-
Notifications
You must be signed in to change notification settings - Fork 847
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
While connected to VPN the curl command hangs up #4517
Comments
What build of Windows are you using? And are you using WSL 1 or WSL 2? |
Also maybe try Windows |
This issue has been automatically marked as stale because it has marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 7 days of this comment. Thank you for your contributions to WSL! |
I'm having a similar issue with our VPN. Git and SSH both hang over the VPN from WSL but both work just fine from within Windows. Windows version: Microsoft Windows [Version 10.0.18990.1] The VPN client is Shrew Soft standard edition version 2.2.2. By the way, I've been using this VPN client version with a VMware Linux VM for years just fine, NATing through windows. |
I'm using WSL 2 |
@Darkside81 and @zot could you please take networking logs of the issue that you're seeing? Instructions on how to do so are here. Please comment back on this thread with a link to your feedback item and we can take a look at what might be causing it! Thanks! |
OK, here's the link. In the test, I was able to make a regular HTTP connection (we don't have HTTPS running internally) through our VPN but I could not SSH. |
I'm able to use services on our VPN by port-forwarding with SSH from within Windows-land. Maybe other people with this problem can use a similar technique. Here's my script (run it from git-bash/msys/cygwin):
It just finds the ip addr of the WSL adapter, prints it out, and uses SSL to port-forward 11000->110 and 2500->25 on it. Configure your Linux email client to use the printed IP address and port 11000 for pop, 2500 for outgoing. Note that the WSL switch changes IP every time you boot: #4150 I have a second workaround for this, I created a NAT switch Hyper-V Manager and I actually use that instead of the WSL adapter (my script uses Ethernet NAT instead of WSL). It has a static IP, so it doesn't change every time I boot. |
How can you set the WSL VM use the "NAT Switch" you have created? |
I'm not setting the WSL VM to use the NAT switch. I'm using a vanilla WSL 2 Ubuntu setup except that I'm limiting the memory usage (currently to 8G). The NAT switch just happens to work for forwarding because it has a static IP and it's part of my Windows setup (I actually used the NAT switch earlier with a Hyper-V VM that I don't use anymore). |
Maybe my last comment wasn't so helpful. I just used a virtual switch I already had lying around. It's not actually connected to WSL 2 or any other VM. To make one, open the Hyper-V Manager and click "Virtual Switch Manager...". Then create a new virtual switch like this, hooking it into your ethernet or wifi network, whichever one you use: Once you've created it, use ipconfig to see the IP address Windows has assigned to it. Mine uses a dynamic IP but Windows has given it the same IP every time I've booted, so far. I tried using Default Switch, because I wanted it to work with both ethernet and wifi but that didn't work for me. Once you've made the switch, make your SSH tunnel listen on its address, like in my script, above. |
I'm having the exact same problem, I can't work when connected to my company network. The network does not seem to work in some scenarios. This is what I get on http:
On https the log is the same as from this issue, but I'm on TLS 1.3:
I'll report the logs as explained earlier, as well. I'm on Windows Version 10.0.19041.207, WSL 2, Ubuntu 18.10 (but it also repros on Suse). curl.exe works on Windows normally. curl works when the vpn is not being used. |
I have same issue as @giggio except that my curl works for public addresses such as google.com. Any internal resource inside company private network I get the same behavior as @giggio. Windows side works fine. Check Point Mobile VPN client opened in Windows that to my knowledge should route ALL traffic via company network. I made the feedback as @craigloewen-msft instructed and it can be found here. Hope it helps. |
I'm having the same issue with WSL2+VPN:
To get around this problem, I'm redirecting http(s)/ssh requests in wsl2 through a proxy set up in Windows-land, and curl/wget/git are working properly now. Hope it helps. |
@FallenMax how did you do that? Please share, that would be very useful to me right now. |
@giggio Here's my setup: 1. Setup a HTTP or SOCKS5 proxy in Windows-landI'm using cow, as I already have it installed (you can use whatever proxy software works). My cow config
It does nothing other than proxying traffic from port 7777 to Windows network. 2. Setup curl/wget/git in WSL2 to use the Windows proxy above
replace |
Thanks, @FallenMax, this works perfectly. I hope someone from the WSL team is able to investigate this in the meantime. |
See microsoft/WSL#4517 for context
@giggio Thank you, glad it helps! English version of Cow's README.md and example config are available if needed. |
May this could be a fix for you: |
@neseih this actually solves the problem. What exactly is going on? How do I find out the 1350 number, is it on Windows somewhere? And thanks for that. |
You could type in cmd.exe It seems like I found out in packet dumps the ssl handshake is fragmented and gets dropped for some reason. |
Cool. I'm trying now to set it permanently, but things seem a little different from a default Ubuntu installation. And as this needs to run as root, I can't add it to my init scripts. |
I went the other way around, and found out that my VPN accepts 1500. I set it on Windows to 1500, but Ubuntu keeps failing, unless I set it to 1400. I have no idea why. |
Fantastic, works for me! Thanks! |
Hello, just jumping into the discussion as I'm experiencing the same problem while connecting via SSH over a VPN connection. Setting the MTU manually can't be the solution to this issue. In the screenshot below you can see a traffic capture on the WSL interface as well as the VPN interface. Up until packet 29 everything lines up on both interfaces. At packet 30, fragmentation happens. This is exactly the point where my SSH connection froze (just launching A small addition, as @kaskii mentioned CheckPoint VPN. Im using CheckPoint Capsule VPN for Windows 10. I haven't yet experience the problem with an OpenVPN or Wireguard connection. What's interesting is, that, at least in my case, the don't fragment bit is set in the IPv4 header, nonetheless, the packet gets fragmented (according to RFC 791, in this case, the packet should be dropped, which finally happens and the sender should be notified via ICMP, which isn't happening). So maybe CheckPoint is doing something against the specification. Second update:
The output of |
WSL2 hangs indefinitely when I try to manually set MTU to 1400 with 'sudo ip link set dev eth0 mtu 1400' and a full reboot is necessary. This hang occurs whether or not I'm connected to our Pulse VPN. +1 for this issue. When connected to our Pulse VPN many network connections hang, certainly due to the still-1500 MTU in the WSL2 environment. Oddly I can sometimes work around the issue by exec'ing into a Debian docker container from the Debian WSL2 environment and doing my network operation there. I'm not sure why this works, since the interface in the container also maintains a 1500 MTU. I suppose the packets from Docker container don't actually traverse the interface from the WSL2 kernel. |
Since getting the latest kernel I'm now able to set MTU successfully. |
@erikmack what is your new kernel version? How did you get the new version? |
It's a manual .msi and download from here. I'm currently on
|
I still have this problem with Checkpoint VPN |
This has nothing to do with WSL I have exact the same issue with a native ubuntu installation: CURL / SSH every IPv4 connection hangs:
Other IPv6 supported connections are successfully communicating. |
So how do you set it permanently? |
This works for me too. my kernel
I make it permanent by add this line to
|
This issue has been automatically closed since it has not had any activity for the past year. If you're still experiencing this issue please re-file this as a new issue or feature request. Thank you! |
I'll leave it for the future. The utilities from the terminal did not work for me, but the browser worked For some reason, the problem was in the Outline client, I changed it to amnesia, and everything worked. 🤔 |
OK: From our office and from home remotely, we can use the VPN connection, curl succeeds.
OK: While visiting our customer's office, without using the VPN connection, curl also succeeds.
FAIL: While visiting our customer's office, when using the VPN connection, curl hangs as follows:
Above simply hangs.
Can someone assist with advice
The text was updated successfully, but these errors were encountered: