WSL Failed To Send HTTP Request On Public Domains/IP!

[0xrobiul]

Windows Version

Microsoft Windows [Version 10.0.22631.3958]

WSL Version

2.2.4.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

5.15.153.1-2

Distro Version

Kali-Linux 2024.2

Other Software

No response

Repro Steps

On Fresh & Clean Windows I Just Installed Kali-Linux In WSL!

I'm Able To Curl/Wget On Locally Hosted Web Applications But Can't On Public Domains/IP Such As google.com or http://1.1.1.1.

But I Can Connect Over SSH & Ping To Public IP/Domains! It Resolves Domains Perfectly!

Expected Behavior

~$curl https://google.com -v
* Host google.com:443 was resolved.
* IPv6: (none)
* IPv4: 142.250.195.206
*   Trying 142.250.195.206:443...
* Connected to google.com (142.250.195.206) port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* using HTTP/1.x
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/8.8.0
> Accept: */*
>
* Request completely sent off
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 301 Moved Permanently
< Location: https://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-PiuZ-w_o10YCo-0HfaHNyw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
< Date: Mon, 29 Jul 2024 12:42:43 GMT
< Expires: Wed, 28 Aug 2024 12:42:43 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 220
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/">here</A>.
</BODY></HTML>
* Connection #0 to host google.com left intact

Actual Behavior

Curl To Google!

└─$ curl https://google.com -v
* Host google.com:443 was resolved.
* IPv6: 2404:6800:4007:821::200e
* IPv4: 142.250.195.206
*   Trying 142.250.195.206:443...
*   Trying [2404:6800:4007:821::200e]:443...
* Immediate connect fail for 2404:6800:4007:821::200e: Network is unreachable
* connect to 142.250.195.206 port 443 from 172.17.156.104 port 33158 failed: Connection timed out
* Failed to connect to google.com port 443 after 133695 ms: Couldn't connect to server
* Closing connection
curl: (28) Failed to connect to google.com port 443 after 133695 ms: Couldn't connect to server

Diagnostic Logs

Curl On Locally Hosted Web Application (Routers Admin Panel)

└─$ curl http://192.168.0.1 -vI
*   Trying 192.168.0.1:80...
* Connected to 192.168.0.1 (192.168.0.1) port 80
> HEAD / HTTP/1.1
> Host: 192.168.0.1
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 405 Method Not Allowed
HTTP/1.1 405 Method Not Allowed
< Content-Type: text/html;charset=UTF-8
Content-Type: text/html;charset=UTF-8
< Content-Length: 0
Content-Length: 0
< Connection: close
Connection: close
< Cache-control: no-cache
Cache-control: no-cache
<

* Closing connection

Ping Test On Google! (It Can Resolve The Host!)

└─$ ping google.com -c 3
PING google.com (142.250.193.174) 56(84) bytes of data.
64 bytes from maa05s26-in-f14.1e100.net (142.250.193.174): icmp_seq=1 ttl=55 time=31.6 ms
64 bytes from maa05s26-in-f14.1e100.net (142.250.193.174): icmp_seq=2 ttl=55 time=34.0 ms
64 bytes from maa05s26-in-f14.1e100.net (142.250.193.174): icmp_seq=3 ttl=55 time=35.4 ms

--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 31.597/33.687/35.445/1.588 ms

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Open similar issues:

• WSL2 no internet/net connection (#10421), similarity score: 0.74

Closed similar issues:

• Curl doesn't work as expected on WSL 2 (#8285), similarity score: 0.76
• Kali-Linux WSL2 is unable to connect to Internet (#11748), similarity score: 0.74
• Unable to connect to HTTP urls in WSL2; but HTTPS works (#6166), similarity score: 0.74
• HTTPS connection failed from some web sites (#7189), similarity score: 0.73

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

[0xrobiul]

Here's Network Log!!
WslNetworkingLogs-2024-07-29_20-28-33.zip

[github-actions]

Diagnostic information

Detected appx version: 2.2.4.0
optional-components.txt not found

[0xrobiul]

Additionally I'd Like To Say That It Works Perfectly With WSL1 But Problem Still Remains WSL2! And It's Happening On All Distro!

[CatalinFetoiu]

hi @0xrobiul thanks for attaching the logs

the logs show SYN packets to the IP of google.com, port 443 being sent by Linux, Windows applies NAT-ing to those packets and sends them over the Wifi interface, but there is no SYN-ACK response from the IP of google.com. This suggests something external to the Windows host is interfering with the traffic.

do you have an HTTP/HTTPS proxy configured on Windows?

[0xrobiul]

Hey @CatalinFetoiu,
There's No Proxy Configuration, And It's A Complete Fresh Windows 11 Home Installation!

[CatalinFetoiu]

@0xrobiul thanks. can you please collect a new set of logs using the following instructions?
I'd like to see logs of WSL starting up and of connecting to google.com over HTTPS from both Windows and Linux

Start .\collect-networking-logs.ps1
Run "wsl --shutdown"
Start WSL
on Windows, connect to https://google.com in a browser
In Linux, run curl https://google.com
Stop collect-networking-logs.ps1 and share the zip

Thanks

[0xrobiul]

Hey @CatalinFetoiu,
Here's The Log!!

WslNetworkingLogs-2024-08-03_05-25-17.zip

[github-actions]

Diagnostic information

Detected appx version: 2.2.4.0
optional-components.txt not found

[0xrobiul]

Hey @CatalinFetoiu, Any Update On It?