can't reach any host inside my VPN network about wsl-vpnkit HOT 8 CLOSED

Great, I'm glad it's working for you now. Since using the vpnkit.exe in the Docker for Windows folder solves the issue, I believe your VPN configuration or firewall has rules to allow/deny requests based on the executable name and/or location.

One downside with using vpnkit.exe instead of the renamed wsl-vpnkit.exe is that Docker for Windows will kill all vpnkit.exe processes whenever you stop/restart it, which will require you to restart wsl-vpnkit.

from wsl-vpnkit.

@kingsumos can you try running sudo VPNKIT_DEBUG=1 ./wsl-vpnkit with the script in the debug-option branch?

from wsl-vpnkit.

Trying a SSH throws a permission denied error:
(this is why we have a RST)
`wsl-vpnkit.exe: [DEBUG] received
f6 16 36 bc f9 c6 02 50 00 00 00 01 08 00 45 00
00 4b ba 96 40 00 40 11 78 b6 c0 a8 43 03 c0 a8
43 01 8e e5 00 35 00 37 c1 80 8e 5c 01 00 00 01
00 00 00 00 00 00 08 67 72 61 74 67 6c 30 31 03
64 65 76 0c 67 6c 6f 62 61 6c 2d 69 6e 74 72 61
03 6e 65 74 00 00 01 00 01

wsl-vpnkit.exe: [DEBUG] received
f6 16 36 bc f9 c6 02 50 00 00 00 01 08 00 45 00
00 4b ba 97 40 00 40 11 78 b5 c0 a8 43 03 c0 a8
43 01 8e e5 00 35 00 37 68 79 cc 63 01 00 00 01
00 00 00 00 00 00 08 67 72 61 74 67 6c 30 31 03
64 65 76 0c 67 6c 6f 62 61 6c 2d 69 6e 74 72 61
03 6e 65 74 00 00 1c 00 01

wsl-vpnkit.exe: [DEBUG] sending

02 50 00 00 00 01 f6 16 36 bc f9 c6 08 00 45 00
00 5b 8a 09 00 00 26 11 03 34 c0 a8 43 01 c0 a8
43 03

00 35 8e e5 00 47 f6 97

8e 5c 81 80 00 01 00 01 00 00 00 00 08 67 72 61
74 67 6c 30 31 03 64 65 76 0c 67 6c 6f 62 61 6c
2d 69 6e 74 72 61 03 6e 65 74 00 00 01 00 01 c0
0c 00 01 00 01 00 00 00 00 00 04 0a 72 7c c5

wsl-vpnkit.exe: [DEBUG] sending

02 50 00 00 00 01 f6 16 36 bc f9 c6 08 00 45 00
00 4b b0 37 00 00 26 11 dd 15 c0 a8 43 01 c0 a8
43 03

00 35 8e e5 00 37 e7 f5

cc 63 81 83 00 01 00 00 00 00 00 00 08 67 72 61
74 67 6c 30 31 03 64 65 76 0c 67 6c 6f 62 61 6c
2d 69 6e 74 72 61 03 6e 65 74 00 00 1c 00 01

wsl-vpnkit.exe: [DEBUG] received
f6 16 36 bc f9 c6 02 50 00 00 00 01 08 00 45 00
00 3c d8 e3 40 00 40 06 d6 f5 c0 a8 43 03 0a 72
7c c5 b8 08 00 16 d5 e1 5d 1a 00 00 00 00 a0 02
fa f0 0a 7b 00 00 02 04 05 b4 04 02 08 0a 2d 76
9f 20 00 00 00 00 01 03 03 07

wsl-vpnkit.exe: [DEBUG] 10.114.124.197:22: failed to connect, sending RST: Socket.TCPv4.connect tcp:10.114.124.197:22: caught Permission denied
wsl-vpnkit.exe: [DEBUG] process-syn: [channels=0 listens=0 connects=0]
wsl-vpnkit.exe: [DEBUG] sending

02 50 00 00 00 01 f6 16 36 bc f9 c6 08 00 45 00
00 28 d9 a9 00 00 26 06 30 44 0a 72 7c c5 c0 a8
43 03 00 16 b8 08 00 00 00 00 d5 e1 5d 1b 50 14
00 00 39 d2 00 00`

For ICMP ping we have:
`wsl-vpnkit.exe: [DEBUG] using default callback for packet for 10.114.124.197
wsl-vpnkit.exe: [INFO] Connected Ethernet interface f6:16:36:bc:f9:c6
wsl-vpnkit.exe: [DEBUG] ARP: adding 10.114.124.197 -> f6:16:36:bc:f9:c6
wsl-vpnkit.exe: [INFO] UDP interface connected on 10.114.124.197
wsl-vpnkit.exe: [DEBUG] create remote TCP/IP proxy for 10.114.124.197
wsl-vpnkit.exe: [DEBUG] activating switch port for 10.114.124.197
wsl-vpnkit.exe: [DEBUG] ICMP received 192.168.67.3 -> 10.114.124.197 ttl=64 ty=8 code=0 id=277 seq=1 payload len 56
wsl-vpnkit.exe: [DEBUG] received
f6 16 36 bc f9 c6 02 50 00 00 00 01 08 00 45 00
00 54 b8 d7 40 00 40 01 f6 ee c0 a8 43 03 0a 72
7c c5 08 00 75 1b 01 15 00 02 91 03 9d 60 00 00
00 00 93 96 01 00 00 00 00 00 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37

wsl-vpnkit.exe: [DEBUG] ICMP received 192.168.67.3 -> 10.114.124.197 ttl=64 ty=8 code=0 id=277 seq=2 payload len 56
wsl-vpnkit.exe: [DEBUG] received
f6 16 36 bc f9 c6 02 50 00 00 00 01 08 00 45 00
00 54 b8 f9 40 00 40 01 f6 cc c0 a8 43 03 0a 72
7c c5 08 00 bf 7d 01 15 00 03 92 03 9d 60 00 00
00 00 47 33 02 00 00 00 00 00 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37

wsl-vpnkit.exe: [DEBUG] ICMP received 192.168.67.3 -> 10.114.124.197 ttl=64 ty=8 code=0 id=277 seq=3 payload len 56
wsl-vpnkit.exe: [DEBUG] received
f6 16 36 bc f9 c6 02 50 00 00 00 01 08 00 45 00
00 54 b9 44 40 00 40 01 f6 81 c0 a8 43 03 0a 72
7c c5 08 00 54 e0 01 15 00 04 93 03 9d 60 00 00
00 00 b0 cf 02 00 00 00 00 00 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37`

from wsl-vpnkit.

Since you mentioned that SSH inside a Docker container works fine, can you do a pull on the debug-option branch and try:

sudo VPNKIT_DEBUG=1 VPNKIT_PATH='/mnt/c/Program Files/Docker/Docker/resources/vpnkit.exe' ./wsl-vpnkit

from wsl-vpnkit.

It works like a charm!
Not sure why the standard method of installation doesn't works, maybe the "Permission Denied" is related to Windows Firewall?
But anyway... I'm very happy with this solution, thanks for the support!

from wsl-vpnkit.

Hi @sakai135,

I have tried to manually add Windows Firewall rules to allow "wsl-vpnkit.exe" inband/outband traffic. But unfortunately this doesn't helps. Also, looks like there's no such rules to deny the requests.. something else is blocking the "wsl-vpnkit.exe" process.
Does this process really uses the Windows sockets for communication, or only the PIPE is being used? This because when I open the Windows Resource Monitor I see no socket being used (i.e. listening ports or TCP connections)... or it's using UDP or either RAW sockets? Basically I want to understand why we have such "Permission denied" errors in other to find a better fix for this issue.

The main problem of using Docker Desktop vpnkit.exe's are the recent docker license changes... I don't want to use Docker Desktop anymore.

Best regards,
Sumo

from wsl-vpnkit.

@kingsumos PIPE is used for communication between WSL2 and wsl-vpnkit.exe. wsl-vpnkit.exe then acts as a client to relay the request/response to the destination. wsl-vpnkit.exe does not listen on any ports.

Have you tried placing wsl-vpnkit.exe inside C:\Program Files\somefolder? You could also uninstall Docker Desktop and then place vpnkit.exe in the same location. Check if there are any logs from your VPN client which may show any VPN policies that are blocking the requests.

from wsl-vpnkit.

I have tried placing vpnkit in "C:\Program Files\vpnkit\wsl-vpnkit.exe" and it works!
e.g.:
sudo VPNKIT_PATH='/mnt/c/Program Files/vpnkit/wsl-vpnkit.exe' ./wsl-vpnkit

Meanwhile I'm checking if there are any logs from my VPN client (Pulse Secure)... Funny, everything works when using "C:\Program Files", no firewall rules needed also...

Thanks for your support @sakai135 !

from wsl-vpnkit.