ubuntudebianaptwindows-subsystem-for-linux

Windows10 WSL2 Ubuntu / Debian # no network


After upgrading from WSL to WSL2

sudo apt-get update

not works any longer. After:

wsl --set-version Ubuntu-18.04 2

Output is:

> sudo apt-get update
Err:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
  Temporary failure resolving 'security.ubuntu.com'
Err:2 http://archive.ubuntu.com/ubuntu bionic InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.

After going back to WSL1 the problem disappears again. Same on Debian and analogous in CentOS .. so WSL2 must have a bug.

The Windows10 build Version is 19041 and was installed today.

Any work around for WSL2? Regards


Solution

  • Most probably, the Distribution gets its own virtual adapter, first there are some steps you might try:

    1. Need to check if the packets really go through the Windows firewall enter image description here enter image description here Then check %systemroot%\system32\LogFiles\Firewall\pfirewall.log

    2. If packets are not going through firewall most likely the distribution gets it's own Virtual Adapter, check what IP gets distribution from inside Debian with:

      ifconfig

    or if you don't have ifconfig:

    perl -MSocket -le 'socket(S, PF_INET, SOCK_DGRAM, getprotobyname("udp"));
    connect(S, sockaddr_in(1, inet_aton("8.8.8.8")));
    print inet_ntoa((sockaddr_in(getsockname(S)))[1]);'
    

    or ipconfig on the Windows WSL2 host machine and look what IP takes the machine unde WSL adapter

    1. If you need to have access to the internet through the Windows IP check this issue: https://github.com/microsoft/WSL/issues/4150

    The work around is to use a script that does :

    a. Get Ip Address of WSL 2 machine

    b. Remove previous port forwarding rules

    c. Add port Forwarding rules

    d. Remove previously added firewall rules

    e. Add new Firewall Rules

    $remoteport = bash.exe -c "ifconfig eth0 | grep 'inet '"
    $found = $remoteport -match '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}';
    
    if( $found ){
      $remoteport = $matches[0];
    } else{
      echo "The Script Exited, the ip address of WSL 2 cannot be found";
      exit;
    }
    
    #[Ports]
    
    #All the ports you want to forward separated by coma
    $ports=@(80,443,10000,3000,5000);
    
    
    #[Static ip]
    #You can change the addr to your ip config to listen to a specific address
    $addr='0.0.0.0';
    $ports_a = $ports -join ",";
    
    
    #Remove Firewall Exception Rules
    iex "Remove-NetFireWallRule -DisplayName 'WSL 2 Firewall Unlock' ";
    
    #adding Exception Rules for inbound and outbound Rules
    iex "New-NetFireWallRule -DisplayName 'WSL 2 Firewall Unlock' -Direction Outbound -LocalPort $ports_a -Action Allow -Protocol TCP";
    iex "New-NetFireWallRule -DisplayName 'WSL 2 Firewall Unlock' -Direction Inbound -LocalPort $ports_a -Action Allow -Protocol TCP";
    
    for( $i = 0; $i -lt $ports.length; $i++ ){
      $port = $ports[$i];
      iex "netsh interface portproxy delete v4tov4 listenport=$port listenaddress=$addr";
      iex "netsh interface portproxy add v4tov4 listenport=$port listenaddress=$addr connectpor t=$port connectaddress=$remoteport";
      }
    

    An alternative solution is to go to Hyper-V Manager and change the Virtual Switch that is bound to the physical NIC enter image description here