How does WSL2 2.0.0 interact with wsl-vpnkit?

[ChrisJefferson]

I noticed WSL2 2.0.0 was released ( https://github.com/microsoft/WSL/releases/tag/2.0.0 ), the release notes do mention some VPN-related things.

I've been using, and loving, wsl-vpnkit, so I don't know if this new functionality could replace, or break, wsl-vpnkit, and I'm afraid to install 2.0.0 in case I end up with nothing!

If anyone else tries the update, I'd be interested to know the results.

[mendhak]

Would love to know as well, and also whether some of the features mentioned there obviate the need for wsl-vpnkit? (If we're using wsl-vpnkit to work with corporate firewalls)

There's a blog post with some extra information here: https://devblogs.microsoft.com/commandline/windows-subsystem-for-linux-september-2023-update/

[craigloewen-msft]

Hi @sakai135 , I'm the product manager for WSL and I'd be interested in making sure that wsl-vpnkit keeps working great with the new networking additions! Please let me know if you'd like to grab some time to chat about this.

You can email me at craig.loewen at microsoft dot com (Garbled it so it doesn't get picked up by bots :) )

[zyition]

I have upgraded to wsl 2.0 and it works with wsl-vpnkit. I am using wsl-vpnkit 2.x, and turns off dnsTunneling in wslconfig.

[experimental]
autoMemoryReclaim=dropcache
sparseVhd=true
networkingMode=mirrored
dnsTunneling=false
firewall=false
autoProxy=false

[blakeduffey]

I was hoping the experimental features would remove the need for wsl-vpnkit (as solid as it is) when working with a corporate VPN. Unfortunately, we aren't on the dev version of Windows 11 to test such things.

[kmj251]

I no longer need to use wsl-vpnkit when running WSL 2.0.x on Windows 11, September 2023 release, with networkingMode=mirrored in .wslconfig.

[blakeduffey]

I no longer need to use wsl-vpnkit when running WSL 2.0.x on Windows 11, September 2023 release, with networkingMode=mirrored in .wslconfig.

using a VPN?

[gareth-sbsa]

I just upgraded to WSL 2.0.2 and can confirm @kmj251 statement that WSL network connectivity works when connected to the VPN

[kmj251]

I no longer need to use wsl-vpnkit when running WSL 2.0.x on Windows 11, September 2023 release, with networkingMode=mirrored in .wslconfig.

using a VPN?

We use a Zero Trust networking solution. So while it's similar to a VPN, it's not exactly the same thing.

[blakeduffey]

Fwiw - WSL 2.0 works with wsl-vpnkit (on Windows 10)

Again, I'm not using the experimental features which aren't compatible with 10

[blakeduffey]

@craigloewen-msft - After upgrading to 2.0.5, wsl-vpnkit no longer works. Same with 2.0.6, upgraded this morning.

[blakeduffey]

@craigloewen-msft - Did an uninstall (back to whatever the base version of Windows) and upgraded to 1.2.5.0

Wsl-vpnproxy works now. Something definitely up with 2.0.5 and above

[craigloewen-msft]

@blakeduffey we turned on Hyper-V firewall by default in that latest build and perhaps this is affecting you.

Could you try upgrading back to 2.0.6 and then adding this content to your .wslconfig file?

[wsl2]
firewall=false

And if the problem persists with that, can you please file an issue at the WSL GitHub repo?

[blakeduffey]

@blakeduffey we turned on Hyper-V firewall by default in that latest build and perhaps this is affecting you.

Could you try upgrading back to 2.0.6 and then adding this content to your .wslconfig file?

[wsl2]
firewall=false

And if the problem persists with that, can you please file an issue at the WSL GitHub repo?

Will do!

[blakeduffey]

Verified that wsl-vpnkit does NOT work with 2.0.9.0

[blakeduffey]

@sakai135 - hoping you can comment on this. wsl-vpnkit does not seem to work with versions of wsl above 2.0.4. Please allow see microsoft/WSL#10681 (comment)

[timmjd]

Hey @craigloewen-msft , might this be related to a change in the runlevel of wsl between 1.2.5 and 2.0.9?

We have an vpnkit inspired by this project that calls vpnkit via the boot command:

[boot]
command=vpnkit

• If we call vpnkit from within the boot command, it's not working anymore:

PID   USER     TIME  COMMAND
    1 root      0:00 {init(wsl-vpnkit} /init
    3 root      0:00 {init} plan9 --control-socket 5 --log-level 4 --server-fd 6 --pipe-fd 8 --log-truncate
    6 root      0:00 sh /usr/local/bin/vpnkit
   11 root      0:00 {SessionLeader} /init
   13 root      0:00 {Relay(17)} /init
   17 root      0:00 -ash
   43 root      0:00 /opt/vpnkit/gvforwarder -url=stdio:/opt/vpnkit/gvproxy-windows.exe?listen-stdio=accept&debug=0 -iface=tap0 -stop-if-exist= -preexisting=1 -debug=0
   55 root      0:00 [gvproxy-windows]
   68 root      0:00 {SessionLeader} /init
   69 root      0:00 {Relay(70)} /init
   70 root      0:00 -ash
   71 root      0:00 [gvproxy-windows]
   83 root      0:00 ps auxf

• If we start the wsl-vpnkit manually and call vpnkit from a normal bash, it's working (Yes, also with 2.0.9)

PID   USER     TIME  COMMAND
    1 root      0:00 {init(wsl-vpnkit} /init
    3 root      0:00 {init} plan9 --control-socket 5 --log-level 4 --server-fd 6 --pipe-fd 8 --log-truncate
    6 root      0:00 {SessionLeader} /init
    7 root      0:00 {Relay(8)} /init
    8 root      0:00 -ash
    9 root      0:00 sh /usr/local/bin/vpnkit
   43 root      0:00 /opt/vpnkit/gvforwarder -url=stdio:/opt/vpnkit/gvproxy-windows.exe?listen-stdio=accept&debug=0 -iface=tap0 -stop-if-exist= -preexisting=1 -debug=0
   54 root      0:00 {gvproxy-windows} /init /opt/vpnkit/gvproxy-windows.exe /opt/vpnkit/gvproxy-windows.exe -listen-stdio=accept -debug=0
 1093 root      0:00 {SessionLeader} /init
 1094 root      0:00 {Relay(1095)} /init
 1095 root      0:00 -ash
 1098 root      0:00 ps auxf

As you can see, the gvproxy-windows.exe is not getting called on Windows side. Might there be a permission issue depending on how you initiate the process on wsl side (as user / as init / as task)?

[blakeduffey]

@craigloewen-msft - please see latest updates to #246 also