6

so I was having issues with domain resolution with WSL whenever I use the VPN. I would get this:

ping: google.com: Temporary failure in name resolution

I tried following instructions from these answers Temporary Failure in name resolution on WSL

Specifically from this part:

  1. Inside WSL2, create or append file: /etc/wsl.conf

  2. Put the following lines in the file in order to ensure the your DNS changes do not get blown away

    echo "[network]" | sudo tee /etc/wsl.conf
echo "generateResolvConf = false" | sudo tee -a /etc/wsl.conf

  3. In a cmd window, run wsl --shutdown

  4. Start WSL2

  5. Run the following inside WSL2

    sudo rm -rf /etc/resolv.conf
sudo cat << EOF > /etc/resolv.conf
search [yourbase.domain.local]
nameserver 8.8.8.8
nameserver 1.1.1.1
EOF

However, I cannot seem to be able to edit the file /etc/resolv.conf as I would get zsh: permission denied: /etc/resolv.conf

I also don't know what it means [yourbase.domain.local] or with what I should be replacing it. I already messed up my domain resolution, and now I get the first error every time, even when my laptop is not connected to the VPN. I really need to know how to fix the config files that I modified

Edit: using muru's suggestion from the comments, I was able to fix the domain resolution with the command

sudo tee /etc/resolv.conf <<EOF

However, I'd like to know if there is a solution for this error when I connect to a VPN. Since none of the solutions from the mentioned link didn't work for me.

Morgan Soren
  • 163

2 Answers2

4

Well, it's a different potential solution than I've seen before, but it's worked for some folks. I'm no longer on Cisco VPN, so I can't test it, but ...

There are two parts to resolving the issue:

  • Fix Internet Connectivity
  • Fix DNS resolution

In the comments, you confirmed that you also can't ping 8.8.8.8, which may mean that you haven't resolved the first part. However, I do see in this Github comment that ping just won't work at all with some AnyConnect settings, so perhaps that's not the best indicator.

Try:

wget https://$(powershell.exe -c "(Resolve-DnsName -type a askubuntu.com)[0] | Select-Object -ExpandProperty IPAddress" | tr -d '\r')

That's going to use PowerShell to resolve the IP Address for Ask Ubuntu, then attempt to wget from it. It should fail, but you should get back:

ERROR: cannot verify 151.101.129.69's certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:
...

If not, then you probably really haven't resolve the connection issue. And until that is fixed, DNS resolution definitely won't work.

Try the 4th command there:

Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

Then try the wget above again. Any difference?

If not, then try (in this order):

  • Exit Ubuntu

  • Disconnect AnyConnect

  • wsl --shutdown from POwerShell

  • Start Ubuntu

  • Connect to AnyConnect

  • Run (again):

    In PowerShell:

    Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

    In Ubuntu:

    wget https://$(powershell.exe -c "(Resolve-DnsName -type a askubuntu.com)[0] | Select-Object -ExpandProperty IPAddress" | tr -d '\r')

If you do then have Internet connection, then follow the rest of the steps to try to fix the DNS resolution.

But for some users, this continues to be a problem.

Also see this gist for what may be a better guide. It's the same overall information, but slightly different order and implementation.

Possible Alternative - Run Ubuntu in WSL1

If your use-case for WSL supports it, WSL1 will typically run without issues when connect to a VPN. You can convert the instance from PowerShell via:

wsl -l -v
# Confirm distribution name, adjust commands as needed
wsl --export Ubuntu \windows\path\to\save\ubuntu.tar
wsl --set-version Ubuntu 1

Or, if you'd like, you can wsl --import that backup into a new instance WSL1 instance via wsl --import UbuntuWSL1 \location\for\instance \path\to\ubuntu.tar --version 1

NotTheDr01ds
  • 22,082
1

In my case, I've disabled Internet Protocol Version 6 (TCP/IPv6) in WLAN Properties of Network Connections Settings.

Configuration Screenshot:

Screenshot of Disabling Internet Protocol Version 6 (TCP/IPv6)

Ping GitHub.com Successfully Screenshot:

Screenshot of Ping GitHub.com Successfully

Source: https://unix.stackexchange.com/a/628767/338681

Jerry Chong
  • 211
  • 2
  • 5