-
Notifications
You must be signed in to change notification settings - Fork 822
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VPN still problematic #2082
Comments
@bigteejay - Might be it different returning google.com's IP address of " |
@sunjoong - I'm not (yet) following you. Are you asking if perhaps the two different DNS systems are returning different IP's and that is causing the failure? I would think it would just land on the first successful attempt to look it up? google.com was just what I used as an easy repo/example (problem was first noticed trying to use |
@bigteejay - I mean... I read you could ping google.com when you use X.X.X.X, but coud not when 84.200.69.80. So, I had a curiosity of difference. |
@sunjoong - Ah, I think you misunderstand. From bullet point 4 in "Whats happening" above, with my default DNS settings from my home router (during which 84.200.69.80 is the primary DNS as indicated in the content of It is the default state of Disconnecting from VPN (which causes |
@bigteejay - Hmm... Different problem from #1881 ? I had thought same kind. I think, in #1881, problem is on DNS. |
@sunjoong - Yes, a different issue. With the default conf files, I can ping/browse/etc anything not internally hosted on employers network. When connected to VPN, I can't connect to anything (though Windows itself continues to work just fine.) Changing the order of the entries, removing the auto-gen line, and leaving it with VPN DNS listed first resolves the problem no matter if I am connected to VPN or not. Not an issue of local domain/search (that works fine with the edited conf file.) I was initially looking to hit a private/internal/VPN-only resource and can only do so with the edited resolv.conf file (without issues at that point.) |
@bigteejay - Thanks for your post and sorry for the delay. What you are running into essentially looks like #1350 (or at least it is the same root cause). In Creators Update build, we did some work to identify VPN's DNS entry and made it the first entry in Regarding your question >> |
@sunilmut - I am using the Creators Update version, and while it is able to retrieve VPN DNS info, it is appending it to the bottom. It doesn't sound like that is the expected behavior? If it was functioning as you described, it would be a non-issue and work perfectly (since appending it to the top was what I did to get it working.) Regarding the question (and your answer) ah, that makes sense I suppose (unfortunately). I would hope that if the first responded and wasn't able to answer, that it would then try the remaining (which would also solve my problem.) Thanks for the heads up! |
@bigteejay - >> It doesn't sound like that is the expected behavior? |
Just some additional information, in case you are curious. Currently, the way DNS entries are populated in |
lol, how many times have I read this and only just now the VNP typo in the title (now fixed) :-) |
@sunilmut - I must be misunderstanding you. WSL is able to get my DNS info, which is how it got appended to the /etc/resolv.conf file to begin with! This means it is certainly not a duplicate, correct? It is, in fact, getting the DNS. The DNS is being added to the bottom. Placed there, it does not function. Placed at the top (as indicated in my original post) it works just fine. |
@bigteejay - I have also removed the "fixedincreatorsupdate" tag from #1350.
|
@sunilmut - So, in spite of WSL being able to get my VPN DNS, and add it to |
Exactly, because it does not know which one of the various DNS entries that it gets from Windows, belongs to the VPN. As noted above, for some VPN software, WSL is able to differentiate, for some, it is not. Unfortunately, for yours, it is not. |
Gotcha, understood. Thanks for clarifying that for me. Well, at least I have a workaround for in the meantime. |
If anyone's interested, I was struggling with this issue for a while and was able to find a solution. I'm connected to multiple vpns, each has it's own dns server and manages different domains. This means that everytime I had to connect to hosts in diffrenet vpns I had to changes Here's my solution:
Replace the domains ( Note: I had to manually Disable and Stop the
enjoy 😄 I realize this is a bit of blog post... but figured anyone who'll stumble upon this may enjoy this hack. |
We tried your workaround today, @dannyk81 , but sadly it doesn't seem to work for us. We could not ping our internal sites and the external sites, just one or the other. I think we did the same you did (e.g. followed all steps correctly). |
Hey @donaldpipowitch, could you clarify the issue? are you able to ping When you say can you share your setup details? |
Hmm, well in my (Sorry, if I got something wrong. I'm not a big network expert.) |
ok, so your Also, make sure you restart deadwood when you change the configuration (
|
@dannyk81 , I am also having issues getting this to work. I installed the Deadwood service. I disabled network sharing. I stopped and started the service. I think my config files are correct. I will need to resort to simply puting my VPN DNS address at the top of resolv.conf until I can get another solution working. Please look into this Microsoft! You now own Github so it only makes sense. Here is my Deadwood config file with identifying URLs and DNS addresses made generic:
Here is my /etc/resolv.conf file:
|
@Jikodis you should uncomment
|
@dannyk81 I appreciate the assistance. I am still experiencing issues after the change. I believe I will step away from WSL until some of these major issues are fixed. |
Well, it's up to you :) I'm using the above setup for ~4 months now and I'm very happy, I have 3-4 VPN tunnels connected all the time and everything works very well. |
@dannyk81 Okay, I jumped on some other solutions like CYGWIN and was disappointed with the result. Do you know why I might still be experiencing issues getting the Deadwood solution working? Here is my updated dwood3rc.txt file. I removed unnecessary comments. I would love to get this to work.
|
Hi @Jikodis Your configuration looks OK to me, I can't see any reason why this doesn't work. few things to try/test/verify:
/EDIT one more thing: don't have any additional ideas. |
Hello @dannyk81 Below is the result of running
|
You should see the dns requests you are issuing via nslookup and the
upstream queries/cache lookups that deadwood makes in the log.
```
C:\WINDOWS\system32>nslookup google.com 127.0.0.1
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: google.com
Address: 172.217.4.46
From deadwood log:
Tuesday, June 26, 2018 21:25:49 PM: Got DNS query for
\006google\003com\000\000\001
Tuesday, June 26, 2018 21:25:49 PM: Looking in cache for query
\006google\003com\000\000\001
Tuesday, June 26, 2018 21:25:49 PM: Nothing found for
\006google\003com\000\000\001
Tuesday, June 26, 2018 21:25:49 PM: Caching direct answer at
\006google\003com\000\000\001
Tuesday, June 26, 2018 21:25:49 PM: Looking in cache for query
\006google\003com\000\000\001
Tuesday, June 26, 2018 21:25:49 PM: Fetching \006google\003com\000\000\001
from cache
```
if there's nothing in your deadwood log, then they simply don't reach
deadwood.
When you stop deadwood, is the port 53 free? or something is listening on
that port?
Danny
…On 26 June 2018 at 18:11, Jikodis ***@***.***> wrote:
Hello @dannyk81 <https://github.com/dannyk81>
Thanks for the assistance. I have restarted deadwood. verbose_level is
set at 100 and I did not see anything useful in the logs. I cleared out the
cache file in the Deadwood directory. When I do an nslookup of my internal
domains, I get the respective DNSs I expect. I did have a DNS set on my
router as well as a rule to enforce them, but I have since taken those off.
I am still having issues even after resetting the router and computer.
Below is the result of running nslookup google.com 127.0.0.1 on Windows
and WSL:
C:\Users\myusername>nslookup google.com 127.0.0.1
Server: UnKnown
Address: 127.0.0.1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Non-authoritative answer:
Name: google.com
Addresses: 2607:f8b0:400a:800::200e
216.58.193.78
C:\Users\abush>wsl
--- Users/myusername » nslookup.exe google.com 127.0.0.1
Non-authoritative answer:
Server: UnKnown
Address: 127.0.0.1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 2607:f8b0:400a:800::200e
216.58.193.78
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2082 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AXJk7J7TNjMSlHqjYVXoMnetbaiaC-Alks5uArGWgaJpZM4NV7C5>
.
|
This is what I get in the log:
When I run |
I also have the same problem as above, can't get Deadwood to work for me. |
For my site, Deadwood + Cisco AnyConnect VPN + WSL works well. |
@Jikodis this is curious, Deadwood should listen on port 53 when it's running... I'm not sure why, but this is where I would focus. |
Just leaving a note here that I've gotten deadwood working, just not in conjunction with my Cisco AnyConnect VPN client. As soon as I connect, all requests that were previously going to deadwood are no longer received by it, resulting in timeouts. As soon as I disconnect, it begins working as expected. So far I've had no luck in finding a workaround for this.
|
@nivekastoreth Checkout https://docs.microsoft.com/en-us/windows/wsl/troubleshooting "Bash loses network connectivity once connected to a VPN" |
@sc-moonlight thanks for the link, but I currently have aliases to do the swapping of the The real answer is that #1350 just needs to be fixed, then all these hacks can be done away with. |
FWIW, I solved this problem by ssh'ing into a machine inside the VPN with Putty, noting its /etc/resolv.conf configuration, and basically combining my local file with the one from the machine inside the VPN |
Did you solve that @nivekastoreth ? |
@mr-deamon a little late responding, but no. I've spent many hours attempting to figure this out, and I still don't know what it was between Windows, Deadwood, WSL and my Cisco VPN that made the setup not work I have given up and just accepted that I'll be using cygwin for the next year or two until the issues I have with WSL are resolved. (Edit: the final straw for me was #2913 which requires me to reboot my entire computer in order to get networking inside of WSL working again. After that I just threw in the towel) |
@nivekastoreth We "fixed" it by using a (very old) VPN-client called shrew-vpn. This one does not mess with DNS |
For me it was due to IPv6 problem : #2142 |
Sorry to revive this, but I have a solution to this that I haven't seen documented for Cisco AnyConnect users. For WSL users on VPN who can only resolve internal (and not external) domains with their company's internal DNS, I found out this was caused by AnyConnect split tunneling VPN traffic. This can be changed by adding /TUNNELALL to the VPN url, which will have AnyConnect do full tunneling. The profiles are usually defined in xml files in "%PROGRAMDATA%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile", so you can change the url there. Hope this helps people searching this issue from google like myself. |
I am on Windows 10 with WSL version 1 and Ubuntu 20.04LTS. Worked perfectly. Thanks! |
Background
Why does networking not work when connected to VPN when VPN
/etc/resolv.conf
entries are lower, but works (connected to VPN or not) when VPN entries appear before non-VPN entries? Contrary to what appears to be indicated here and here, I must still follow the advice here to manually edit/etc/resolv.conf
to move the VPN entries to the top, then all works well. It seems that it tries all the entries when VPN is first (non-VPN DNS is utilized, after a brief pause, when disconnected from DNS with edited resolv.conf.)Windows build number
What is happening
$ lsb_release -d
Description: Ubuntu 16.04.2 LTS
What works
$ sudo nano /etc/resolv.conf
Straces
<cmd>
is failing, then runstrace -o strace.txt -ff <cmd>
, and post the strace.txt output here)Direct connect, no changes - no-vpn-working.txt
Connected via VPN, no changes - vpn-not-working.txt
Connected via VPN, edited resolv.conf - vpn-working-cust-resolv.txt
Disconnected from VPN, resolv.conf unchanged from strace above - no-vpn-working-cust-resolv.txt
The text was updated successfully, but these errors were encountered: