Cisco Anyconnect blocks DNS access from WSL2

[jstroehmann]

Windows Version

Microsoft Windows [Version 10.0.19045.3930]

WSL Version

2.0.9.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

5.15.133.1-1

Distro Version

22.04

Other Software

No response

Repro Steps

When I am connected to the VPN:

$ host archive.ubuntu.com
;; communications error to 172.18.96.1#53: timed out
;; communications error to 172.18.96.1#53: timed out
;; no servers could be reached

Expected Behavior

When I am disconnected from the VPN:

$ host archive.ubuntu.com
archive.ubuntu.com has address 185.125.190.36
archive.ubuntu.com has address 91.189.91.82
archive.ubuntu.com has address 91.189.91.81
archive.ubuntu.com has address 91.189.91.83
archive.ubuntu.com has address 185.125.190.39
archive.ubuntu.com has IPv6 address 2620:2d:4002:1::101
archive.ubuntu.com has IPv6 address 2620:2d:4002:1::103
archive.ubuntu.com has IPv6 address 2620:2d:4000:1::16
archive.ubuntu.com has IPv6 address 2620:2d:4002:1::102
archive.ubuntu.com has IPv6 address 2620:2d:4000:1::19

Actual Behavior

When I am connected to the VPN:

$ host archive.ubuntu.com
;; communications error to 172.18.96.1#53: timed out
;; communications error to 172.18.96.1#53: timed out
;; no servers could be reached

Diagnostic Logs

No response

[github-actions]

Hi I'm an AI powered bot that finds similar issues based off the issue title.

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it. Thank you!

Open similar issues:

• WSL2: Cisco anyconnect not connecting after running wsl --update (#9561), similarity score: 0.80
• WSL2 DNS issues (#5256), similarity score: 0.71

Closed similar issues:

• WSL2 suddenly not able to use Cisco Anyconnect VPN (#6913), similarity score: 0.80
• WSL2 can't access to Windows host network when AnyConnect is connected (#8019), similarity score: 0.78
• WSL2 DNS stops working (#4285), similarity score: 0.71

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

[j-potts]

I'd recommend using https://github.com/sakai135/wsl-vpnkit

...and setting it up using the systemd method.

[smax413]

SSH using VPN hangs with 'set_sock_tos: set socket 3 IP_TOS 0x10'

On a Windows 11 server I was able to ssh without VPN successfully.
Once my VPN was enabled (Cisco AnyConnect) I was unable to ssh, or access anything on the network.
The ssh -vvv @ hangs at: 'set_sock_tos: set socket 3 IP_TOS 0x10'

After much grief, the fix was to reinstall the Microsoft Windows 11 default VPN router, versus use our Cisco AnyConnect client.

Note: I had Windows 10 and had no issues when using Cisco AnyConnect VPN and ssh.

[CatalinFetoiu]

hello, thanks for reporting the issue and sorry for the delay following up

I recommend using networkingMode=mirrored and dnsTunneling=true in your wslconfig file, those will improve compatibility with VPNs

if you need to use the default networkingMode=nat, there is known issue and workaround provided by Cisco here