Windows Subsystem for Linux (WSL) fails to use DNS from a VPN tunnel

12/17/2020 18 People found this article helpful 208,257 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

Windows Subsystem for Linux (WSL) has a known problem with VPN based DNS.  See:

https://github.com/Microsoft/WSL/issues/1350

It appears the WSL BASH shell does not autogenerate the /etc/resolv.conf file correctly, or regenerate it when needed.   

The result is that DNS updates provided to the Windows OS, by the establishment of a VPN tunnel, are not recognized in the WSL environment.  

This is seen whether the WSL environment is brought up before or after the VPN tunnel is established.  

Cause

https://github.com/Microsoft/WSL/issues/1350

Resolution

Use the following shell script to clear this issue.  This script should only have to be run once on a particular instance of WSL. 

Note: If the 'ed' command is not found, you will need to install it manually (Ex: sudo apt-get install ed).

#!/bin/bash

# Refer to https://github.com/Microsoft/WSL/issues/1350 for more information.
# If the 'ed' command is not found, install it manually. (Ex: 'sudo apt-get install ed')

# Instructions:
# 1. Connect to the VPN.
# 2. Run this script right admin rights from the WSL prompt.
# 3. Test nslookup from the WSL prompt if the script runs successfully.

echo "Modifying namesever for VPN"
vpn() {
[ -s /run/resolvconf/resolv.conf -a -L /etc/resolv.conf ] && sudo cp --remove-destination /run/resolvconf/resolv.conf /etc/resolv.conf
local sudo="sudo"
if [ -w /etc/resolv.conf ]; then sudo=""; fi
$sudo ed -s /etc/resolv.conf <<'EOF'
H
a
#EOF
.
kx
g/^nameserver /d
.-1r !/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command '$x = Get-NetAdapter | Group-Object -AsHashtable -Property ifIndex; Get-DnsClientServerAddress -AddressFamily ipv4 | where {$x[$_.InterfaceIndex].Status -eq "Up"} | Select-Object -ExpandProperty ServerAddresses | foreach {"nameserver " + $_}' | sed 's/\r//g'
'xd
wq
EOF
}
vpn
echo "Done!"
sleep 5

The script may not work properly when pasted into a text editor. If you experience problems with the script, please try the base64-encoded string below.

1. Copy the entire Base64 block and paste it into a blank text editor.
2. Save the text file locally as vpn_script.txt.
3. On the WSL prompt, change directory to where vpn_script.txt was saved. Enter the command: 'base64 -d vpn_script.txt >> vpn_script.sh'.
4. The new file (vpn_script.sh) should contain the script text shown above and should avoid any issues with broken syntax due to new lines, etc.

IyEvYmluL2Jhc2gKCiMgVGhpcyBzY3JpcHQgZml4ZXMgL2V0Yy9yZXNvbHYuY29uZiB0byBhZGRyZXNzIGFuIGlzc3VlIHdoZXJlIEROUyBpcyBub3QgdXBkYXRlZCBpbiBXU0wuCiMgUmVmZXIgdG8gaHR0cHM6Ly9naXRodWIuY29tL01pY3Jvc29mdC9XU0wvaXNzdWVzLzEzNTAgZm9yIG1vcmUgaW5mb3JtYXRpb24uCiMgSWYgdGhlICdlZCcgY29tbWFuZCBpcyBub3QgZm91bmQsIGluc3RhbGwgaXQgbWFudWFsbHkuIChFeDogJ3N1ZG8gYXB0LWdldCBpbnN0YWxsIGVkJykKCiMgSW5zdHJ1Y3Rpb25zOgojIDEuIENvbm5lY3QgdG8gdGhlIFZQTi4KIyAyLiBSdW4gdGhpcyBzY3JpcHQgcmlnaHQgYWRtaW4gcmlnaHRzIGZyb20gdGhlIFdTTCBwcm9tcHQuCiMgMy4gVGVzdCBuc2xvb2t1cCBmcm9tIHRoZSBXU0wgcHJvbXB0IGlmIHRoZSBzY3JpcHQgcnVucyBzdWNjZXNzZnVsbHkuCgplY2hvICJNb2RpZnlpbmcgbmFtZXNldmVyIGZvciBWUE4iCnZwbigpIHsKWyAtcyAvcnVuL3Jlc29sdmNvbmYvcmVzb2x2LmNvbmYgLWEgLUwgL2V0Yy9yZXNvbHYuY29uZiBdICYmIHN1ZG8gY3AgLS1yZW1vdmUtZGVzdGluYXRpb24gL3J1bi9yZXNvbHZjb25mL3Jlc29sdi5jb25mIC9ldGMvcmVzb2x2LmNvbmYKbG9jYWwgc3Vkbz0ic3VkbyIKaWYgWyAtdyAvZXRjL3Jlc29sdi5jb25mIF07IHRoZW4gc3Vkbz0iIjsgZmkKJHN1ZG8gZWQgLXMgL2V0Yy9yZXNvbHYuY29uZiA8PCdFT0YnCkgKYQojRU9GCi4Ka3gKZy9ebmFtZXNlcnZlciAvZAouLTFyICEvbW50L2MvV2luZG93cy9TeXN0ZW0zMi9XaW5kb3dzUG93ZXJTaGVsbC92MS4wL3Bvd2Vyc2hlbGwuZXhlIC1Db21tYW5kICckeCA9IEdldC1OZXRBZGFwdGVyIHwgR3JvdXAtT2JqZWN0IC1Bc0hhc2h0YWJsZSAtUHJvcGVydHkgaWZJbmRleDsgR2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3MgLUFkZHJlc3NGYW1pbHkgaXB2NCB8IHdoZXJlIHskeFskXy5JbnRlcmZhY2VJbmRleF0uU3RhdHVzIC1lcSAiVXAifSB8IFNlbGVjdC1PYmplY3QgLUV4cGFuZFByb3BlcnR5IFNlcnZlckFkZHJlc3NlcyB8IGZvcmVhY2ggeyJuYW1lc2VydmVyICIgKyAkX30nIHwgc2VkICdzL1xyLy9nJwoneGQKd3EKRU9GCn0KdnBuCmVjaG8gIkRvbmUhIgpzbGVlcCA1

Related Articles

• How to deploy SMA100 series virtual appliance (SMA 500v) from one platform to another.
• SMA100:After upgrading to 10.2.1.7, began receiving nonstop alert emails stating "WAF threat prevented:
• SMA1000:When both IPv4 and IPv6 are enabled for the network interface, the first few connection attempts fail, but everything works fine after that.

Categories

• Secure Mobile Access > Mobile Connect
• Secure Mobile Access > SMA 100 Series
• Secure Mobile Access > SMA 1000 Series