-
Notifications
You must be signed in to change notification settings - Fork 822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WSL no internet connection / DNS issues #11693
Comments
Logs are required for review from WSL teamIf this a feature request, please reply with '/feature'. If this is a question, reply with '/question'. How to collect WSL logsDownload and execute collect-wsl-logs.ps1 in an administrative powershell prompt:
The scipt will output the path of the log file once done. Once completed please upload the output files to this Github issue. Click here for more info on logging View similar issuesPlease view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it! Open similar issues:
Closed similar issues:
|
I have the exact same issue, started today as well. |
@kohlerdominik It's a really annoying problem. I found a quick fix incase it really bothers you - doesn't seem to affect my project code but things feel slower in general. I just downgrade to WSL1 and it works
It says it takes a few minutes but in reality it took almost an hour for me. I'm hoping a proper fix will be here so I can switch back to WSL2. Cheers and hope it helps! P.S. I tried to switch back to WSL2 afterwards and the network issue still persisted, so I guess switching back and forth doesnt' work 👎 |
@cyberjj999 after investigating I found, that
This is quite an ugly workaround, though, because it works staticly only for our work environment and the internet. I guess the resolv.conf should be taken from the windows network adapter usually (so DHCP-conf is properly forwared), but this did break. |
Hi, I'm using NAT mode, and this works perfectly for Photon OS on WSL2. |
Yes, there is a difference between version 1 and 2, but currently version 2 doesn't work anymore, and version 1 still performs as expected. Thanks to @cyberjj999 for hinting on temporarily switch to version 1. Running 10.0.22631.3737 FWIW |
On x86_64, |
I'm still deeply lost with what's happening. I happen to need to use I have uploaded the logs above. Incidentally, I saw in another issue (#11675) mentioning similar things, and your suggestion for WSL reinstallation.
I'll give it a shot tomorrow if there's no alternative solution. Can I ask regarding the backup for WSL which you suggested: (I have custom bash scripts/commands + other installations like |
Diagnostic information
|
From my perspective, Ollama, security-hardened by VMware Photon OS (one of the origins of Cbl mariner), runs best in VMware Workstation. But built-in WSL in Windows 11 as homelab use-case has become good enough. Not all functions are fail-safe yet. Clarification: |
Thanks for contributing. I hope to update that I've done even more steps
The network issue still persists despite all the attempts. I sincerely seek your support., especially since I'd need WSL2 to run certain programs.... thanks |
Which constellation does not work?
In my homelab,
All tests were on VMware By Broadcom Photon OS 5.0 guest with findings from March to June 2024. I didn't start testing yet the new possibilities as described in https://devblogs.microsoft.com/commandline/whats-new-in-the-windows-subsystem-for-linux-in-may-2024/. |
I'm using the default WSL configuration which is utilizing NAT by default, I presume. I tried uninstalling the Downgrading to WSL I'm starting to think it could be some network configuration issues but I really have no clues of what happened 1-2 weeks ago that randomly caused this to happen. ^ If the issue is VPN, wouldn't it work once I switch network? Because that didn't work... I'm rather clueless now... |
Troubleshooting WSL lists quite a few known issues e.g. constellations with Cisco anyconnect vpn, antiviruses which prevent wsl internet access, etc. Edited: From your logs provided and using Windows Performance Analyzer for the first time, I'm afraid, in System activity > 'regions of interest' >table details view mostly is empty and in WPP Trace >Process(Name) are displayed as unknown. Otherwise I would collect the information the classic way: 1) Windows eventlogs, 2) in |
@craigloewen-msft are there any updates? Thank you @dcasota I already included my log as you've mentioned. Currently working with raw windows and there's quite a number of packages that I can't even install to get my dev work going. |
@cyberjj999 From what I've seen, it matches to your observations. The service goal to safely deliver package updates at granular level from Windows to distros seems to work, but hiding the complexity wasn't possible in that time. In registry, there are a bunch of entries with the naming schema
I finished the delay of KB5039212. It seems that the kb has been updated at granular level. Now I get
and not the .3737-files anymore. Wsl still is on version 2.1.5. I didn't update for the moment as it works flawlessly. |
I also figured out internet isn't working for me anymore at all (Ubuntu 22.04, WSL 2.2.4). I first thought it was Docker or a temporary bug that could be fixed by a |
I fixed the issue by setting |
@AnonymousWP From your description
Wrong or Right? Yes, resolv.conf, docker and distro-specific issues can be excluded. |
Yes, correct. Now the question is: what's causing this? I got an update for WSL from the Microsoft Store some days (almost a week) ago, or is it the Windows update? |
I don't know the root cause. The history was
Where is |
@AnonymousWP thanks for your feedback: i added a
and I still suffer from a lack of internet connection. @dcasota I think the logs above might have been collected when my WSL was 2.2.4, but regardless, my current version is 2.1.5 (after I ran the Not quite sure what's left to try. I'm considering switching to an entire dual-boot set up at the moment, but admittedly it'd be quite inconvenient... |
@cyberjj999 wsl 2.1.5 with |
I think I have found what's going on with this issue, at least on Windows 11. With version 22H2, Microsoft has introduced the Hyper-V firewall, and depending on your Windows Defender Firewall configuration, the default settings for the Hyper-V firewall may impact negatively the WSL2 connections. TL;DR solution if you are stuck with this issue (at least it works for me)Note: The Hyper-V firewall can only be configured with PowerShell. Currently, there is no specific support for configuring it via GPOs, nor there is a GUI. From an elevated PowerShell prompt, run this cmdlet: Get-NetFirewallHyperVVMCreator You should get the following:
Now get the default configuration for WSL. Run: Get-NetFirewallHyperVVMSetting -PolicyStore ActiveStore -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' You should get the following:
Allow the outbound traffic for WSL2: Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultOutboundAction Allow Your Linux distros should now be able to connect to the LAN/Internet. Longer versionIf Windows firewall is configured to block all the outbound (or inbound) connections for which there is no rule, your WSL2 distros outbound/inbound connections will be blocked as well. The reason is that, by default, both inbound and outbound traffic to/from WSL2 distros is blocked. Configuring WSL2 to work in mirrored networking mode (which is the one I need) will not change this. After having tried all the possible solutions, downgrades, upgrades, ... suggested on this bug issue, including the removal and reinstallation of the entire WSL (and depending) subsystems, I was always back to square one: none of my WSL2 distros would connect to the LAN or the Internet. I noticed however that ICMP traffic was permitted everywhere (or everywhere your core/border firewall, if you happen to have one, permits). I realized I had to investigate the Windows firewall. Only, I could not find any trace of blocked connections in the Windows firewall log. Moreover, even using the nifty Windows Firewall Control (WFC) utility by Binisoft (now Malwarebytes) WSL2 distros attempts to communicate did not raise any notification. With WFC, I normally use the Medium Filtering, which corresponds in Windows Defender Firewall parlance to block inbound or outbound connections for which there is no rule. I changed temporarily WFC configuration to Low Filter, which enables all the outbound connections even if there is no specific rule for them, and immediately my Linux distros started to communicate. A quick Internet search with keywords WSL2 and firewall pointed me to this Microsoft page, Configure Hyper-V firewall, a feature I was not aware of. I quickly realized that with my Windows firewall configuration, which is not the default, the default settings of the new Hyper-V firewall cause the issue. The TL;DR steps I've shown above is what has fixed my WSL2 connections problems. A couple of related notes:
WSL --version
I downgraded WSL to 2.1.5.0 following this long thread, but I have the feeling it should work even with the latest WSL version. EDIT Confirmed: upgrading to the latest WSL 2.2.4.0 the fix still works. There should be no need to remove the latest Windows patches, downgrade or reinstall WSL whatsoever. All considered, I also don't think KB5039212 has anything to do with this issue. EDIT 2 ICMP traffic is permitted because there are specific rules for that. See the output of Get-NetFirewallHyperVRule -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' |
@Wrong-Code The regression complexity is the main culprit for the many wsl issues. Obviously this was and is not the case yet. Windows 11 Pro with KB5039212, wsl 2.1.5, hyper-V firewall settings { DefaultInboundAction=Allow / DefaultOutboundAction=Allow / LoopbackEnabled=true / AllowHostPolicyMerge=true } does not work with networkingMode=mirrored in my homelab with Photon OS 5 and ipv4only with no vlan/vpn/bond. In March, I started with some similar hyper-V firewall research findings of hardening posssibilities in https://github.com/dcasota/photonos-scripts/wiki/Photon-OS-on-WSL2#hardening. A good solution pattern should include
Hence, I would say there is a solution regression gap somewhere between 4-8. It's a pity that there is no open-source joint-venture with VMware By Broadcom. Planning together existing and future virtual hardware capabilities (device firmware, kernel, virtual devices, drivers, default settings) for x86_64 and arm64 would be helpful for terrestric edge and datacenter solutions. Network configuration management, network setup, networking event brokering - this is NOT solved in cbl-mariner and therefore not in wsl. The software delivery method in Windows through .mum packages seems to work. Facing the 50++ .mum package entries with the naming schema |
Yes, I see the output The content in # This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 8.8.8.8 Besides, the |
@1MLightyears, I suppose you have already tried what I've suggested in my previous post, especially this command (but please learn about it in context, if you haven't done it already):
I am using the official Windows Store's Debian 12 distro, with the latest patched WSL 2, on Windows 11 23H2 and with the Hyper-V role installed as well. Without the above command, I could only ping any address, but I could not reach any host (LAN or Internet) via TCP or UDP. With the rule in place, my issue was resolved Using WSL network mirror mode, BTW. Can you ping your DNS host (assuming there is no firewall in your infrastructure blocking ICMP traffic)? Can you connect to other TCP/UDP service ports on other hosts, or your problem is just with DNS (UDP 53)? |
Thank you @Wrong-Code , I'm afraid that I have tried that command. Here is what I got: PS E:\> NetFirewallHyperVVMSetting
Name : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
Enabled : NotConfigured
DefaultInboundAction : Allow
DefaultOutboundAction : Allow
LoopbackEnabled : NotConfigured
AllowHostPolicyMerge : NotConfigured Inbound and Outbound are all I can ping any IP address( |
This should be related to #11036, because the default |
Thank you @torgeros , but it turned out not the issue, # This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860::8888
search modem but PS: I have added I will post my
|
Interesting, okay. Because for me the |
Then maybe my issue #11928 is not exactly the same as this one... |
@1MLightyears. thanks for following up I see you are using 8.8.8.8 as DNS server. are you setting generateResolvConf to false in your /etc/wsl.conf file? I recommend keeping generateResolvConf to the default true and enabling DNS tunneling. |
@CatalinFetoiu Sorry for late response, been busy with my work :( I have changed my # This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 10.255.255.254
search modem Though, the result remains the same( PS: my
PPS: I'm not sure that if my : systemd-resolved.service: Failed to execute /lib/systemd/systemd-resolved: Permission denied
: systemd-resolved.service: Failed at step EXEC spawning /lib/systemd/systemd-resolved: Permission denied Though this file is actually 755. |
@1MLightyears thanks. download https://github.com/microsoft/WSL/blob/master/diagnostics/wsl_networking.wprp collect and share logs.etl |
@CatalinFetoiu Hi! I'd like to provide some good news. |
@1MLightyears thanks. it looks like you attached a WslLogs zip, do you have a WslNetworkingLogs zip generated by the collect-networking-logs.ps1? If you still encounter issues with collect-networking-logs.ps1, please try the wpr commands I shared |
Hi @CatalinFetoiu , the problem of Here is the log of a successful running the fixed |
@1MLightyears great to hear the script worked, please feel free to open a PR with the change you made. thanks! |
@CatalinFetoiu Sorry to disturb you but is there any update on this issue? |
I was able to solve mine by setting
in |
@1MLightyears thanks for your patience. I looked at WslNetworkingLogs-2024-09-06_14-18-10.zip DNS requests for google.com are sent to 127.0.0.1, port 53 how are you reproducing the issue? (e.g. are you running ping google.com?) thanks |
@CatalinFetoiu Yes, I reproduced the issue with a # nslookup www.google.com
Server: 10.255.255.254
Address: 10.255.255.254#53
Non-authoritative answer:
Name: www.google.com
Address: 142.250.70.196
Name: www.google.com
Address: 2404:6800:4015:800::2004 But |
@torgeros Sadly I've tried this before and it doesn't work. The problem is that I don't know whether it's a problem of wsl or a problem about Linux configuration... |
@1MLightyears thanks for following up. Could you please collect and share the following strace outputs? those should give us a hint on why ping uses the wrong DNS server (127.0.0.1 instead of 10.255.255.254) strace -f ping google.com |
is not this it? |
The stderr output of these two commands are as follows: @shigenobuokamoto Thank you for your reply! Sadly after it's disabled, the |
@1MLightyears thanks for sending the strace logs from strace_ping, there are failures to open /etc/resolv.conf (and other DNS related files) with error permission denied, so ping seems to fall back to using 127.0.0.1 as DNS server, which will not work it's not immediately clear why this happens to narrow down the problem, can you please share the following?
newfstatat(AT_FDCWD, "/etc/nsswitch.conf", 0x7ffe385ff100, 0) = -1 EACCES (Permission denied) |
@CatalinFetoiu Updates:
# dig @10.255.255.254 www.google.com
;; communications error to 10.255.255.254#53: timed out
;; communications error to 10.255.255.254#53: timed out
;; communications error to 10.255.255.254#53: timed out
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> @10.255.255.254 www.google.com
; (1 server found)
;; global options: +cmd
;; no servers could be reached I also tried a plain # dig www.google.com
; <<>> DiG 9.18.12-0ubuntu0.22.04.2-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62020
;; flags: qr rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 0 IN A 142.250.70.132
;; Query time: 9 msec
;; SERVER: 172.17.64.1#53(172.17.64.1) (UDP)
;; WHEN: Wed Oct 09 20:25:46 AEDT 2024
;; MSG SIZE rcvd: 62
There is no difference as I'm using the root user running all the commands(and all the commands in wsl above)
# ls -l /etc/resolv.conf
lrwxrwxrwx 1 lightyears root 20 Oct 9 20:24 /etc/resolv.conf -> /mnt/wsl/resolv.conf I double checked it and ensured that the content is: nameserver 172.17.64.1 But when I check the mode of # ls -l /mnt/wsl/resolv.conf
-rw-r--r-- 1 lightyears root 197 Oct 9 20:24 /mnt/wsl/resolv.conf
# ls -l /etc/host.conf
-rw-r--r-- 1 lightyears root 92 Oct 15 2021 /etc/host.conf Nevertheless, 644 should be enough to read it...I have no idea why it's denied |
it looks like the error is occurring when trying to run systemd-networkd.
|
@1MLightyears could you please collect the following additional diagnostics, to help understanding what's causing the permission denied issue? Please run ping google one more time before collecting the below dmesg &> dmesg.log and share this file thanks |
@shigenobuokamoto There is still a failure when |
Thank you @CatalinFetoiu , here is the logs.zip |
@1MLightyears thanks if you replace this line in /etc/passwd with the line below, then run "wsl --shutdown" and restart WSL, the permission issue should be fixed cc @OneBlue |
this symlink is created when enable systemd-networkd. to verify, i installed WSL + Ubuntu.
i tried enabling systemd-networkd and it did not break anything. the issue seems to be that for some reason systemd-resolved is unable to recognize /etc/resolv.conf. would you mind trying some?
/etc/systemd/resolved.conf.d/dnsserver.conf
|
Windows Version
Microsoft Windows [Version 10.0.22621.3737]
WSL Version
2.2.4.0
Are you using WSL 1 or WSL 2?
Kernel Version
5.15.153.1-microsoft-standard-WSL2
Distro Version
No response
Other Software
No response
Repro Steps
ping google.com
returnsping: google.com: Temporary failure in name resolution
pip install streamlit
or other packages return network error message; same for sudo-apt installThis indicate a clear network problem.
Expected Behavior
No issues with network problem -
ping
works andpip install <package>
should work.Actual Behavior
Clear Network/Internet Connection Problem:
ping google.com
returnsping: google.com: Temporary failure in name resolution
pip install streamlit
or other packages return network error message; same for sudo-apt installMy host machine (Windows 11) has no internet issues at all.
What I've Tried
Disable windows firewall entirely shutdown WSL and
ping google.com
again: doesn't workRan the following command to flush my dns on windows:
then restarted my computer: doesn't work
/etc/resolv.conf
and/etc/wsl.conf
to put nameserver of8.8.8.8
and8.8.8.4
and even make the/etc/resolve.conf
immutable... and it doesn't work.Disabled "fast start-up" option in Power Options then restarted my comp... still doesn't work
Chnaged from my company WiFi to my personal mobile hotspot - doesn't work
Suspected Reasons
Change of network (VPN?) but disabling VPN doesn't yield a meaningful difference
Windows Update (including Quality Updates)
Somehow I have WSL update automatically with an old kernel version though my WSL Ubuntu is installed from Microsoft store?
enter image description here
But my WSL version seems to be okay
Appreciate Any Help
Diagnostic Logs
Added WSL Logs
WslLogs-2024-06-16_22-35-16.zip
The text was updated successfully, but these errors were encountered: