in a tmux and pipes output to a log file, then I run that via wsl cli in the background (windows batch script):

#!/bin/bash
#---start go script

if [ ! "$(id -u)" = "0" ]; then
echo "Not root, calling self as root..."
sudo -E sh -c "$0"
exit "$?"
else
echo "Running as root..."
fi
#first graceful kill
if ps -ef | grep -v grep | grep "/bin/sh ./wsl-vpnkit" >/dev/null; then
echo "Graceful kill of older processes..."
for i in $(ps -ef | grep "/bin/sh ./wsl-vpnkit" | grep -v grep | awk '{print $2}'); do kill $i; done
fi

if ps -ef | grep -v grep | grep "/bin/sh ./wsl-vpnkit" >/dev/null; then
echo "Wait 60 sec for graceful death..."
sleep 60
fi

if ps -ef | grep -v grep | grep "/bin/sh ./wsl-vpnkit" >/dev/null; then
echo "Not so graceful kill of older processes..."
for i in $(ps -ef | grep "/bin/sh ./wsl-vpnkit" | grep -v grep | awk '{print $2}'); do kill -9 $i; done
fi

#startup
echo "Starting up..."

cd /opt/wsl-vpnkit
if [ -f "./wsl-vpnkit.out" ]; then
mv ./wsl-vpnkit.out ./wsl-vpnkit.out.$(date +'%Y%m%d%H%M%S')
fi

tmux new -d './wsl-vpnkit > ./wsl-vpnkit.out 2>&1'
#---end go script

The windows batch script contents:
wsl -d <my_wsl_distribution> /opt/wsl-vpnkit/go &

This seems to be working pretty reliably for me, so I wanted to share.

I do hope Microsoft either includes a solution like this, or otherwise identifies an alternative solution to make WSL2 work cleanly in VPN environments. Until then, this is working nicely!

Update to also add/update /etc/wsl.conf to disable generateResolvConf.

Hi,
I hope this will solve my WSL2 networking issues with VPN and Hibernate.
Followed the install steps but I cannot start wsl-vpnkit

/mnt/c/Users/4integration$ sudo ./wsl-vpnkit
sudo: ./wsl-vpnkit: command not found

What is missing?