WSL2 issues – and how to fix some of them

I have been waiting in anticipation for WSL2 (Windows Subsystem for Linux) and on May 28th when the update released for general availability I updated immediately.

At first I was super hyped. WSL2 and the Ubuntu 20.04 image just worked and ran smoothly and quickly. Combined it with the release version of Windows Terminal it was a real delight.

I also went and grabbed Docker Desktop for Windows as it now has support for WSL2 as the underlying system. And joy it just installed and worked. Now being capable of running Docker containers directly from my shell without doing some of doing it the way I did before having a Ubuntu VM running in VMware Workstation and connecting to it via docker-machine on my WSL1 Ubuntu image. A hassle to get to work and not a very smooth operation.

Having the option to just start Docker containers is amazing!

But then I had to get some actual work done and booted up VMware Workstation to boot a VM. And it failed. With a Device Guard error. I followed the guides and attempted to disable Device Guard to no avail. Then it dawned on my. WSL2 probably enables the Hyper-V role! And that is exactly what happened.

Hyper-V and Workstation (or VirtualBox for that matter) do not mix well – that is until VMware released Workstation 15.5.5 to fix this exact problem just the day after WSL2 released. Perfect timing!

Simple fix – just update Workstation to 15.5.5 and reboot and WSL2 and Workstation now coexisted fine!

I played a bit more with WSL2 in the following days but ended up hitting some wierd issues where networking would stop working in the WSL2 image. No real fixes found. Many indicate DNS issues and stuff like that. Just Google “WSL2 DNS not working” and look at the mountains of issues.

But I suspected something else because DNS not working was just a symptom – routing out of the WSL2 image was not working. Pinging IPs outside the image did not work. Not even the gateway IP. And if the default gateway is not working of course DNS is not working.

I found that restarting fixed the issue so got past it that way but today it was back. I was very interested in figuring out what happened. And then I realized the potential problem and tested the fix. I was connected to my work network via Cisco AnyConnect. I tried disconnecting from VPN and testing connectivity in WSL again – now it works. Connected to VPN again and connectivity was gone.

Okay – source found – what’s the fix? I found this thread on Github that mentions issues with other VPN providers even when not connected. Looking through the comments I found a reference to a different issue of the same problem but regarding AnyConnect specifically.

I looked through the comments and many fixes around changing DNS IP and other things but the fix that seem to do the trick was running the following two lines of Powershell in an elevated shell after connecting to VPN

Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" | Set-NetIPInterface -InterfaceMetric 1
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

Those two lines change the Interface Metric so that the WSL interface has a higher priority than the VPN connection. This inadvertently also fixed an issue that I had with local breakout when on VPN not working correctly.

Downside of the fix is that this needs to be run every time you connect to VPN. I implemented a simple Powershell function in my profile so I just have to open an elevated shell and type “Fix-WSLNet”.

That is all for now!

13 Replies to “WSL2 issues – and how to fix some of them”

  1. I’m grateful that you took the time to describe this. I had exactly the same issue with AnyConnect and WSL2 and would have reverted to WSL1 without your explanation.

    • Hi Iain,

      Thanks for the feedback – glad I could help you out. I was pretty frustrated as well!

      Side effect of this is that the same fix also fixes a problem with breakout to local LAN that had been bugging me 🙂

  2. Hi,
    Thanks for this insightful post. It helped a lot. Could you please share your “Fix-WSLNet” function with us?


    • Sure thing – it is not something overly complicated and you should validate that the names of the interfaces match the names on your machine.

      function Fix-WSLNet
      Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" | Set-NetIPInterface -InterfaceMetric 1
      Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

  3. Thanks a lot! I had tried everything (edited the resolv.conf so many times!) and this finally worked! I hope this makes it to the top of search results

  4. Hi i am having this same issue but the solution didnt work for me.

    Get-NetIPInterface -InterfaceAlias “vEthernet (WSL)” | Set-NetIPInterface -InterfaceMetric 1
    Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match “Citrix Virtual Adapter”} | Set-NetIPInterface -InterfaceMetric 6000

    I cant ping my default gateway either

    default via dev eth0 dev eth0 proto kernel scope link src

    • Hi Eugene,

      Strange – Have you made sure that the two interfaces are correctly named? The solution provided works for Cisco AnyConnect and can see that you are using Citrix VPN client instead. Possibly there could be other interfaces that are interfering aswell. I am not in a position to test the setup you run to validate if it works unfortunately. If you hit up the WSL Github Issues page you will see that there are several issues pertaining to network that can fail maybe one of those are more applicable for your case?

      Best regards!

  5. This works but … I had to set VPN DNS settings in /etc/resolv.conf every time I connected. So, 1) use Fix-WSLNet, 2) created and every time I connect, copy over VPN DNS settings to /etc/resolv.conf.

  6. Thanks a lot. I use a GlobaIProtect VPN client and the PS scipt works well with it as well. I was very frustrated with this feature.

    • Glad it worked for you. It was the same for me. Looked at a lot of solutions but only by combining the two presented here did it work for me so decided to share 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.