There is an issue with DNS Forwarding in WSL2 when using VPN (see github Issue). Plus there is a issue with the Cisco AnyConnect. So here is a workaround for these problems. Should work for Ubuntu and Debian.
Solution de contournement (new - automatic)
This solution is automatic and was created by EdwardCooke (see https://www.frakkingsweet.com/automatic-dns-configuration-with-wsl-and-anyconnect-client/). This is just the first part of his solution updating resolv.conf when starting WSL.
-
Re-enable auto generation of resolv.conf (if disabled)
by commented the disable with #
sudo nano /etc/wsl.conf
`#[network]
#generateResolvConf = false
-
**Create the script**
`sudo nano /bin/vpn-dns.sh
`#!/bin/bash
echo "Getting current DNS servers, this takes a couple of seconds"
/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command '
$ErrorActionPreference="SilentlyContinue"
Get-NetAdapter -InterfaceDescription "Cisco AnyConnect" | Get-DnsClientServerAddress | Select -ExpandProperty ServerAddresses
Get-NetAdapter | ?{-not ($_.InterfaceDescription -like "Cisco AnyConnect") } | Get-DnsClientServerAddress | Select -ExpandProperty ServerAddresses
' | \
awk 'BEGIN { print "# Generated by vpn fix func on", strftime("%c"); print } { print "nameserver", $1 }' | \
tr -d '\r' > /etc/resolv.conf
clear
-
**Make it executable/run as sudo**
`sudo chmod +x /bin/vpn-dns.sh
echo "$(whoami) ALL=(ALL) NOPASSWD: /bin/vpn-dns.sh" | sudo tee /etc/sudoers.d/010-$(whoami)-vpn-dns
-
Make it run on wsl startup
`echo "sudo /bin/vpn-dns.sh" | sudo tee /etc/profile.d/vpn-dns.sh
You can also run it manually:
`sudo /bin/vpn-dns.sh`
## Workaround (old manual)
-
Find out nameserver with **Windows PowerShell** (during VPN Session)
`nslookup
You'll get the IPv4 address of your corporate nameserver
Copy this address.
-
Disable resolv.conf generation in wsl:
`sudo nano /etc/wsl.conf
copy this text to the file (to disable resolve.conf generation, when wsl starts up)
`[network]
generateResolvConf = false
-
In wsl Add your corporate nameserver to resolv.conf
`sudo nano /etc/resolv.conf
Remove other entries and add your corporate nameserver IP (if you have a secondary nameserver, add it in a separate line)
- `nameserver X.X.X.X` (where X.X.X.X is your address obtained in step 1)
-
Set your VPN adapter (if you have *Cisco AnyConnect*) **open a admin powershell**
- Find out your VPN adapter name: `Get-NetIPInterface` (in my case: `"Cisco AnyConnect"`)
- Set adapter metric (Replace -Match with your name), **in my case I have to run this after ever reboot or VPN reconnect**:
`Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
(Qu'est-ce que interface metric: Used to determine route, windows use interface with lowest metric)
-
Restart wsl in PowerShell: wsl.exe --shutdown
-
Test it in wsl run: wget google.com - if this command works, you are done.
In my case I get DNS issues when try to connect to internal stuff via browser (on Windows 10, f.e.: intranet), caused by the high metric value set in step 4 (basically kind of disabling VPN Route). So here is the workaround for the workaround:
- Check your default metric (of VPNs Interface) in PowerShell (replace -Match with your interface name)
`Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Get-NetIPInterface
- When running into problems on Windows 10 restore this default value with **admin powershell** (replace value at the end with your default value):
`Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 1
