openvpn connection stops working after upgraded to 2.0.9 with mirrored networking

[yongzhang]

Windows Version

Microsoft Windows [Version 10.0.22631.2715]

WSL Version

2.0.9

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

Linux version 5.15.133.1-microsoft-standard-WSL2 (root@1c602f52c2e4)

Distro Version

Ubuntu 22.04

Other Software

OpenVPN Connect 3.4.2

Repro Steps

1. Update .wslconfig with below settings:

[experimental]
autoMemoryReclaim=gradual
sparseVhd=true
dnsTunneling=true
networkingMode=mirrored
hostAddressLoopback=true

2. Connect OpenVPN and start wsl2
3. telnet my internal ip address in vpn network from wsl2, I see timeout:

$ telnet 10.120.31.82 22
Trying 10.120.31.82...
telnet: Unable to connect to remote host: Connection timed out

4. But telnet from windows cmd, I can telnet:
   

Additional information:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00:15:5d:eb:59:b0 brd ff:ff:ff:ff:ff:ff
3: loopback0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:a0:d1:f0 brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00:15:5d:4a:52:c8 brd ff:ff:ff:ff:ff:ff
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 08:8e:90:93:b8:cc brd ff:ff:ff:ff:ff:ff
    inet 10.140.97.86/20 brd 10.140.111.255 scope global noprefixroute eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::d8ec:c0a:e95a:116f/64 scope link nodad noprefixroute
       valid_lft forever preferred_lft forever
6: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:09:f7:8c brd ff:ff:ff:ff:ff:ff
    inet 172.25.0.2/21 brd 172.25.7.255 scope global noprefixroute eth3
       valid_lft forever preferred_lft forever
7: br-31ee55146667: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:d8:22:99:c4 brd ff:ff:ff:ff:ff:ff
    inet 172.20.0.1/16 brd 172.20.255.255 scope global br-31ee55146667
       valid_lft forever preferred_lft forever
8: br-579eb2cdeae4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:43:61:bd:fe brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global br-579eb2cdeae4
       valid_lft forever preferred_lft forever
9: br-72e0a078af51: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:17:cb:3a:c2 brd ff:ff:ff:ff:ff:ff
    inet 172.23.0.1/16 brd 172.23.255.255 scope global br-72e0a078af51
       valid_lft forever preferred_lft forever
10: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:70:9c:c7:f3 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
       valid_lft forever preferred_lft forever
11: br-09be57e2d7d9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:a3:b0:89:3f brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-09be57e2d7d9
       valid_lft forever preferred_lft forever

eth2 has the ip address from my wifi adapter in windows, eth3 is the client ip assigned by openvpn server (172.25.0.0/21).

$ ip route show
default via 10.140.96.1 dev eth2 proto kernel metric 45
10.90.0.0/16 via 172.25.0.1 dev eth3 proto kernel metric 257
10.110.0.0/16 via 172.25.0.1 dev eth3 proto kernel metric 257
10.120.0.0/16 via 172.25.0.1 dev eth3 proto kernel metric 257
10.130.0.0/16 via 172.25.0.1 dev eth3 proto kernel metric 257
10.140.96.0/20 dev eth2 proto kernel scope link metric 301
10.140.96.1 dev eth2 proto kernel scope link metric 45
10.140.96.1 dev eth2 proto kernel scope link metric 301
<my vpn server public ip> via 10.140.96.1 dev eth2 proto kernel metric 301
169.254.0.0/16 dev eth2 scope link metric 1000
172.17.0.0/16 dev br-579eb2cdeae4 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev docker0 proto kernel scope link src 172.18.0.1 linkdown
172.19.0.0/16 dev br-09be57e2d7d9 proto kernel scope link src 172.19.0.1 linkdown
172.20.0.0/16 dev br-31ee55146667 proto kernel scope link src 172.20.0.1 linkdown
172.23.0.0/16 dev br-72e0a078af51 proto kernel scope link src 172.23.0.1 linkdown
172.25.0.0/21 dev eth3 proto kernel scope link metric 257
172.25.0.1 dev eth3 proto kernel scope link metric 257

Seems like nothing wrong with the routes?

PS: I also have cisco anyconnect vpn client which works very well with mirrored networking.

Expected Behavior

OpenVPN connection should work with mirrored networking

Actual Behavior

OpenVPN connection stopped working with mirrored networking

Diagnostic Logs

No response

[chanpreetdhanjal]

Could you please follow the steps below and attach the diagnostic logs? https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues

[craigloewen-msft]

Hi @yongzhang , currently OpenVPN does not work with mirrored mode. We are investigating where the root cause of this issue could be, for now I've labeled it as "External". Thanks for filing this!

[winterallen]

Hi @yongzhang , currently OpenVPN does not work with mirrored mode. We are investigating where the root cause of this issue could be, for now I've labeled it as "External". Thanks for filing this!

I've also encountered the same issue and am looking forward to a solution.

[tomadimitrie]

Hello, OpenVPN is still not working in the latest build. @craigloewen-msft did you manage to investigate the cause?

Edit: so just the official OpenVPN clients (both versions 2 and 3) are affected. Other clients such as Viscosity work great

[ericellb]

Any updates on this?

[dten]

Other clients such as Viscosity work great

this is an interesting point. and in fact I can cause Viscosity to not work either if i change in its settings "Adapter type" to "Open TAP adapter (legacy)". for me this results in the same behaviour as using the open vpn client

[dten]

OpenVPN 2.4.7 works https://openvpn.net/community-downloads/ (it's from 2019)

2.4.8 breaks it

I had this theory from this other ticket about configuring MAC OpenVPN/tap-windows6#97

[dten]

I can also go back and forth between 2.5.10 (not working) and 2.6.0 (working) as long as i restart wsl between with wsl.exe --shutdown I can actually upgrade to 2.6.12 which is the latest version as long as i restart wsl after installing

[DogeFlow]

stay tuned

[carlosrmendes]

any update on this?

[MohaAmiry]

@carlosrmendes did you find a workaround for this?

[carlosrmendes]

@carlosrmendes did you find a workaround for this?

no, I downgraded openvpn to v2.4.7