WSL Has Limited Network Connectivity While on VPN
Problem
When offsite or connected only to the VPN, various problems appear within WSL including:
- Being unable to connect to remote servers.
- Being unable to access Linux services such as through the apt command.
- Git pull/push cannot resolve repositories.
- Xservers such as X410 no longer function in combination with WSL.
Solution
All of the following steps are assuming a default ubuntu installation of WSL. While the exact procedure may not work for other distributions, the general process will remain mostly the same.
Option 1: Changing the DNS Servers Manually
In order for the WSL virtual machine to resolve external connections, it makes use of a dns server that is configured within /etc/resolv.conf. By default, the server address is found automatically by WSL. WSL will fail to find the correct address when connected to a VPN such as GlobalProtect and will need the address set manually.
If you regularly use WSL and/or frequently work from a location offsite, please consider Option 2: Creating a Script for DNS Configuration.
Creating a new resolv.conf profile:
Make a new file at /etc/resolv.conf.new
sudo nano /etc/resolv.conf.new
Add the following lines to the file you have created:
- nameserver 192.168.0.15
- nameserver 192.168.0.34
If these name servers also do not work after completing the remaining steps, you may be using different DNS servers. See the DNS servers in use by executing the ipconfig /all command while connected to the VPN and note the field titled "DNS Servers." The adapter this is under will vary.
Switching to the new resolv.conf profile:
Add the following lines to the file at /etc/wsl.conf
- [network]
- generateResolvConf=false
wsl.conf may not already exist in your WSL installation. If this is the case, you must create one.
Rename the default resolv.conf
sudo mv /etc/resolv.conf /etc/resolv.conf.default
Rename the new resolv.conf
sudo mv /etc/resolv.conf.new /etc/resolv.conf
Switching back to the default resolv.conf:
Once no longer connected to the VPN (i.e., working onsite again), the above changes must be reverted by doing the following.
Rename the new resolv.conf back to resolv.conf.new
sudo mv /etc/resolv.conf /etc/resolv.conf.new
Rename the default resolv.conf
sudo mv /etc/resolv.conf.default /etc/resolv.conf
Comment the following previously added lines from the file at /etc/wsl.conf with the "#" character:
- #[network]
- #generateResolvConf=false
Option 2: Creating a Script for DNS Configuration
The above steps can be fully automated through the use of a bash script, with some limitations:
- The script will only run upon opening the WSL distribution. If changing networks while the WSL session is live, the script will not correct the DNS settings automatically and will need to be started by the user.
- The script will not execute automatically when running another command through WSL (i.e., "wsl sh") and needs to be started by the user.
- The script must be allowed to run with sudo without prompting for a password.
Some modifications to the following steps may be required if using a distribution not based on Debian.
Creating the script:
Make a new .sh file for the script:
sudo nano /bin/gen-dns.sh
Add the following lines to the script:
- #!/bin/bash
- echo "Fetching DNS servers. This will take a few seconds."
- /mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command '
- $ErrorActionPreference="SilentlyContinue"
- Get-NetAdapter -InterfaceDescription "PANGP*" | ?{ $_.Status -eq "Up" } | Get-DnsClientServerAddress | Select -ExpandProperty ServerAddresses
- Get-NetAdapter | ?{-not ($_.InterfaceDescription -like "PANGP*") -and ($_.Status -eq "Up") } | Get-DnsClientServerAddress | Select -ExpandProperty ServerAddresses
- ' | \
- awk 'BEGIN { print "# Automatically generated on", strftime("%c"); print } { print "nameserver", $1 }' | \
- tr -d '\r' > /etc/resolv.conf
If you are using a VPN other than GlobalProtect or an otherwise archaic installation of it, you may need to change the interface description that the script is searching for as there will not be a PANGP interface present. To see the descriptions of other interfaces, run Get-NetAdapter in a powershell terminal.
Flag the script as executable:
sudo chmod +x /bin/gen-dns.sh
Configuring the script to run when a new WSL shell opens:
Allow the script to be executed with sudo without prompting for a password:
echo "$(whoami) ALL=(ALL) NOPASSWD: /bin/gen-dns.sh" | sudo tee /etc/sudoers.d/010-$(whoami)-gen-dns
Set the script to run automatically when a WSL shell opens:
echo "sudo /bin/gen-dns.sh" | sudo tee /etc/profile.d/gen-dns.sh
To reverse these steps, you can delete the files that have been created in /etc/sudoers.d/ and /etc/profile.d/
Still need help? Contact IT
E-mail it_support@survice.com
Use chat window located on this page
Submit a ticket from our support page
Call 410-273-7722 *299
Related Articles
Map a Network Drive
Problem Mapping a network drive in File Explorer. Solution Open up File Explorer. Select This PC located in the left frame. Select the Computer tab located in the menu ribbon. Select the Map network drive dropdown. Select the Map network drive ...ISP Speed
Question: Is there a recommended upload and download speed that is optimal for teleworking via Palo Alto's Global Protect VPN solution? Answer: A download and upload speed of 10Mb/s will provide an optimal experience while connecting via the Global ...Locked Out of Document That Has Been Checked Out By User
Problem A SharePoint document is locked for editing, but editor is the individual that the document is checked out to. Solution Connectivity issues between a client and SharePoint while working on a document will cause the document to go into a ...Group Policy Update (gpupdate)
Problem You've been instructed to perform a gpupdate by SURVICE IT. Solution Follow these steps If you are not onsite at a SURVICE location, you need to be connected to SURVICE's VPN before you begin. Launch Command (CMD) Prompt Go to Windows Start ...Microsoft Application Repeatedly Prompting for Password
Problem Onsite at a SURVICE location, or currently on VPN, and Office is repeatedly prompting for password. Solution Exit all Microsoft applications. Launch Credential Manager. Go to and select Windows Start . Type Credential Manager in search box. ...