Running wsl-vpnkit 0.4.1 works fine, but cannot make it run under systemctl #249
Comments
|
Seems that WSL versions >= 2.0.0 don't work correctly with this script anymore (systemctl mode). Some changes have been introduced in the 2.0.0 WSL version related to connectivity and networking, this could be the reason. Could you try to play with the new experimental-settings introduced and see if any combination / setting fix the systemctl issue? |
I feel the change was in 2.0.5 |
|
I also experience this same issue. I didn't test all of the versions, but 2.0.0 works. Thanks for checking, I will probably pin to 2.0.4 then for now. I don't get the same error though. I get this: But running the script directly from my user with sudo works. So something with the permissions is different when it runs via systemd since 2.0.5. |
|
Fixed it using #247 (comment) |
|
I have created a pull-request to resolve my issue as explained in #247. Please have a look at the pull-request : #250 And most of all, it is self-healing, so if you have more than one bash-terminals running and you would close the process linked to the WSL-INTEROP-socket, that will be detected and will switch over to another running socket |
|
That’s amazing. Im gonna check if the PR works for my issue.
… I have created a pull-request to resolve my issue as explained in #247
<#247>. Please have a look
at the pull-request : #250
<#250>
This does the necessary to set the WSL_INTEROP value correct inline in the
wsl-vpnkit script.
No need anymore for having an extra script running before the service is
started.
And most of all, it is self-healing, so if you have more than one
bash-terminals running and you would close the process linked to the
WSL-INTEROP-socket, that will be detected and will switch over to another
running socket
—
Reply to this email directly, view it on GitHub
<#249 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ALQBCC4RQ3WK2RZV2BXQKG3YE5XVXAVCNFSM6AAAAAA7ONXOMKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMJWGUZDKMZWG4>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
@dabeck81 the PR doesn't work for me: I tried the following: I copied the two new files from your PR ( Here is what I get in |
|
https://learn.microsoft.com/en-us/windows/wsl/wsl-config#interop-settings add inside "/etc/wsl.conf" : |
I'm still seeing this error on 2.0.14 As an aside - per the release notes 'Disable the 'NoRemoteImages' process mitigation policy since it breaks execution of windows executables' was supposed to resolve the recent issue with wsl-vpnkit - but I'm still having breaking issues. |
|
I'm wondering if my issue is related to a third variable. When I removed it, wsl 2.0.14 and wsl-vpnkit .0.4.1 immediately started working. |
|
The interop enable trick shouldn't be needed since its by default true. |
|
Maybe... My issue since I applied the patch is, as I installed the wsl-vpn-kit in my systemd ubuntu WSL, each time I open a new tab (with Hyper.is) the new tab seems to relaunch the service and breaks any current other tab connected with SSH... I maybe will have to switch to a dedicated vpn-kit distrib... |
|
Just wanted to report that since I have added the following to my |
is this feature only available on Windows 11? |
Yes. This requires Windows 11 version 22H2 or higher (reference). |
Which is still available only in some of Windows Insider channels :( |
|
Having a similar issue - this is my WSL and Windows version: I tried the This is the output I get from Interestingly when I look for this file, it seems to redirect / be linked to another file: But then that file doesn't exist 😑: |
I am trying to run wsl-vpnkit as a service using the separate distro method. I can run it directly from PowerShell and as a standalone script and networking and DNS work fine. However when trying to run via systemctl it fails to start correctly. I see the following when running standalone:
/app# wsl-vpnkit
starting vm and gvproxy...
INFO[0000] waiting for packets...
time="2023-11-16T09:54:27-06:00" level=info msg="waiting for clients..."
time="2023-11-16T09:54:27-06:00" level=info msg="new connection from remote to 14348"
started vm and gvproxy
check: ✔️ ping success to IPv4 WSL 2 gateway / Windows host (172.22.32.1)
check: ✔️ ping success to IPv4 Windows host (192.168.127.254)
check: ✔️ ping success to IPv4 gateway (192.168.127.1)
check: ✔️ nslookup success for example.com A using 192.168.127.1
check: ✔️ nslookup success for example.com A using 172.22.32.1
check: ❌ nslookup fail for example.com A using 1.1.1.1
check: ✔️ ping success to IPv4 external host domain (example.com)
check: ✔️ ping success to IPv4 external host IP (1.1.1.1)
check: ✔️ nslookup success for example.com AAAA using 192.168.127.1
check: ✔️ nslookup success for example.com AAAA using 172.22.32.1
check: ❌ nslookup fail for example.com AAAA using 1.1.1.1
ping: bad address 'example.com'
check: ➖ ping fail to IPv6 external host (example.com)
check: ✔️ wget success for http://example.com
485B4BFD6D7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:
ssl_client: SSL_connect
wget: error getting response: Connection reset by peer
check: ❌ wget fail for https://example.com
W1116 09:54:29.088278 14348 gonet.go:457] ep.GetRemoteAddress() failed: endpoint not connected
When running as a service:
systemctl status wsl-vpnkit
× wsl-vpnkit.service - wsl-vpnkit
Loaded: loaded (/etc/systemd/system/wsl-vpnkit.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2023-11-16 10:17:09 CST; 6s ago
Process: 905 ExecStart=/mnt/c/Windows/system32/wsl.exe -d wsl-vpnkit --cd /app wsl-vpnkit (code=exited, status=1/FA>
Main PID: 905 (code=exited, status=1/FAILURE)
Nov 16 10:17:09 systemd[1]: wsl-vpnkit.service: Scheduled restart job, restart counter is at 5.
Nov 16 10:17:09 systemd[1]: Stopped wsl-vpnkit.
Nov 16 10:17:09 systemd[1]: wsl-vpnkit.service: Start request repeated too quickly.
Nov 16 10:17:09 systemd[1]: wsl-vpnkit.service: Failed with result 'exit-code'.
Nov 16 10:17:09 systemd[1]: Failed to start wsl-vpnkit.
Running "/mnt/c/Windows/system32/wsl.exe -d wsl-vpnkit --cd /app wsl-vpnkit" from the service info above gives me:
$ /mnt/c/Windows/system32/wsl.exe -d wsl-vpnkit --cd /app wsl-vpnkit
starting vm and gvproxy...
INFO[0000] waiting for packets...
time="2023-11-16T10:20:03-06:00" level=info msg="waiting for clients..."
time="2023-11-16T10:20:03-06:00" level=info msg="new connection from remote to 7364"
time="2023-11-16T10:20:03-06:00" level=error msg="r.CreateEndpoint() = no route to host"
time="2023-11-16T10:20:03-06:00" level=error msg="r.CreateEndpoint() = no route to host"
time="2023-11-16T10:20:03-06:00" level=error msg="r.CreateEndpoint() = no route to host"
time="2023-11-16T10:20:03-06:00" level=error msg="r.CreateEndpoint() = no route to host"
started vm and gvproxy
check: ✔️ ping success to IPv4 WSL 2 gateway / Windows host (172.22.32.1)
check: ✔️ ping success to IPv4 Windows host (192.168.127.254)
check: ✔️ ping success to IPv4 gateway (192.168.127.1)
check: ✔️ nslookup success for example.com A using 192.168.127.1
check: ✔️ nslookup success for example.com A using 172.22.32.1
check: ❌ nslookup fail for example.com A using 1.1.1.1
check: ✔️ ping success to IPv4 external host domain (example.com)
check: ✔️ ping success to IPv4 external host IP (1.1.1.1)
check: ✔️ nslookup success for example.com AAAA using 192.168.127.1
check: ✔️ nslookup success for example.com AAAA using 172.22.32.1
check: ❌ nslookup fail for example.com AAAA using 1.1.1.1
ping: bad address 'example.com'
check: ➖ ping fail to IPv6 external host (example.com)
check: ✔️ wget success for http://example.com
489B9D6FBA7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/st
atem_clnt.c:1889:
ssl_client: SSL_connect
wget: error getting response: Connection reset by peer
check: ❌ wget fail for https://example.com
W1116 10:20:04.280806 7364 gonet.go:457] ep.GetRemoteAddress() failed: endpoint not connected
Regardless of how I directly run it, networking works and I can resolve stuff. Just starting as a service fails.
I've found that while name resolution works fine using local name servers, I am not allowed to use 1.1.1.1 or 8.8.8.8. I am guessing at this point that the systemctl service is seeing these failures and saying that it can't start. Any help you can provide would be greatly appreciated.
The text was updated successfully, but these errors were encountered: