Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Standalone mode doesn't work ? #180

Closed
adpeyre opened this issue Jan 16, 2023 · 12 comments · Fixed by #187
Closed

Standalone mode doesn't work ? #180

adpeyre opened this issue Jan 16, 2023 · 12 comments · Fixed by #187

Comments

@adpeyre
Copy link

adpeyre commented Jan 16, 2023

Hello,

Are you sure the standalone installation works well ?
I followed your instructions and installed it in my custom wsl distribution. When I launch wsl-vpnkit, I still have the network's problems.

Ty

@kohlerm
Copy link

kohlerm commented Jan 17, 2023

Same here. If I follow the instructions it says

wsl-gvproxy.exe not found at /wsl-vpnkit/wsl-gvproxy.exe

I moved it to that location still does not seem to work

@adpeyre
Copy link
Author

adpeyre commented Jan 17, 2023

@kohlerm You need to push wsl-gvproxy.exe to /wsl-vpnkit/wsl-gvproxy.exe at root of the windows user.
I did that : mv wsl-gvproxy.exe "$WINHOME/wsl-vpnkit/wsl-gvproxy.exe" ($WINHOME = /mnc/c/users/myuser/)

@kohlerm
Copy link

kohlerm commented Jan 18, 2023

@adpeyre Thanks for the hint, but I still cannot get it to work.
I get

 sudo ./wsl-vpnkit
wslpath:
starting wsl-vpnkit
cleaning up iptables...
# Warning: iptables-legacy tables present, use iptables-legacy to see them
# Warning: iptables-legacy tables present, use iptables-legacy to see them
# Warning: iptables-legacy tables present, use iptables-legacy to see them
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables cleanup done
restoring WSL 2 ip route...
RTNETLINK answers: File exists
RTNETLINK answers: File exists
restored WSL 2 ip route
starting gvproxy at /wsl-vpnkit/wsl-gvproxy.exe...
started gvproxy
waiting for dhcp...
INFO[0000] waiting for packets...
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth1/5a:94:ef:e4:0c:ee
Sending on   LPF/eth1/5a:94:ef:e4:0c:ee
Sending on   Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0xebcf7321)
time="2023-01-18T14:47:59+01:00" level=info msg="new connection from remote to 41360"
DHCPOFFER of 192.168.67.3 from 192.168.67.1
DHCPREQUEST for 192.168.67.3 on eth1 to 255.255.255.255 port 67 (xid=0x2173cfeb)
DHCPACK of 192.168.67.3 from 192.168.67.1 (xid=0xebcf7321)
bound to 192.168.67.3 -- renewal in 1750 seconds.

But no connection to the internet...
Did you get it working?
I am on Ubuntu 22.04.01.

@kohlerm
Copy link

kohlerm commented Jan 19, 2023

Ok. Finally got it working (cleanup not working properly).
See main...kohlerm:wsl-vpnkit:main
Problems were:

  1. CMDSHELL would not be set correctly, not sure why. Hardcoded it to the typical location
  2. WSL2_VM_IP would not have the correct value, because the output of ifconfig was slightly different.
  3. replaced iptables by iptables-legacy (not sure that is absolutely needed)
  4. added ip route flush 0/0 ip route add default via $VPNKIT_GATEWAY_IP dev eth1

to run (would not have the correct default route otherwise.

@adpeyre
Copy link
Author

adpeyre commented Jan 19, 2023

@kohlerm Ty. I'll test that.

  • ❌ CMDSHELL works for me. => /mnt/c/WINDOWS/system32/cmd.exe
  • ✔️ WSL2_VM_IP="$(ifconfig eth0 | awk '/inet /{print substr($2, 1)}')"
  • ❌ iptables : you can use that in your wsl distribution for fixing iptables. update-alternatives --set iptables /usr/sbin/iptables-legacy
  • ✔️ ip route flush 0/0 && ip route add default via 192.168.67.1 dev eth1 It works ! You could use ip route add default via $VPNKIT_GATEWAY_IP dev $TAP_NAME ?

@LokiReborn
Copy link

@adpeyre Thanks for the hint, but I still cannot get it to work. I get

 sudo ./wsl-vpnkit
wslpath:
starting wsl-vpnkit
cleaning up iptables...
# Warning: iptables-legacy tables present, use iptables-legacy to see them
# Warning: iptables-legacy tables present, use iptables-legacy to see them
# Warning: iptables-legacy tables present, use iptables-legacy to see them
# Warning: iptables-legacy tables present, use iptables-legacy to see them
iptables cleanup done
restoring WSL 2 ip route...
RTNETLINK answers: File exists
RTNETLINK answers: File exists
restored WSL 2 ip route
starting gvproxy at /wsl-vpnkit/wsl-gvproxy.exe...
started gvproxy
waiting for dhcp...
INFO[0000] waiting for packets...
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/eth1/5a:94:ef:e4:0c:ee
Sending on   LPF/eth1/5a:94:ef:e4:0c:ee
Sending on   Socket/fallback
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 4 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 11 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12 (xid=0xebcf7321)
DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 20 (xid=0xebcf7321)
time="2023-01-18T14:47:59+01:00" level=info msg="new connection from remote to 41360"
DHCPOFFER of 192.168.67.3 from 192.168.67.1
DHCPREQUEST for 192.168.67.3 on eth1 to 255.255.255.255 port 67 (xid=0x2173cfeb)
DHCPACK of 192.168.67.3 from 192.168.67.1 (xid=0xebcf7321)
bound to 192.168.67.3 -- renewal in 1750 seconds.

But no connection to the internet... Did you get it working? I am on Ubuntu 22.04.01.

The issue appears to be with the way it's trying to remove and add the default route. You can run the these 2 commands manually and it will get it to work

route del default
route add default gw $(cat /etc/resolv.conf | sed -r 's/[^0-9]([0-9]+.[0-9]+.[0-9]+.[0-9]+)./\1/g')

@kohlerm
Copy link

kohlerm commented Jan 20, 2023

Yeah I had to install these packages:
uuid-runtime net-tools isc-dhcp-client udhcpc dnsutils

Did not know about "route del default" Thx!

@kohlerm
Copy link

kohlerm commented Jan 20, 2023

Anyone knows how to trigger WSL regenerating the /etc/resolv.conf file (which points to /wsl/resolv.conf) ?
I still got an incorrect entry for the name server after shutting down the script.
wsl --shutdown is a workaround, but not ideal.

@sakai135 sakai135 pinned this issue Jan 21, 2023
@sakai135
Copy link
Owner

Thanks for the info. I've pinned this issue, so it'll be a little bit more prominent for people that have similar issues.

I'll see about updating the readme and/or script so it works with the current default Ubuntu distro.

@nlvw
Copy link

nlvw commented Feb 14, 2023

With a Fedora / EL9 OS I used the following setup script with the assumption that systemd has already been enabled and configured.

#!/bin/bash

# Ensure Required Packages
dnf install -q -y --allowerasing coreutils gawk net-tools bash dhcp-client bind-utils

# Set PATH
PATH="$PATH:/mnt/c/WINDOWS/system32:/mnt/c/WINDOWS/System32/WindowsPowerShell/v1.0"

# Stop Service
systemctl stop wsl-vpnkit.service &>/dev/null || true

# Set Release
get_latest_release() {
	curl --silent "https://api.github.com/repos/$1/releases/latest" \
		| grep '"tag_name":' \
		| sed -E 's/.*"([^"]+)".*/\1/'
}
VERSION="$(get_latest_release sakai135/wsl-vpnkit)"

# Create Temp Directory
temp="$(mktemp -d)"
cd "$temp" || exit 22

# download wsl-vpnkit
wget https://github.com/sakai135/wsl-vpnkit/releases/download/$VERSION/wsl-vpnkit.tar.gz
tar --strip-components=1 -xf wsl-vpnkit.tar.gz app/wsl-vpnkit files/wsl-gvproxy.exe files/wsl-vm

# place Windows exe
USERPROFILE=$(wslpath "$(powershell.exe -c 'Write-Host -NoNewline $env:USERPROFILE')")
mkdir -p "$USERPROFILE/wsl-vpnkit"
#/bin/cp -f wsl-gvproxy.exe "$USERPROFILE/wsl-vpnkit/wsl-gvproxy.exe"

# place bin scripts
/bin/cp -f wsl-vm /usr/local/sbin/wsl-vm
/bin/cp -f wsl-vpnkit /usr/local/sbin/wsl-vpnkit
chmod 750 /usr/local/sbin/wsl-vm
chmod 750 /usr/local/sbin/wsl-vpnkit
chown root:root /usr/local/sbin/wsl-vm
chown root:root /usr/local/sbin/wsl-vpnkit

# Create SystemD Service File
cat <<-EOF > /etc/systemd/system/wsl-vpnkit.service
[Unit]
Description=WSL VPNKit To Bypass Cisco Anyconnect

[Service]
Type=simple
Environment=PATH=/root/.local/bin:/root/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/mnt/c/WINDOWS/system32:/mnt/c/WINDOWS/System32/WindowsPowerShell/v1.0:$USERPROFILE/wsl-vpnkit
ExecStart=/usr/local/sbin/wsl-vpnkit

[Install]
WantedBy=default.target
EOF

# Set Config File If Missing
config="$USERPROFILE/wsl-vpnkit/wsl-vpnkit.conf"
if [ ! -f "$config" ]; then
	cat <<-EOF > "$config"
		# Virtual interface name
		TAP_NAME=eth1

		# Network configuration
		VPNKIT_SUBNET=192.168.67.0/24
		VPNKIT_GATEWAY_IP=192.168.67.1
		VPNKIT_HOST_IP=192.168.67.2
		VPNKIT_LOWEST_IP=192.168.67.3
		DNS_IP=192.168.67.1

		# Debug logging for gvisor-tap-vsock
		VPNKIT_DEBUG=false

		# Connectivity test endpoints
		CHECK_DNS=1.1.1.1
		CHECK_HOST=google.com
	EOF
fi

# Start VPN Kit
systemctl daemon-reload
#systemctl enable --now wsl-vpnkit.service

# Cleanup
cd "$HOME"
rm -rf "$temp"

Only thing I haven't gotten working is automatic shutdown of WSL when no shells are logged in (Default behavior). The wsl-vpnkit service has to be stopped before the automatic shutdown behavior will work again. It's suppose to ignore systemd services but that doesn't seem to be the case here.

@sakai135 sakai135 linked a pull request Feb 17, 2023 that will close this issue
2 tasks
@scratchmex
Copy link

Do you know a workaround to get it running the standalone script on the latest Ubuntu? Installing the packages mentioned above does not work. It hangs on ip: RTNETLINK answers: File exists

@hgsantana
Copy link

Do you know a workaround to get it running the standalone script on the latest Ubuntu? Installing the packages mentioned above does not work. It hangs on ip: RTNETLINK answers: File exists

I'm having the exact same issue on Ubuntu-22.04.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants