GlobalProtect blocks the network traffic of WSL2

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect blocks the network traffic of WSL2

L1 Bithead

Hello all,

I use WSL2 with an Ubuntu image. It works fine but when I establish a VPN connection by GlobalProtect, it cut the connection from the WSL image to the outside. We have no split tunneling and the connection to the devices behind the tunnel works fine from the Windows environment but not from WSL. And I'm unable to access the internet from WSL as well. Can somebody help me with this issue?

22 REPLIES 22

This solution works for me and I took the time to script it for the rest of my team.

This should work for almost every one without much modification (save it as a powershell script .ps1):

 

$var=C:\Windows\System32\wsl.exe -e /bin/bash --noprofile --norc -c "/sbin/ip -o -4 addr list eth0"
$wsl_addr = $var.split()[6].split('/')[0]

$var2 = C:\Windows\System32\wsl.exe -e /bin/bash --noprofile --norc -c "/sbin/ip -o route show table main default"
$wsl_gw = $var2.split()[2]

$ifindex = Get-NetRoute -DestinationPrefix $wsl_gw/32 | Select-Object -ExpandProperty "IfIndex"
$routemetric = Get-NetRoute -DestinationPrefix $wsl_gw/32 | Select-Object -ExpandProperty "RouteMetric"

 

route add $wsl_addr mask 255.255.255.255 $wsl_addr metric $routemetric if $ifindex

 

As this need to be run as administrator, You should schedule it using an event based scheduled task, which run the powershell script every time a wsl is booted.

To do this, you need to schedule on this event: 

Log: System

Source: Hyper-V-VmSwitch

Event Id : 102

 

 

 

L0 Member

I had a user experiencing the same trouble while connected to our enterprise Globalprotect VPN.  After some testing and looking at different solutions I found https://github.com/sakai135/wsl-vpnkit and used it to resolve the issue with using WSL while connected to the VPN.  Just wanted to share to help anyone else that may run into this problem as this add on was much easier than the other provided solution in this thread in my opinion.

L4 Transporter

so what is the actual long term solution on this one then?

I couldn't get it to work consistently so I switched to Ubuntu, though, TBH, Palo's Linux client is pretty atrocious. networkmanager-openconnect was much better for a while but a recent Palo upgrade broke it. Duck tape and superglue seems to be getting me by.

as it stands now, I don't think support has a long term solution either.

This doesn't work for me.

 

Do we need to do anything after running these commands, like restart the machine?

 

 

My software version information:

 

- GlobalProtect App Version 6.1.1-5

- Windows 10 Enterprise 22H2

 

WSL info:

 

PS C:\Windows\system32> wsl -l -v
NAME STATE VERSION
* Ubuntu-22.04 Running 2

 

PS C:\Windows\system32> wsl -v

WSL version: 1.2.5.0
Kernel version: 5.15.90.1
WSLg version: 1.0.51
MSRDC version: 1.2.3770
Direct3D version: 1.608.2-61064218
DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows version: 10.0.19045.3570

All these old hacks were pretty buggy. I never found a good solution.
Fortunately, MS to the rescue!

Try mirrored mode: Windows Subsystem for Linux gets new 'mirrored' network mode (bleepingcomputer.com)

 

@csmith Thank you so much! This should be the correct answer. Everything else is not a good solution like you said. The only other thing that worked was creating a static route, but that was not a good solution because setting the network IDX changes after reboot, so every time I would need to reapply the static route, which I need admin rights to do which I don't have.

Here is more info on networkingMode for WSL. 
https://learn.microsoft.com/en-us/windows/wsl/networking#mirrored-mode-networking

Here are the steps I followed.

1. edit ~/.wslconfig in windows. I also had a ~wsl.conf, but do not edit that file. Create a ~/.wslconfig if it does not exist. ~wsl.conf and ~/.wslconfig can both exist at the same time. 
2. add this to ~/.wslconfig, save and close

[wsl2]
networkingMode=mirrored

3. Shutdown your wsl session wsl --shutdown in powershell

4. Start up your wsl session again. When you run ip -br a you will notice it mimics your local IP and interface. 

5. Reboot PC, connect to VPN, start up WSL, it should still work without the static route. 

on Mirrored mode:

This is wonderful thanks again!

  • 56464 Views
  • 22 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!