sakai135 / wsl-vpnkit Goto Github PK
View Code? Open in Web Editor NEWProvides network connectivity to WSL 2 when blocked by VPN
License: MIT License
Provides network connectivity to WSL 2 when blocked by VPN
License: MIT License
I've got it installed, I can see it as an option in the Windows Terminal which when I open it shows some information on how to use it.
When in a powershell terminal I run wsl.exe -d wsl-vpnkit service wsl-vpnkit start
a handful of terminal windows open, some have [process exited with code 128 (0x00000080)]
in them, others are blank.
https://i.imgur.com/Y6CbQZM.png
If I try and close the terminal windows that are opened a seemingly endless number of them open one after another, I need to reboot my machine to get them to stop.
Hi,
Thanks for wsl-vpnkit, Docker containers of Docker CE (not docker desktop) on wsl2 can connect to external hosts by specifying ip address under VPN(PANGP) environment. But, it seems not be able to resolve hostname so the following curl command fails on the containers.
$ docker exec -it hoge2 curl --head www.google.com
curl: (6) Could not resolve host: www.google.com; Unknown error
I checked the nameserver on docker containers are set to the address of virtual ethernet adapter for WSL and confirmed ping command to the address done successfully. And I can make the dns name resolution success when I disable the VPN or tweak metrics value of network adapters. Attaching containers to docker host (not bridge) network seems work as well.
As far as appearances go, only the access to the WSL virtual adapter per se for name resolution fails still using wsl-vpnkit. Is it an expected behavior?
Regards,
Start wsl-vpnkit from your other WSL 2 distros. Add the command to your .profile or .bashrc to start wsl-vpnkit when you open your WSL terminal.
wsl.exe -d wsl-vpnkit service wsl-vpnkit start
How do you start wsl-vpnkit from other distros?
Hello
I've used your script a lot with Windows 10 and now, I've migrated to W11 and I see that $env:USERPROFILE
isn't recognized anymore by the console. The command wsl --import wsl-vpnkit $env:USERPROFILE\wsl-vpnkit wsl-vpnkit.tar.gz --version 2
isn't working under W11 and should be replaced by wsl --import wsl-vpnkit %USERPROFILE%\wsl-vpnkit wsl-vpnkit.tar.gz --version 2
.
Thanks for wsl-vpnkit!
First of all thank you so much for this project, Sakai135!!
installed wsl vpn kit through the wrapper https://github.com/mbl-35/wsl-vpnkit. everything working good but upon starting docker, wsl vpn service getting broken with the below error.
Failed to read a packet header from host Error: 0. No error information
2021/06/24 12:56:58 open //./pipe/wsl-vpnkit: The system cannot find the file specified.
EOF reading from socket: closing
Failed to read hello from client
Failed to negotiate vmnet connection
2021/06/24 12:56:59 open //./pipe/wsl-vpnkit: The system cannot find the file specified.
EOF reading from socket: closing
is this a limitation of either of docker or wsl vpn kit only one runs at a time? if not, can you please guide me on fixing this?
Thanks in advance!!
plz let me know
when I scan the file wsl-gvproxy.exe mcafee doesn't alert anything, after I run this command
wsl.exe -d wsl-vpnkit service wsl-vpnkit start a minute later mcafee quarantines the file wsl-gvproxy.exe
only information is Real Protect-PENGSD5!4F037B7EED59.
i've google'd it nothing comes up. I downloaded latest build just yesterday v0.3.2.
anybody else having this issue!
I'm facing an issue where after a bit of time my X11 windows disappear with this in the vpnkit log:
wsl-vpnkit.exe: [WARNING] TCP 192.168.67.3:56138 > 192.168.67.2:6000 closing flow due to idle port disconnection
After using some google-fu I found this moby/vpnkit#414 and docker/for-win#2639
Is there a way to disable or set port-max-idle-time option in wsl-vpnkit?
Unless I'm missing something, is there a clever workaround to expose a port on WSL2 while WSL-VPNkit is active?
In WSL2:
python3 -m http.server
In windows:
curl http://???/
Note: IPv6 works, but that's not using WSL-vpnkit, that's just a side that on my VPN, IPv6 apparently still works even without WSL-vpnkit
I'm running into a very peculiar problem with wsl-vpnkit. I just installed the program after a few months of messing with resolv.conf every week. Basically wsl-vpnkit manages to nslookup example.com twice before it decides to stop working until a WSL terminate, where the same thing happens. Logs:
> wsl.exe -d wsl-vpnkit tail -f /var/log/wsl-vpnkit.log
check: ✔️ nslookup success for example.com AAAA using 192.168.67.1
check: ✔️ nslookup success for example.com AAAA using 192.168.67.1
nslookup: can't connect to remote host (172.31.240.1): Network unreachable
check: ❌ nslookup fail for example.com AAAA using 172.31.240.1
nslookup: can't connect to remote host (1.1.1.1): Network unreachable
check: ❌ nslookup fail for example.com AAAA using 1.1.1.1
ping: bad address 'example.com'
check: ➖ ping fail to IPv6 external host (example.com)
wget: bad address 'example.com'
check: ❌ wget fail for https://example.com
I'm using Surfshark VPN with OpenVPN (UDP). Starting the service does not change anything from my WSL linux instance, still cannot connect.
$ wsl.exe -d wsl-vpnkit service wsl-vpnkit start
$ sudo ping google.com
ping: google.com: Temporary failure in name resolution
$ dig google.com # freezes
^C^C
$ nslookup google.com # also freezes
^C
^C
$ sudo ping 172.217.25.14
ping: connect: Network is unreachable
I'm not sure if I need to change the wsl-vpnkit config in order to make it work, since the documentation isn't very clear. Should I be changing something in /etc/resolv.conf
on my linux instance?
Edit: I nslookup'd google.com in powershell and attempted to ping that IP in the linux instance. However that still errors, meaning that it is not (only) a DNS issue.
First, thanks for your great work, last release with separate distro and iptables is awesome 🎉 !
At work, some PC have Windows system in an other drive than C:
, exemple D:
.
You can also configure directory where drives are mounted, in /etc/wsl.conf, see https://docs.microsoft.com/en-us/windows/wsl/wsl-config:
Section: [automount]
root (default: /mnt/): Sets the directory where fixed drives will be automatically mounted.
For example, if you have a directory in WSL at /windir/ and you specify that as the root, you would expect to see your fixed drives mounted at /windir/c
I think you use these code to find real values:
https://github.com/wslutilities/wslu/blob/173da54ec9b138c1c5d13dd24398ed1d114024f8/src/wslu-header#L111-L146
function interop_prefix {
win_location="/mnt/"
if [ -f /etc/wsl.conf ]; then
tmp="$(awk -F '=' '/root/ {print $2}' /etc/wsl.conf | awk '{$1=$1;print}')"
[ "$tmp" == "" ] || win_location="$tmp"
[[ "$win_location" =~ ^.*/$ ]] || win_location="$win_location/" # make sure it always end with slash
unset tmp
fi
echo "$win_location"
unset win_location
}
function sysdrive_prefix {
win_location="$(interop_prefix)"
hard_reset=0
for pt in $(ls "$win_location"); do
if [ $(echo "$pt" | wc -l) -eq 1 ]; then
if [ -d "$win_location$pt/Windows/System32" ]; then
hard_reset=1
win_location="$pt"
break
fi
fi
done
if [ $hard_reset -eq 0 ]; then
win_location="c"
fi
echo "$win_location"
unset win_location
unset hard_reset
}
Hi! Thanks for your great job!
I was able to use this project but for some reason I had very slow dns lookups. ping 8.8.8.8
goes ok (50ms), but git clone github.com/some/repo
takes 10 second to just start cloning.
So I looked at other solutions and found this that helped me. Basically it gets DNS server addresses from VPN internet adapter and writes it to /etc/resolv.conf
(and restores original dns providers when out of vpn).
Are the vpn wsl problems solved by yours and theirs solutions exact same problems?
If so, yours is monstreously more hard to use. Shouldn't we redirect new users to more lightweight solutions?
I've been using this kit for a while without a problem:
wsl.exe -d wsl-vpnkit service wsl-vpnkit start
from inside a script in the fedoraremix distribution.For two days now, this is not working anymore. I'm not sure wheter is some kind of policy enforcement from my corporation. What I've noticed:
I don't remember the exact version 0.2.x I was using (I've been switching from the latest to 0.2.5 these days trying to fix it) What I've noticed:
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:15:5d:92:c9:ce brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65521 numtxqueues 64 numrxqueues 64 gso_max_size 62780 gso_max_segs 65535 inet 172.24.124.229/20 brd 172.24.127.255 scope global eth0 valid_lft forever preferred_lft forever inet 172.24.124.229/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::215:5dff:fe92:c9ce/64 scope link valid_lft forever preferred_lft forever
So I don't know if it has to do with permissions, firewall, policies or something like it. I also don't know how to properly debug the issue and find out where the traffic is being blocked. My network expertise is low.
Appreciate any help
Am I right, that "standalone" script must have wsl-vpnkit
repo cloned and these instructions must be run from cloned repo folder?
I know, it's silly, but it's not harm to add note in this script for users.
Line 62 in b19abe3
The current script is a great, educational example on how one can use vnpkit to use WSL2 in a VPN environment.
I ended up making a number of adjustments to the script to:
a) If the script is executed again, kill all lingering processes from last run both on windows and linux side, as currently it would start to stack processes and wouldn't work right.
#pre-cleanup any running processes
echo "Cleaning up anything left running..."
PROCS=("socat" "vpnkit-tap-vsockd")
for value in "${PROCS[@]}"
do
while pidof $value; do
echo "Killing
kill $(pidof $value)
done
done
b) Look up the vpnkit parent id before killing to ensure I'm not killing an active 'docker desktop' instance of vpnkit.
cleanup_vpnkit() {
PIDS="$(${POWERSHELL_PATH} -Command "(Get-Process "vpnkit").Id")"
echo "PIDS: $PIDS"
mypids=( $(echo "$PIDS" | fmt -999) )
for i in "${mypids[@]}"; do
PID="$(echo "$i" | tr -d '\n' | tr -d '\r')"
PARENT="$(${POWERSHELL_PATH} -Command "(Get-Process -Id ((gwmi win32_process |? processid -eq $PID).parentprocessid)).ProcessName" | tr -d '\n\r')"
echo "Parent: '$PARENT'"
if [ ! "$PARENT" = "Docker Desktop" ]; then
echo "Delete it!"
${POWERSHELL_PATH} -Command "Stop-Process -Id $PID"
else
echo "Keep it!"
fi
done
}
Lastly, I wrapped the script with something that runs it in a tmux and pipes output to a log file, then I run that via wsl cli in the background (windows batch script):
#!/bin/bash
#---start go script
if [ ! "$(id -u)" = "0" ]; then
echo "Not root, calling self as root..."
sudo -E sh -c "$0"
exit "$?"
else
echo "Running as root..."
fi
#first graceful kill
if ps -ef | grep -v grep | grep "/bin/sh ./wsl-vpnkit" >/dev/null; then
echo "Graceful kill of older processes..."
for i in $(ps -ef | grep "/bin/sh ./wsl-vpnkit" | grep -v grep | awk '{print $2}'); do kill $i; done
fi
if ps -ef | grep -v grep | grep "/bin/sh ./wsl-vpnkit" >/dev/null; then
echo "Wait 60 sec for graceful death..."
sleep 60
fi
if ps -ef | grep -v grep | grep "/bin/sh ./wsl-vpnkit" >/dev/null; then
echo "Not so graceful kill of older processes..."
for i in $(ps -ef | grep "/bin/sh ./wsl-vpnkit" | grep -v grep | awk '{print $2}'); do kill -9 $i; done
fi
#startup
echo "Starting up..."
cd /opt/wsl-vpnkit
if [ -f "./wsl-vpnkit.out" ]; then
mv ./wsl-vpnkit.out ./wsl-vpnkit.out.$(date +'%Y%m%d%H%M%S')
fi
tmux new -d './wsl-vpnkit > ./wsl-vpnkit.out 2>&1'
#---end go script
The windows batch script contents:
wsl -d <my_wsl_distribution> /opt/wsl-vpnkit/go &
This seems to be working pretty reliably for me, so I wanted to share.
I do hope Microsoft either includes a solution like this, or otherwise identifies an alternative solution to make WSL2 work cleanly in VPN environments. Until then, this is working nicely!
Hello thanks for the program, I'm a total newbie with docker, can you give more information about http_proxy.json
and gateway_forwards.json
? I found these file in my APPDATA folder on the host after installing Docker, are they correctly configured automatically by docker itself after turning on the VPN (I use Cisco AnyConnect)?
At the moment, after running ./wsl-vpnkit
i get:
successfully created TAP device eth1
starting in connect mode with path=/var/run/wsl-vpnkit.sock and tap=eth1
Server reports version 22, commit 0123456789012345678901234567890123456789
VMNET VIF has MAC 02:50:00:00:00:01
but i still can't access the network with wsl, sometimes I also get this error (seems to appear randomly):
vpnkit.exe: [INFO] Setting handler to ignore all SIGPIPE signals
vpnkit.exe: [INFO] Version is 218f01482560cba2fa863f9ad872ad51d1e717fc
vpnkit.exe: [INFO] System SOMAXCONN is 2147483647
vpnkit.exe: [INFO] Will use a listen backlog of 32
vpnkit.exe: [INFO] No periodic Gc.compact enabled
vpnkit.exe: [WARNING] There is no database: using hardcoded network configuration values
vpnkit.exe: [INFO] DNS server configured with no builtin DNS names; everything will be forwarded
vpnkit.exe: [INFO] 2 upstream DNS servers are configured
vpnkit.exe: [INFO] Disabling transparent HTTP redirection
vpnkit.exe: [INFO] Updating resolvers to use host resolver
vpnkit.exe: [INFO] Secure random number generator is available
vpnkit.exe: [INFO] Add(3): DNS configuration changed to: use host resolver
vpnkit.exe: [INFO] DNS server configured with builtin DNS names [ gateway.internal -> 192.168.67.1, host.internal -> 192.168.67.2, vm.internal -> 192.168.67.3 ]
vpnkit.exe: [INFO] Will use the host's DNS resolver
vpnkit.exe: [INFO] Transparent HTTP redirection configuration file C:\Users\lpuglia\AppData\Roaming/Docker/http_proxy.json has changed
vpnkit.exe: [INFO] Reading transparent HTTP redirection from C:\Users\lpuglia\AppData\Roaming/Docker/http_proxy.json
vpnkit.exe: [INFO] Watching transparent HTTP redirection configuration file C:\Users\lpuglia\AppData\Roaming/Docker/http_proxy.json for changes
vpnkit.exe: [INFO] New Gateway forward configuration: []
vpnkit.exe: [INFO] Gateway forwards file C:\Users\lpuglia\AppData\Roaming/Docker/gateway_forwards.json has changed
vpnkit.exe: [INFO] Reading gateway forwards file from C:\Users\lpuglia\AppData\Roaming/Docker/gateway_forwards.json
vpnkit.exe: [INFO] Watching gateway forwards file C:\Users\lpuglia\AppData\Roaming/Docker/gateway_forwards.json for changes
vpnkit.exe: [INFO] Configuration server_macaddr = f6:16:36:bc:f9:c6; max_connection = None; dns_path = None; dns = ; resolver = Host; domain = None; allowed_bind_addresses = 0.0.0.0; gateway_ip = 192.168.67.1; host_ip = 192.168.67.2; lowest_ip = 192.168.67.3; highest_ip = 192.168.67.14; dhcp_json_path = None; dhcp_configuration = None; mtu = 1500; http_intercept = None; http_intercept_path = C:\Users\lpuglia\AppData\Roaming/Docker/http_proxy.json; port_max_idle_time = 300; host_names = host.internal; gateway_names = gateway.internal; vm_names = vm.internal; udpv4_forwards = []; tcpv4_forwards = []; gateway_forwards_path = C:\Users\lpuglia\AppData\Roaming/Docker/gateway_forwards.json; pcap_snaplen = 128
vpnkit.exe: [INFO] Updating transparent HTTP redirection: {
"exclude": "",
"transparent_http_ports": [
80
],
"transparent_https_ports": [
443
]
}
vpnkit.exe: [INFO] New Gateway forward configuration: [{"protocol":"udp","external_port":53,"internal_ip":"127.0.0.1","internal_port":54216},{"protocol":"tcp","external_port":53,"internal_ip":"127.0.0.1","internal_port":53271}]
vpnkit.exe: [ERROR] Failed to parse address '' from hosts file
vpnkit.exe: [INFO] C:\Windows\System32\drivers\etc\hosts file has bindings for host.docker.internal gateway.docker.internal kubernetes.docker.internal
successfully created TAP device eth1
starting in connect mode with path=/var/run/wsl-vpnkit.sock and tap=eth1
Server reports version 22, commit 0123456789012345678901234567890123456789
VMNET VIF has MAC 02:50:00:00:00:01
The netdev group (used for the socat command) is a debian only thing. This group doesn't appear to exist in fedora or other distros. I'm not sure which group to go for otherwise. I use systemd-network for now until I find a better one or maybe it's already the right one?
Hello,
First of all, thank you @sakai135 for this work/repo it's been a great help.
I have difficulties with my current WSL2 setup.
Once i restart my computer, the Hyper-V virtual Ethernet Adapter used by WSL is remove and a new one is created as soon as a new linux distro is launched.
I did not find how to make it permanent if it's even possible.
The consequence is the IP range change every time and i have to rewrite the wsl-vpnkit.conf
file each time.
I have to do this because the IPs does not match the default ones, which are in the 192.168.67.0/24
range, but are in a 172.x.y.0/20
range.
I also have to set VPNKIT_GATEWAY_IP
to non allocated IP (ex: X.Y.Z.254) because, as soon i configure that to be equal to VPNKIT_HOST_IP
which seem to always be the first IP in the IP range, i get network unreachable
errors.
I did not find any dedicated IP in the WLS2 vethernet card's IP range.
(setting it to the last IP in the range seem to work).
Is there a way to have some kind of automatic configurations before launching the proxy process ?
Config values could be computed from powershell commands:
Get-NetIPAddress -InterfaceAlias "vEthernet (WSL)" -AddressFamily IPv4
Get-DnsClientServerAddress -InterfaceAlias "*local*" -Family IPv4
Am I missing something from the documentation which would help solving my problems ?
PS: does wls-vpnkit iptables rules compatible with IP range different than /24 ?
Best regards.
Is the MIT licence compatible with the upcoming licence changes for the Docker Desktop installer?
Hello,
I want to check as I start my distro (debian) if wsl-vpnkit service is up. So I added a script at my .login:
read "wsl_vpnkit_yn? * Do you want to start wsl-vpnkit ? y/n "
echo
if [[ "$wsl_vpnkit_yn" =~ ^[Yy]$ ]]; then
echo "Start wsl-vpnkit ..."
wsl.exe -d wsl-vpnkit service wsl-vpnkit start
fi
fi
Is there anyway to obtain the information and put it in the "WSL_KIT" variable ?
I keep getting an access denied error and my account does not even have permissions to execute or delete / modify the .exe file. Am I missing some config here?
I have to launch one, two or three times the disto for it to work on my laptop.
I think it is the bug in WSL you have already create:
microsoft/WSL#6917
As a workaround, instead of calling this:
wsl.exe -d wsl-vpnkit service wsl-vpnkit start
I remove background option of wsl-vpnkit.service
and keep wsl.exe process in background like this:
wsl.exe -d wsl-vpnkit sed -i '/--background/d' /app/distro/wsl-vpnkit.service
wsl.exe -d wsl-vpnkit sed -i '/--stdout/d' /app/distro/wsl-vpnkit.service
wsl.exe -d wsl-vpnkit sed -i '/--stderr/d' /app/distro/wsl-vpnkit.service
nohup sh -c "wsl.exe -d wsl-vpnkit service wsl-vpnkit start" 2>&1 </dev/null &
Have you a better solution?
Update to also add/update /etc/wsl.conf
to disable generateResolvConf
.
Thanks for the suggestion. I have tested wsl-vpnkit, here it works partially: local network and Internet access are ok, but I can't reach any host inside my VPN network (i.e. ping fails, ssh login fails). Looks like all traffic is routed outside the VPN, not sure - further investigation is needed... Maybe I need to setup some routing for hosts inside VPN. Any clues?
Originally posted by @kingsumos in microsoft/WSL#5068 (comment)
Getting the following failure when running the script, used to work before.
vpnkit.exe: [INFO] C:\Windows\System32\drivers\etc\hosts file has bindings for host.docker.internal gateway.docker.internal kubernetes.docker.internal
TUNSETIFF failed Error: 16. Resource busy
I'm running into some problem using the WSL VPN Kit (running in Ubuntu-20.04 WSL2) from alpine in WSL2
Setup wsl-vpnkit in Ubuntu-20.04
Restart Ubuntu-20.04 and start wsl-vpnkit
Start alpine (3.13.4, if that matters. Installed from MS Store fresh today)
Edit /etc/wsl.conf
just like I did in Ubuntu
[network]
generateResolvConf = false
Edit /etc/resolv.conf
to read nameserver 192.168.67.1
Restart Alpine to make sure everything is happy.
Anything that needs dns resolution
ping www.google.com
ping: bad address 'www.google.com'
wget http://www.example.com
wget: bad address 'www.example.com'
I get the same failures both on and off of VPN
DNS resolution and internet traffic actually both work
nslookup example.com
Server: 192.168.67.1
Address: 192.168.67.1#53
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
** server can't find example.com: NXDOMAIN
wget http://45.33.7.16/
Connecting to 93.184.216.34 (93.184.216.34:80)
wget: server returned error: HTTP/1.1 404 Not Found
ip route
default via 192.168.67.1 dev eth1
172.22.224.0/20 dev eth0 scope link src 172.22.226.58
192.168.67.0/24 dev eth1 scope link src 192.168.67.3
I get the same results both on and off of VPN
Additional: If I delete /etc/wsl.conf
and /etc/resolv.conf
and restart WSL while off of VPN, everything works as normal, but only when not on VPN. So alpine is working when not using vpnkit
Internet should be working, especially if wget
by IP and and nslookup
are both clearly working. What could be going on to prevent this from functioning as intended?
I have to work with multiple WSL distro running at same time.
Is it possible to use your script with more than one distro running at same time?
Keep DNS pointed to VPNKit gateway IP.
Expect vscode to be able to open in wsl2 while connected to VPN.
Also, tried to follow steps to configure vs code remote extension, but cannot find the necessary function to change.
async function P(e,t,s){if(l.isWSL1(s))return"127.0.0.1";}
Vscode cannot establish a remote connection to wsl2 when connected to VPN.
Work around, turn off vpn, connect to wsl2 with vscode, turn on vpn.
Possible reason for not being able to find the function is I'm using a new version of vscode remote wsl extensions:
~/.vscode/extensions/ms-vscode-remote.remote-wsl-0.54.6/dist/wslDaemon.js
wsl: 2
Windows 10: 19042.928
VS Code Remote WSL Extension: 0.54.6
Any help is appreciated!
When running the service with the WSL Preview 0.48.2.0 results in Windows executables showing up as separate windows. For now, the workaround is to run the script directly and keep the terminal open.
wsl.exe -d wsl-vpnkit wsl-vpnkit
Hi,
is there a way to configure wsl-vpnkit to use a corporate proxy ?
wget, used in checks fail because it cannot get a website outside of my corporate network.
I saw a PR about HTTP_PROXY_CONFIG_PATH
(#76) but i assume it was related to docker's vpnkit.
My current workaround is to configure CHECK_HOST
to use a domain inside my corporate network.
Best regards.
For the past 6 month I was using the AmmarRahman's version of wsl-vpn but his new changes won't work anymore and I can't get any connection.
I tried your solution and I can reach the internal network just fine. But I cannot reach external networks (internet). Could you help me please getting this fixed/working?
best regards
I have wsl-vpnkit working as root user. However, I am facing one issue. Name resolution works as root user, but not as a non privileged user. I am using the wsl-vpnkit default gateway in the resolve.conf file per the instructions.
Hi,
I hope this will solve my WSL2 networking issues with VPN and Hibernate.
Followed the install steps but I cannot start wsl-vpnkit
/mnt/c/Users/4integration$ sudo ./wsl-vpnkit
sudo: ./wsl-vpnkit: command not found
What is missing?
It looks to me like this works, but you need to change the alpine distro to WSL2, so maybe add to your instructions:
wsl --set-version wsl-vpnkit 2
Please fix reference to wsl-vpnkit script in standalone script using block
# download the wsl-vpnkit script to current directory
wget https://raw.githubusercontent.com/sakai135/wsl-vpnkit/main/wsl-vpnkit
to
# download the wsl-vpnkit script to current directory
wget https://raw.githubusercontent.com/sakai135/wsl-vpnkit/v0.2.x/wsl-vpnkit
Great work, very useful!
Is it an idea to make it a tiny bit more "generic" so that it can run, for example, in an Alpine distro with default shell?
I have been working on a version which seems close:
Most of it is quite straight forward changes I think, but the trap/cleanup logic is a bit hard to get right. When first making the script valid #! /bin/sh
I kept getting two vpnkit-tap-vsockd
left after exit (Ctrl+C) - when running from Alpine's sh, but also Debian's sh. This never happens when running with bash, in fact I could even remove the existing kill $PID_RELAY $PID_TAP
and it seems to always stop all the the subshells/processes on exit! The only way to make it kill the vpnkit-tap-vsockd was to add a kill 0
at the end of the close function, which I guess is a bit dirty?
add messaging and timeout to the socket and tap checks added in #33
The instructions in the README seem to use apt
to install packages from within WSL 2, but, as far as I understand, the purpose of the software is to provide internet access to the VM. In my case, for example, I cannot use apt
as it is listed in the README commands, even with Docker Desktop for Windows installed, as it fails to resolve the request to the package repository.
Am I missing something, or does this software require a functioning apt get
to work? Thanks, if I could get it working this would be extremely helpful for several people on my team. In any case, I am thinking I may be able to download the packages manually and install with dpkg.
Seems like resolving PTR DNS records is not working from WSL2. DNS resolution works correctly though.
A from WSL2:
# nslookup host.example.com
Server: 192.168.67.1
Address: 192.168.67.1#53
Non-authoritative answer:
Name: host.example.com
Address: 10.28.83.140
PTR from WSL2:
# nslookup 10.28.83.140
** server can't find 140.83.28.10.in-addr.arpa: NXDOMAIN
However, resolving from Windows host works correctly:
# nslookup 10.28.83.140
Server: dns.example.com
Address: 10.2.90.1
Name: host.example.com
Address: 10.28.83.140
Hi there.
Any idea why I can't run this inside a tmux session? I get:
myuser@LAPTOP ~ % sudo ./wsl-vpnkit.sh
successfully created TAP device eth1
starting in connect mode with path=/var/run/wsl-vpnkit.sock and tap=eth1
Failure reading from socket: closing: Connection reset by peer
Failed to read hello from client
Failed to negotiate vmnet connection
Failure reading from socket: closing: Connection reset by peer
Failed to read hello from client
Failed to negotiate vmnet connection
But in a regular terminal:
myuser@LAPTOP ~ % sudo ./wsl-vpnkit.sh
vpnkit.exe: [INFO] Setting handler to ignore all SIGPIPE signals
vpnkit.exe: [INFO] Version is 218f01482560cba2fa863f9ad872ad51d1e717fc
vpnkit.exe: [INFO] System SOMAXCONN is 2147483647
vpnkit.exe: [INFO] Will use a listen backlog of 32
vpnkit.exe: [INFO] No periodic Gc.compact enabled
vpnkit.exe: [WARNING] There is no database: using hardcoded network configuration values
vpnkit.exe: [INFO] DNS server configured with no builtin DNS names; everything will be forwarded
vpnkit.exe: [INFO] 2 upstream DNS servers are configured
vpnkit.exe: [INFO] Disabling transparent HTTP redirection
vpnkit.exe: [INFO] Updating resolvers to use host resolver
vpnkit.exe: [INFO] Secure random number generator is available
vpnkit.exe: [INFO] Add(3): DNS configuration changed to: use host resolver
vpnkit.exe: [INFO] DNS server configured with builtin DNS names [ gateway.internal -> 192.168.67.1, host.internal -> 192.168.67.2, vm.internal -> 192.168.67.3 ]
vpnkit.exe: [INFO] Will use the host's DNS resolver
vpnkit.exe: [INFO] New Gateway forward configuration: []
vpnkit.exe: [INFO] Configuration server_macaddr = f6:16:36:bc:8a:c6; max_connection = None; dns_path = None; dns = ; resolver = Host; domain = None; allowed_bind_addresses = 0.0.0.0; gateway_ip = 192.168.67.1; host_ip = 192.168.67.2; lowest_ip = 192.168.67.3; highest_ip = 192.168.67.14; dhcp_json_path = None; dhcp_configuration = None; mtu = 1500; http_intercept = None; http_intercept_path = None; port_max_idle_time = 300; host_names = host.internal; gateway_names = gateway.internal; vm_names = vm.internal; udpv4_forwards = []; tcpv4_forwards = []; gateway_forwards_path = None; pcap_snaplen = 128
vpnkit.exe: [ERROR] Failed to parse address '' from hosts file
vpnkit.exe: [INFO] C:\Windows\System32\drivers\etc\hosts file has bindings for vmware-localhost vmware-localhost host.docker.internal gateway.docker.internal kubernetes.docker.internal
successfully created TAP device eth1
starting in connect mode with path=/var/run/wsl-vpnkit.sock and tap=eth1
vpnkit.exe: [INFO] Vmnet.Server.negotiate: received { magic = VMN3T; version = 22; commit = }
Server reports version 22, commit 0123456789012345678901234567890123456789
vpnkit.exe: [INFO] Generated UUID on behalf of client: 0656efd6-6cfe-88af-a0f2-8a98a931cc47
vpnkit.exe: [INFO] Vmnet.Server.negotiate: received Ethernet 0656efd6-8cfe-49af-a0f2-8a98a931cc47
vpnkit.exe: [INFO] Vmnet.Server.negotiate: sending { mtu = 1500; max_packet_size = 1550; client_macaddr = 02:5a:00:00:00:01 }
vpnkit.exe: [INFO] Vmnet.Server.listen: rebinding the primary listen callback
vpnkit.exe: [INFO] Vmnet.Server.listen: starting event loop
vpnkit.exe: [INFO] Connected Ethernet interface f6:16:36:8a:f9:c6
VMNET VIF has MAC 02:5a:00:00:00:01
vpnkit.exe: [INFO] Client mac: 02:5a:00:00:00:01 server mac: f6:16:36:8a:f9:c6
vpnkit.exe: [INFO] TCP/IP ready
vpnkit.exe: [INFO] TCP/IP stack connected
And finally: Thank you SO much for this! Very creative and useful.
Hello,
my behaviour with vpnkit:
vpn off:
dns is working
wsl2 has internet connection
wsl2 has (of course) no connection to corp. intranet
vpn on:
dns is working
wsl2 lost partial internet connection: ping is possible, all other connections will timeout
wsl2 has connection to corp.intranet
My question: can I somehow route only corp intranet traffic (whole x.x.x.x/8 network) through vpn and leave the rest as it is without vpn ?
At my company, we're using AppLocker to lock down the executables people can run on their Windows machines. There are just some limited paths where I'm allowed to run things. The user profile folder isn't one of those locations unfortunately.
Would it be possible to make the location for executables on the windows host system configurable?
Nevermind, I executed wsl-vpnkit.exe instead of wsl-vpnkit. Mistake on my part. Thanks for your work!
Hello,
sudo /.wsl-vpnkit is not working for me: command not found
I followed your instructions, and no clue about my issue
Thank you
Hi!
As mentioned in the title, npiperelay is flagged by multiple AVs as dangerous software: https://www.virustotal.com/gui/file/9a9beb0286434d7250f4d95777210a61cbea23abf73f275625b813b05c562570/detection . It also appears to be unmaintained (last commit to master 2y agos, stale PRs and Issues, etc...). Is there another solution to use wsl-vpnkit that does not involve using npiperelay? It would make my corporate security team very happy! Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.