-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Windows Subsystem for Linux (WSL) fails to use DNS from a VPN tunnel
12/17/2020 
18 People found this article helpful
481,794 Views
Description
Windows Subsystem for Linux (WSL) has a known problem with VPN based DNS. See:
https://github.com/Microsoft/WSL/issues/1350
It appears the WSL BASH shell does not autogenerate the /etc/resolv.conf file correctly, or regenerate it when needed.
The result is that DNS updates provided to the Windows OS, by the establishment of a VPN tunnel, are not recognized in the WSL environment.
This is seen whether the WSL environment is brought up before or after the VPN tunnel is established.
Cause
https://github.com/Microsoft/WSL/issues/1350
Resolution
Use the following shell script to clear this issue. This script should only have to be run once on a particular instance of WSL.
Note: If the 'ed' command is not found, you will need to install it manually (Ex: sudo apt-get install ed).
#!/bin/bash
# Refer to https://github.com/Microsoft/WSL/issues/1350 for more information.
# If the 'ed' command is not found, install it manually. (Ex: 'sudo apt-get install ed')
# Instructions:
# 1. Connect to the VPN.
# 2. Run this script right admin rights from the WSL prompt.
# 3. Test nslookup from the WSL prompt if the script runs successfully.
echo "Modifying namesever for VPN"
vpn() {
[ -s /run/resolvconf/resolv.conf -a -L /etc/resolv.conf ] && sudo cp --remove-destination /run/resolvconf/resolv.conf /etc/resolv.conf
local sudo="sudo"
if [ -w /etc/resolv.conf ]; then sudo=""; fi
$sudo ed -s /etc/resolv.conf <<'EOF'
H
a
#EOF
.
kx
g/^nameserver /d
.-1r !/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command '$x = Get-NetAdapter | Group-Object -AsHashtable -Property ifIndex; Get-DnsClientServerAddress -AddressFamily ipv4 | where {$x[$_.InterfaceIndex].Status -eq "Up"} | Select-Object -ExpandProperty ServerAddresses | foreach {"nameserver " + $_}' | sed 's/\r//g'
'xd
wq
EOF
}
vpn
echo "Done!"
sleep 5The script may not work properly when pasted into a text editor. If you experience problems with the script, please try the base64-encoded string below.
1. Copy the entire Base64 block and paste it into a blank text editor.
2. Save the text file locally as vpn_script.txt.
3. On the WSL prompt, change directory to where vpn_script.txt was saved. Enter the command: 'base64 -d vpn_script.txt >> vpn_script.sh'.
4. The new file (vpn_script.sh) should contain the script text shown above and should avoid any issues with broken syntax due to new lines, etc.
IyEvYmluL2Jhc2gKCiMgVGhpcyBzY3JpcHQgZml4ZXMgL2V0Yy9yZXNvbHYuY29uZiB0byBhZGRyZXNzIGFuIGlzc3VlIHdoZXJlIEROUyBpcyBub3QgdXBkYXRlZCBpbiBXU0wuCiMgUmVmZXIgdG8gaHR0cHM6Ly9naXRodWIuY29tL01pY3Jvc29mdC9XU0wvaXNzdWVzLzEzNTAgZm9yIG1vcmUgaW5mb3JtYXRpb24uCiMgSWYgdGhlICdlZCcgY29tbWFuZCBpcyBub3QgZm91bmQsIGluc3RhbGwgaXQgbWFudWFsbHkuIChFeDogJ3N1ZG8gYXB0LWdldCBpbnN0YWxsIGVkJykKCiMgSW5zdHJ1Y3Rpb25zOgojIDEuIENvbm5lY3QgdG8gdGhlIFZQTi4KIyAyLiBSdW4gdGhpcyBzY3JpcHQgcmlnaHQgYWRtaW4gcmlnaHRzIGZyb20gdGhlIFdTTCBwcm9tcHQuCiMgMy4gVGVzdCBuc2xvb2t1cCBmcm9tIHRoZSBXU0wgcHJvbXB0IGlmIHRoZSBzY3JpcHQgcnVucyBzdWNjZXNzZnVsbHkuCgplY2hvICJNb2RpZnlpbmcgbmFtZXNldmVyIGZvciBWUE4iCnZwbigpIHsKWyAtcyAvcnVuL3Jlc29sdmNvbmYvcmVzb2x2LmNvbmYgLWEgLUwgL2V0Yy9yZXNvbHYuY29uZiBdICYmIHN1ZG8gY3AgLS1yZW1vdmUtZGVzdGluYXRpb24gL3J1bi9yZXNvbHZjb25mL3Jlc29sdi5jb25mIC9ldGMvcmVzb2x2LmNvbmYKbG9jYWwgc3Vkbz0ic3VkbyIKaWYgWyAtdyAvZXRjL3Jlc29sdi5jb25mIF07IHRoZW4gc3Vkbz0iIjsgZmkKJHN1ZG8gZWQgLXMgL2V0Yy9yZXNvbHYuY29uZiA8PCdFT0YnCkgKYQojRU9GCi4Ka3gKZy9ebmFtZXNlcnZlciAvZAouLTFyICEvbW50L2MvV2luZG93cy9TeXN0ZW0zMi9XaW5kb3dzUG93ZXJTaGVsbC92MS4wL3Bvd2Vyc2hlbGwuZXhlIC1Db21tYW5kICckeCA9IEdldC1OZXRBZGFwdGVyIHwgR3JvdXAtT2JqZWN0IC1Bc0hhc2h0YWJsZSAtUHJvcGVydHkgaWZJbmRleDsgR2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3MgLUFkZHJlc3NGYW1pbHkgaXB2NCB8IHdoZXJlIHskeFskXy5JbnRlcmZhY2VJbmRleF0uU3RhdHVzIC1lcSAiVXAifSB8IFNlbGVjdC1PYmplY3QgLUV4cGFuZFByb3BlcnR5IFNlcnZlckFkZHJlc3NlcyB8IGZvcmVhY2ggeyJuYW1lc2VydmVyICIgKyAkX30nIHwgc2VkICdzL1xyLy9nJwoneGQKd3EKRU9GCn0KdnBuCmVjaG8gIkRvbmUhIgpzbGVlcCA1Related Articles
- How to Set Timeout for Inactive Tunnel Connections
- Commands for silent installation of NetExtender via CMD line
- Users on Netextender 10.3.0 version failing to connect with the following error message " Cannot get a response from the server "
Categories
- Secure Mobile Access > Mobile Connect
- Secure Mobile Access > SMA 100 Series
- Secure Mobile Access > SMA 1000 Series
YES
NO