The wsl-vpnkit
v0.4 script uses gvisor-tap-vsock to provide network connectivity to the WSL 2 VM while connected to VPNs on the Windows host. This requires no settings changes or admin privileges on the Windows host.
For previous versions, see v0.3 and v0.2.
Before setting up wsl-vpnkit
, check if a DNS server change may be enough to get connectivity by pinging a public IP address from WSL 2. If that works, follow the steps in WSL has no network connectivity once connected to a VPN.
wsl-vpnkit
is intended to help when more than a DNS server change is needed.
Download the prebuilt file wsl-vpnkit.tar.gz
from the latest release and import the distro into WSL 2.
# PowerShell
wsl --import wsl-vpnkit --version 2 $env:USERPROFILE\wsl-vpnkit wsl-vpnkit.tar.gz
Run wsl-vpnkit
. This will run wsl-vpnkit
in the foreground.
wsl.exe -d wsl-vpnkit --cd /app wsl-vpnkit
To update, unregister the existing distro and import the new version.
# PowerShell
wsl --unregister wsl-vpnkit
wsl --import wsl-vpnkit --version 2 $env:USERPROFILE\wsl-vpnkit wsl-vpnkit.tar.gz
To uninstall, unregister the distro.
# PowerShell
wsl --unregister wsl-vpnkit
The wsl-vpnkit
script can be used as a normal script in your existing distro. This is an example setup script for Ubuntu.
# install dependencies
sudo apt-get install iproute2 iptables iputils-ping dnsutils wget
# download wsl-vpnkit and unpack
VERSION=v0.4.x
wget https://github.com/sakai135/wsl-vpnkit/releases/download/$VERSION/wsl-vpnkit.tar.gz
tar --strip-components=1 -xf wsl-vpnkit.tar.gz \
app/wsl-vpnkit \
app/wsl-gvproxy.exe \
app/wsl-vm \
app/wsl-vpnkit.service
rm wsl-vpnkit.tar.gz
# run the wsl-vpnkit script in the foreground
sudo VMEXEC_PATH=$(pwd)/wsl-vm GVPROXY_PATH=$(pwd)/wsl-gvproxy.exe ./wsl-vpnkit
WSL versions 0.67.6 and later support systemd. Follow the instructions in the link to enable systemd support for your distro.
Create the service file and enable the service. Now wsl-vpnkit.service
should start with your distro next time.
# wsl-vpnkit setup as a distro
wsl.exe -d wsl-vpnkit --cd /app cat /app/wsl-vpnkit.service | sudo tee /etc/systemd/system/wsl-vpnkit.service
# copy and edit for wsl-vpnkit setup as a standalone script
sudo cp ./wsl-vpnkit.service /etc/systemd/system/
sudo nano /etc/systemd/system/wsl-vpnkit.service
# enable the service
sudo systemctl enable wsl-vpnkit
# start and check the status of the service
sudo systemctl start wsl-vpnkit
systemctl status wsl-vpnkit
# build with alpine image to ./wsl-vpnkit.tar.gz
./build.sh alpine
# build with fedora using Podman
DOCKER=podman ./build.sh fedora
# import the built distro from ./wsl-vpnkit.tar.gz
./import.sh
# run using the imported distro
wsl.exe -d wsl-vpnkit --cd /app wsl-vpnkit
- Ports on the WSL 2 VM are accessible from the Windows host using
localhost
. - Ports on the Windows host are accessible from WSL 2 using
host.containers.internal
,192.168.127.254
or the IP address of the host machine.
wsl-vpnkit
uses /mnt/wsl/resolv.conf
to get the WSL 2 gateway IP. If modifying /etc/resolv.conf
to set a custom DNS configuration, set generateResolvConf=false
in wsl.conf
.
On older WSL versions where /mnt/wsl/resolv.conf
is not available, wsl-vpnkit
will fallback to using /etc/resolv.conf
. When setup as a standalone script and using a custom DNS configuration for the distro, the WSL2_GATEWAY_IP
environment variable should be set for wsl-vpnkit
to use.
wsl-vpnkit
requires that the WSL 2 distro be able to run Windows executables. This interop
setting is enabled by default in WSL 2 and in the wsl-vpnkit
distro.
Security configurations on the Windows host may only permit running executables in certain directories. You can copy wsl-gvproxy.exe
to an appropriate location and use the GVPROXY_PATH
environment variable to specify the location.
# enable [automount] in wsl.conf for wsl-vpnkit distro
wsl.exe -d wsl-vpnkit --cd /app sed -i -- "s/enabled=false/enabled=true/" /etc/wsl.conf
# set GVPROXY_PATH when running wsl-vpnkit
wsl.exe -d wsl-vpnkit --cd /app GVPROXY_PATH=/mnt/c/path/wsl-gvproxy.exe wsl-vpnkit
wsl-vpnkit
currently only handles creating a network connection. Proxies and certificates must be configured separately in your distro.
If VS Code takes a long time to open your folder in WSL, enable the setting "Connect Through Localhost".
# PowerShell
# shutdown WSL to reset networking state
wsl --shutdown
# kill any straggler wsl-gvproxy processes
kill -Name wsl-gvproxy
# set the DEBUG environment variable
wsl.exe -d wsl-vpnkit --cd /app DEBUG=1 wsl-vpnkit