10-07-2020 01:00 PM
Hello all,
I use WSL2 with an Ubuntu image. It works fine but when I establish a VPN connection by GlobalProtect, it cut the connection from the WSL image to the outside. We have no split tunneling and the connection to the devices behind the tunnel works fine from the Windows environment but not from WSL. And I'm unable to access the internet from WSL as well. Can somebody help me with this issue?
07-03-2022 08:55 PM - edited 07-03-2022 09:50 PM
This solution works for me and I took the time to script it for the rest of my team.
This should work for almost every one without much modification (save it as a powershell script .ps1):
$var=C:\Windows\System32\wsl.exe -e /bin/bash --noprofile --norc -c "/sbin/ip -o -4 addr list eth0"
$wsl_addr = $var.split()[6].split('/')[0]
$var2 = C:\Windows\System32\wsl.exe -e /bin/bash --noprofile --norc -c "/sbin/ip -o route show table main default"
$wsl_gw = $var2.split()[2]
$ifindex = Get-NetRoute -DestinationPrefix $wsl_gw/32 | Select-Object -ExpandProperty "IfIndex"
$routemetric = Get-NetRoute -DestinationPrefix $wsl_gw/32 | Select-Object -ExpandProperty "RouteMetric"
route add $wsl_addr mask 255.255.255.255 $wsl_addr metric $routemetric if $ifindex
As this need to be run as administrator, You should schedule it using an event based scheduled task, which run the powershell script every time a wsl is booted.
To do this, you need to schedule on this event:
Log: System
Source: Hyper-V-VmSwitch
Event Id : 102
08-17-2022 08:47 AM
I had a user experiencing the same trouble while connected to our enterprise Globalprotect VPN. After some testing and looking at different solutions I found https://github.com/sakai135/wsl-vpnkit and used it to resolve the issue with using WSL while connected to the VPN. Just wanted to share to help anyone else that may run into this problem as this add on was much easier than the other provided solution in this thread in my opinion.
12-09-2022 07:33 PM
so what is the actual long term solution on this one then?
12-12-2022 06:43 AM
I couldn't get it to work consistently so I switched to Ubuntu, though, TBH, Palo's Linux client is pretty atrocious. networkmanager-openconnect was much better for a while but a recent Palo upgrade broke it. Duck tape and superglue seems to be getting me by.
12-22-2022 09:42 AM
as it stands now, I don't think support has a long term solution either.
11-07-2023 06:48 AM - edited 11-07-2023 06:56 AM
This doesn't work for me.
Do we need to do anything after running these commands, like restart the machine?
My software version information:
- GlobalProtect App Version 6.1.1-5
- Windows 10 Enterprise 22H2
WSL info:
PS C:\Windows\system32> wsl -l -v
NAME STATE VERSION
* Ubuntu-22.04 Running 2
PS C:\Windows\system32> wsl -v
WSL version: 1.2.5.0
Kernel version: 5.15.90.1
WSLg version: 1.0.51
MSRDC version: 1.2.3770
Direct3D version: 1.608.2-61064218
DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows version: 10.0.19045.3570
11-07-2023 08:00 AM
All these old hacks were pretty buggy. I never found a good solution.
Fortunately, MS to the rescue!
Try mirrored mode: Windows Subsystem for Linux gets new 'mirrored' network mode (bleepingcomputer.com)
10-01-2024 05:47 PM
@csmith Thank you so much! This should be the correct answer. Everything else is not a good solution like you said. The only other thing that worked was creating a static route, but that was not a good solution because setting the network IDX changes after reboot, so every time I would need to reapply the static route, which I need admin rights to do which I don't have.
Here is more info on networkingMode for WSL.
https://learn.microsoft.com/en-us/windows/wsl/networking#mirrored-mode-networking
Here are the steps I followed.
1. edit ~/.wslconfig in windows. I also had a ~wsl.conf, but do not edit that file. Create a ~/.wslconfig if it does not exist. ~wsl.conf and ~/.wslconfig can both exist at the same time.
2. add this to ~/.wslconfig, save and close
[wsl2]
networkingMode=mirrored3. Shutdown your wsl session wsl --shutdown in powershell
4. Start up your wsl session again. When you run ip -br a you will notice it mimics your local IP and interface.
5. Reboot PC, connect to VPN, start up WSL, it should still work without the static route.
on Mirrored mode:
This is wonderful thanks again!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
