WSL2 unable to connect to external network

[ramrazdan]

Environment

Windows build number: [run `[Environment]::OSVersion` for powershell, or `ver` for cmd]

Platform ServicePack Version      VersionString
-------- ----------- -------      -------------
 Win32NT             10.0.18363.0 Microsoft Windows NT 10.0.18363.0

Your Distribution version: [On Debian or Ubuntu run `lsb_release -r` in WSL]

Release:        20.04

Whether the issue is on WSL 2 and/or WSL 1: [run `cat /proc/version` in WSL]

WSL2
Linux version 4.19.128-microsoft-standard (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Tue Jun 23 12:58:10 UTC 2020

Steps to reproduce

I cannot run any command that attempts to connect to the internet on WSL2.
Things run on WSL1 but on WLS2. The first thing I tried after installing wsl2, without making any changes, was to do a "sudo apt update" and that failed.
I then changed /etc/resolv.conf and /etc/environment to be exactly as on WSL1 and that did not work either.
I have another instance with WSL1 on the same machine which is able to communicate to the network as expected.
I have tried every combination - off VPN, on VPN, with proxy , no proxy, with an autogenerated resolv.conf, with a fixed resolv.conf - but been unable to make it work.

Having searched around, found of plenty of similar reported problems online, most advised modifying the /etc/resolv.conf. I have tried all of those, i.e. using nameserver 8.8.8.8 or my office DNS settings.

Some asked to check the Hyper-V Manager virtual switch manager. For WSL that shows the connection type as "Internal Network". I have tried changing it to external but that just errors. I also tried manually bridging the network connections but that doesn't seem to work either. That this is set to internal and the nameserver is pointing to some internal address on home network does seem to very suggestive of where the issue lies, but I have tried everything I can possibly find but it hasn't helped.

strace_sudo_apt_update.log

WSL logs:

https://aka.ms/AA9xncq

Expected behavior

Actual behavior

sudo apt update should connect to ubuntu website and update apt package information.
wsl2 should be able to connect to the internet.

It errors, complaining about
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
Temporary failure resolving 'archive.ubuntu.com'

[Cyanopus]

I've freshly update 2 days ago and facing the same issue. Read the same issues, tried the same thing but WSL2 machine no matter Ubuntu, Fedora or whatever cannot resolve anything even with proper resolv.conf.

[onomatopellan]

What's the output of ip address show eth0 ?
If there is no IP then try disabling swap file #5437 (comment)

[ramrazdan]

This is what I see...

rrazdan@RRAZDAN:~$ ip address show eth0
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:78:f6:30 brd ff:ff:ff:ff:ff:ff
inet 192.168.248.57/28 brd 192.168.248.63 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe78:f630/64 scope link
valid_lft forever preferred_lft forever

[licanhua]

@ramrazdan The internal network is expected. and your log is empty.(possible you didn't start/stop recording)
Because your linux IP is 192.168.248.63, most likely your WSL ip address is not 192.168.248.xyz.(you can ipconfig to list it in Windows). If yes, here is a comment who recovered it manually from linux.

I'm curious If your DockerNAT ip address is 192.168.248.xyz, and so WSL assigned the wrong ip for linux.

This command is useful to troubleshooting your problem
Windows:
ipconfig
route print -4
tracert www.microsoft.com

Linux:
ifconfig
ip route
traceroute www.microsoft.com

You can start the investigation from traceroute www.microsoft.com from linux to see which hop has no response.

[ramrazdan]

From Windows

C:\WINDOWS\system32>ipconfig.exe

Windows IP Configuration


Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::49ea:de22:cd76:431a%16
   IPv4 Address. . . . . . . . . . . : 192.168.0.47
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter vEthernet (Default Switch):

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::19ba:d007:da8f:69a9%28
   IPv4 Address. . . . . . . . . . . : 192.168.136.17
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . :

Ethernet adapter vEthernet (WSL):

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::58d3:7a0e:b074:eefe%41
   IPv4 Address. . . . . . . . . . . : 172.17.194.113
   Subnet Mask . . . . . . . . . . . : 255.255.255.240
   Default Gateway . . . . . . . . . :

C:\WINDOWS\system32>route print -4
===========================================================================
Interface List
 25...e8 6a 64 7c ed ff ......Intel(R) Ethernet Connection (4) I219-LM
 24...a0 a4 c5 b2 b6 ec ......Microsoft Wi-Fi Direct Virtual Adapter
  6...a2 a4 c5 b2 b6 eb ......Microsoft Wi-Fi Direct Virtual Adapter #2
 16...a0 a4 c5 b2 b6 eb ......Intel(R) Dual Band Wireless-AC 8265
 22...a0 a4 c5 b2 b6 ef ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 28...00 15 5d 5f db 7c ......Hyper-V Virtual Ethernet Adapter
 41...00 15 5d 7f 9c 89 ......Hyper-V Virtual Ethernet Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.47     50
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
   172.17.194.112  255.255.255.240         On-link    172.17.194.113   5256
   172.17.194.113  255.255.255.255         On-link    172.17.194.113   5256
   172.17.194.127  255.255.255.255         On-link    172.17.194.113   5256
      192.168.0.0    255.255.255.0         On-link      192.168.0.47    306
     192.168.0.47  255.255.255.255         On-link      192.168.0.47    306
    192.168.0.255  255.255.255.255         On-link      192.168.0.47    306
   192.168.136.16  255.255.255.240         On-link    192.168.136.17   5256
   192.168.136.17  255.255.255.255         On-link    192.168.136.17   5256
   192.168.136.31  255.255.255.255         On-link    192.168.136.17   5256
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.0.47    306
        224.0.0.0        240.0.0.0         On-link    192.168.136.17   5256
        224.0.0.0        240.0.0.0         On-link    172.17.194.113   5256
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.0.47    306
  255.255.255.255  255.255.255.255         On-link    192.168.136.17   5256
  255.255.255.255  255.255.255.255         On-link    172.17.194.113   5256
===========================================================================
Persistent Routes:
  None

C:\WINDOWS\system32>tracert www.microsoft.com

Tracing route to e13678.dspb.akamaiedge.net [23.212.233.92]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10    14 ms    15 ms    18 ms  a23-212-233-92.deploy.static.akamaitechnologies.com [23.212.233.92]

Trace complete.

C:\WINDOWS\system32>

[ramrazdan]

From WSL2 Ubuntu had a little less luck, ifconfig and traceroute are both not available.

rrazdan@RRAZDAN-GB:~$ uname -r
4.19.128-microsoft-standard
rrazdan@RRAZDAN-GB:~$ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.17.194.113
rrazdan@RRAZDAN-GB:~$ traceroute www.microsoft.com

Command 'traceroute' not found, but can be installed with:

sudo apt install inetutils-traceroute  # version 2:1.9.4-11, or
sudo apt install traceroute            # version 1:2.1.0-2

rrazdan@RRAZDAN-GB:~$ traceroute6 www.microsoft.com
traceroute6: connect: Network is unreachable
rrazdan@RRAZDAN-GB:~$ ifconfig

Command 'ifconfig' not found, but can be installed with:

sudo apt install net-tools

[ramrazdan]

Some new observations:

Some things have improved, very mysteriously so and not quite there yet....

1. Today the IP address on the wsl2 instance has changed an now shows 172.17.194.118

rrazdan@RRAZDAN-GB:~$ ip addr | grep eth0
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 172.17.194.118/28 brd 172.17.194.127 scope global eth0

When I reported this problem it was 192.168...

2. The nameserver in the /etc/resolv.conf also seems to have changed

rrazdan@RRAZDAN-GB:~$ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.17.194.113

3. Now when I run a nslookup www.microsoft.com , I get a response back.

rrazdan@RRAZDAN-GB:~$ nslookup www.microsoft.com
Server:         172.17.194.113
Address:        172.17.194.113#53

Non-authoritative answer:
www.microsoft.com       canonical name = www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net       canonical name = www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net        canonical name = e13678.dspb.akamaiedge.net.
Name:   e13678.dspb.akamaiedge.net
Address: 23.212.233.92
Name:   e13678.dspb.akamaiedge.net
Address: 2a02:26f0:104:48d::356e
Name:   e13678.dspb.akamaiedge.net
Address: 2a02:26f0:104:4a1::356e

That's a good sign. When I was first trying this , even nslookup wouldn't respond.

rrazdan@RRAZDAN-GB:~$ nslookup archive.ubuntu.com
Server:         172.17.194.113
Address:        172.17.194.113#53

Non-authoritative answer:
Name:   archive.ubuntu.com
Address: 91.189.88.142
Name:   archive.ubuntu.com
Address: 91.189.88.152
Name:   archive.ubuntu.com
Address: 2001:67c:1562::15
Name:   archive.ubuntu.com
Address: 2001:67c:1360:8001::24
Name:   archive.ubuntu.com
Address: 2001:67c:1360:8001::23
Name:   archive.ubuntu.com
Address: 2001:67c:1562::18

4. Sadly no joy running an apt update

rrazdan@RRAZDAN-GB:~$ sudo apt update
[sudo] password for rrazdan:
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
  Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1562::15). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::24). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1360:8001::23). - connect (101: Network is unreachable) Cannot initiate the connection to archive.ubuntu.com:80 (2001:67c:1562::18). - connect (101: Network is unreachable) Could not connect to archive.ubuntu.com:80 (91.189.88.142), connection timed out Could not connect to archive.ubuntu.com:80 (91.189.88.152), connection timed out

[ramrazdan]

I cannot determine what caused this to change.

Here's what I had been trying, none of which succeeded, incase that led to something.

1. Before I read the comment that the hyper-v network switch should be internal , I was trying to change it to external. That just errored.
   I also then tried to bridge my wifi connection adpater to the WSL - that didn't work either ...in that it did not successfully create a bridge. It ceated a network bridge but only the wifi connection was bridged, the wsl wasn't. So I just removed the network bridge, having the read the earlier comment that Internal is what is expected and so decided to not try and change that.

2. For something entirely unrelated I installed Powertoys for Windows10.

Those are the only changes I consciously made.

[licanhua]

what's ip route in Ubuntu? I would expect everything is 172.17.194.xx

You can ping www.microsoft.com and archive.ubuntu.com to see if there is any error. If you hit Temporary failure in name resolution, you can try add the nameserver

If it still doesn't work, I would suggest you reboot the machine, then install another distro like debian and try to see if you still have ping issue.
If you are lucky and new distro works fine, you may backup, then re-install your existing distro

[ramrazdan]

As requested...

rrazdan@RRAZDAN-GB:~$ ip route
default via 172.18.69.129 dev eth0
172.18.69.128/28 dev eth0 proto kernel scope link src 172.18.69.133

rrazdan@RRAZDAN-GB:~$ ping www.microsoft.com
PING e13678.dspb.akamaiedge.net (104.85.57.244) 56(84) bytes of data.
64 bytes from a104-85-57-244.deploy.static.akamaitechnologies.com (104.85.57.244): icmp_seq=1 ttl=57 time=16.0 ms
64 bytes from a104-85-57-244.deploy.static.akamaitechnologies.com (104.85.57.244): icmp_seq=2 ttl=57 time=15.5 ms
64 bytes from a104-85-57-244.deploy.static.akamaitechnologies.com (104.85.57.244): icmp_seq=3 ttl=57 time=13.7 ms
64 bytes from a104-85-57-244.deploy.static.akamaitechnologies.com (104.85.57.244): icmp_seq=4 ttl=57 time=22.6 ms
64 bytes from a104-85-57-244.deploy.static.akamaitechnologies.com (104.85.57.244): icmp_seq=5 ttl=57 time=12.5 ms
^C
--- e13678.dspb.akamaiedge.net ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 12.504/16.057/22.573/3.492 ms
rrazdan@RRAZDAN-GB:~$ ping archive.ubuntu.com
PING archive.ubuntu.com (91.189.88.142) 56(84) bytes of data.
^C
--- archive.ubuntu.com ping statistics ---
42 packets transmitted, 0 received, 100% packet loss, time 42613ms

[ramrazdan]

I managed to install traceroute manually and ran it for ubuntu and microsoft , shows * * * in all 30 hops

rrazdan@RRAZDAN-GB:~$ traceroute archive.ubuntu.com
traceroute to archive.ubuntu.com (91.189.88.142), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
rrazdan@RRAZDAN-GB:~$ traceroute www.microsoft.com
traceroute to www.microsoft.com (23.212.233.92), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
rrazdan@RRAZDAN-GB:~$

[ramrazdan]

Breakthrough, sort of:

The combination of

1. Mysterious "correction" of IP address from 192.168.x.x to 172.x
   --what "corrected" this I have no idea_

2. Disabling my McAfee firewall

3. Being off VPN

Now I can run sudo apt update.

WSL Team -- this struggle with #1 is really something you could help improve, people shouldn't really have to struggle/tinker with this or it should be predictable.

The firewall thing I get maybe hard to resolve for everyone in advance.

[licanhua]

Please help to collect the log next time when you see this problem. (The log you posted in this thread is empty)

[zyazhb]

same issue

[luizwhite]

Guys, can yuo help solve my internet issu too?
#5061 (comment)

Nobody answers me why that command works, since on windows is MTU 1500
I dont know what is the problem with my network
(besides, im having problem with public servers on wsl2, but thats another issue)

[vineettalwar]

Same issue even in fresh new system.
However, the work around from
#5061 (comment) -> is working for me.
on windows defender Widnows 10 Pro 2004

[cmsops-jenkinsCI]

I experienced the same symptoms as above. Found root cause was VPN. Turned off VPN and that resolved my issues. Wondering if anyone found the solution to allow over VPN. I will begin my own research and place a comment again here if I find a solution.

[MitulPanchal]

Face similar issue but seems like unchecking IPv6 connection in Wifi properties resolve the issue for me.

[jn-simonnet]

I have a fix for this issue.The problem is that by default, the internal network is NATted, with a dynamic IP which changes each time WSL is restarted. In order to avoid this, you have to select the external network, and choose the network interface you use to connect to the Inter,et, ethernet or Wifi.
Once done, your WSL will have to change the IP address to a fixed IP in the external network by eans of systemd network configuration.
I tried that, and it works.
If you are interested, I have step by step instructions to achieve it.

[langlichong]

@jn-simonnet same issue to me . please give the resolution .

[microsoft-github-policy-service]

This issue has been automatically closed since it has not had any activity for the past year. If you're still experiencing this issue please re-file this as a new issue or feature request.

Thank you!