Windows subsystem for Linux - tips, tricks and notes
Enabling internet in WSL while connected to VPN
By default, WSL is not connected to the internet when connected to your VPN. To enable internet access, you need to do the following:
Source Stackoverflow The following is a verbatim copy from stackoverflow.com
-
Find out nameserver with windows powershell (during VPN Session)
nslookupYou’ll get the IPv4 address of your corporate nameserver. Copy this address.
-
Disable
resolv.confgeneration in wsl:sudo vi /etc/wsl.confCopy this text to the file (to disable
resolve.confgeneration, when wsl starts up)[network] generateResolvConf = false -
In wsl Add your corporate nameserver to
resolv.confsudo vi /etc/resolv.confRemove other entries and add your corporate nameserver IP (if you have a secondary nameserver, add it in a separate line)
- nameserver
X.X.X.X(whereX.X.X.Xis your address obtained in step 1)
- nameserver
-
Set your VPN adapter (if you have Cisco AnyConnect) open a admin powershell
- Find out your VPN adapter name: Get-NetIPInterface (in my case: “Cisco AnyConnect”)
- Set adapter metric (Replace -Match with your name), in my case I have to run this after ever reboot or VPN reconnect:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000(What is interface metric: Used to determine route, windows use interface with lowest metric)
-
Restart wsl in powershell:
wsl.exe --shutdown -
Test it in wsl run:
ping google.com- if this command works, you are done.
In my case I get DNS issues when try to connect to internal stuff via browser (on Windows 10, f.e.: intranet), caused by the high metric value set in step 4 (basically kind of disabling VPN Route). So here is the workaround for the workaround:
-
Check your default metric (of VPNs Interface) in powershell (replace
-Matchwith your interface name)Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Get-NetIPInterface -
When running into problems on Windows 10 restore this default value with admin powershell (replace value at the end with your default value):
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 1
Bridge between windows pageant and wsl
Pageant is an SSH authentication agent. It holds your private keys in memory, already decoded, so that you can use them often without needing to type a passphrase every time. In my windows machine, I load my primary keys into Pagent at startup and then use wsl2-ssh-pageant to bridge between WSL and pageant. This is a simple script that runs in WSL and connects to the pageant daemon on the Windows machine and I don’t have to copy my private keys to the WSL machine.
Download and setup instructions are available in the wsl2-ssh-pageant GitHub page. However, the .bashrc entry prints warnings from ss at startup. Since these are harmless, I am routing them to /dev/null with the modification below. (Only line2 is modified from the original instructions)
export SSH_AUTH_SOCK="$HOME/.ssh/agent.sock"
if ! ss -a 2>/dev/null | grep -q "$SSH_AUTH_SOCK"; then
rm -f "$SSH_AUTH_SOCK"
wsl2_ssh_pageant_bin="$HOME/.ssh/wsl2-ssh-pageant.exe"
if test -x "$wsl2_ssh_pageant_bin"; then
(setsid nohup socat UNIX-LISTEN:"$SSH_AUTH_SOCK,fork" EXEC:"$wsl2_ssh_pageant_bin" >/dev/null 2>&1 &)
else
echo >&2 "WARNING: $wsl2_ssh_pageant_bin is not executable."
fi
unset wsl2_ssh_pageant_bin
fi
Auto starting systemd services
Section added on 2023-04-14
To start systemd services in WSL, you need to add the following to your /etc/wsl.conf file
[boot]
systemd=true
Restart WSL with wsl --shutdown and then you can start your services with systemctl start <service-name>
Note that enabling systemd increases the boot time of WSL.
Leave a comment