WSL icon indicating copy to clipboard operation
WSL copied to clipboard

Published 20 hours ago verified publisher icon microsoft

openvpn connection stops working after upgraded to 2.0.9 with mirrored networking

Open yongzhang opened this issue 1 year ago • 27 comments

Windows Version

Microsoft Windows [Version 10.0.22631.2715]

WSL Version

2.0.9

Are you using WSL 1 or WSL 2?

  • [X] WSL 2
  • [ ] WSL 1

Kernel Version

Linux version 5.15.133.1-microsoft-standard-WSL2 (root@1c602f52c2e4)

Distro Version

Ubuntu 22.04

Other Software

OpenVPN Connect 3.4.2

Repro Steps

  1. Update .wslconfig with below settings:
[experimental]
autoMemoryReclaim=gradual
sparseVhd=true
dnsTunneling=true
networkingMode=mirrored
hostAddressLoopback=true
  1. Connect OpenVPN and start wsl2
  2. telnet my internal ip address in vpn network from wsl2, I see timeout:
$ telnet 10.120.31.82 22
Trying 10.120.31.82...
telnet: Unable to connect to remote host: Connection timed out
  1. But telnet from windows cmd, I can telnet: image

Additional information:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00:15:5d:eb:59:b0 brd ff:ff:ff:ff:ff:ff
3: loopback0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:a0:d1:f0 brd ff:ff:ff:ff:ff:ff
4: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00:15:5d:4a:52:c8 brd ff:ff:ff:ff:ff:ff
5: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 08:8e:90:93:b8:cc brd ff:ff:ff:ff:ff:ff
    inet 10.140.97.86/20 brd 10.140.111.255 scope global noprefixroute eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::d8ec:c0a:e95a:116f/64 scope link nodad noprefixroute
       valid_lft forever preferred_lft forever
6: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:15:5d:09:f7:8c brd ff:ff:ff:ff:ff:ff
    inet 172.25.0.2/21 brd 172.25.7.255 scope global noprefixroute eth3
       valid_lft forever preferred_lft forever
7: br-31ee55146667: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:d8:22:99:c4 brd ff:ff:ff:ff:ff:ff
    inet 172.20.0.1/16 brd 172.20.255.255 scope global br-31ee55146667
       valid_lft forever preferred_lft forever
8: br-579eb2cdeae4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:43:61:bd:fe brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global br-579eb2cdeae4
       valid_lft forever preferred_lft forever
9: br-72e0a078af51: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:17:cb:3a:c2 brd ff:ff:ff:ff:ff:ff
    inet 172.23.0.1/16 brd 172.23.255.255 scope global br-72e0a078af51
       valid_lft forever preferred_lft forever
10: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:70:9c:c7:f3 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
       valid_lft forever preferred_lft forever
11: br-09be57e2d7d9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:a3:b0:89:3f brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-09be57e2d7d9
       valid_lft forever preferred_lft forever

eth2 has the ip address from my wifi adapter in windows, eth3 is the client ip assigned by openvpn server (172.25.0.0/21).

$ ip route show
default via 10.140.96.1 dev eth2 proto kernel metric 45
10.90.0.0/16 via 172.25.0.1 dev eth3 proto kernel metric 257
10.110.0.0/16 via 172.25.0.1 dev eth3 proto kernel metric 257
10.120.0.0/16 via 172.25.0.1 dev eth3 proto kernel metric 257
10.130.0.0/16 via 172.25.0.1 dev eth3 proto kernel metric 257
10.140.96.0/20 dev eth2 proto kernel scope link metric 301
10.140.96.1 dev eth2 proto kernel scope link metric 45
10.140.96.1 dev eth2 proto kernel scope link metric 301
<my vpn server public ip> via 10.140.96.1 dev eth2 proto kernel metric 301
169.254.0.0/16 dev eth2 scope link metric 1000
172.17.0.0/16 dev br-579eb2cdeae4 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev docker0 proto kernel scope link src 172.18.0.1 linkdown
172.19.0.0/16 dev br-09be57e2d7d9 proto kernel scope link src 172.19.0.1 linkdown
172.20.0.0/16 dev br-31ee55146667 proto kernel scope link src 172.20.0.1 linkdown
172.23.0.0/16 dev br-72e0a078af51 proto kernel scope link src 172.23.0.1 linkdown
172.25.0.0/21 dev eth3 proto kernel scope link metric 257
172.25.0.1 dev eth3 proto kernel scope link metric 257

Seems like nothing wrong with the routes?

PS: I also have cisco anyconnect vpn client which works very well with mirrored networking.

Expected Behavior

OpenVPN connection should work with mirrored networking

Actual Behavior

OpenVPN connection stopped working with mirrored networking

Diagnostic Logs

No response

yongzhang avatar Dec 06 '23 06:12 yongzhang

Could you please follow the steps below and attach the diagnostic logs? https://github.com/microsoft/WSL/blob/master/CONTRIBUTING.md#collect-wsl-logs-for-networking-issues

chanpreetdhanjal avatar Dec 06 '23 23:12 chanpreetdhanjal

Hi @yongzhang , currently OpenVPN does not work with mirrored mode. We are investigating where the root cause of this issue could be, for now I've labeled it as "External". Thanks for filing this!

craigloewen-msft avatar Dec 13 '23 19:12 craigloewen-msft

Hi @yongzhang , currently OpenVPN does not work with mirrored mode. We are investigating where the root cause of this issue could be, for now I've labeled it as "External". Thanks for filing this!

I've also encountered the same issue and am looking forward to a solution.

winterallen avatar Dec 16 '23 12:12 winterallen

Hello, OpenVPN is still not working in the latest build. @craigloewen-msft did you manage to investigate the cause?

Edit: so just the official OpenVPN clients (both versions 2 and 3) are affected. Other clients such as Viscosity work great

tomadimitrie avatar Mar 13 '24 18:03 tomadimitrie

Any updates on this?

ericellb avatar May 07 '24 16:05 ericellb

Other clients such as Viscosity work great

this is an interesting point. and in fact I can cause Viscosity to not work either if i change in its settings "Adapter type" to "Open TAP adapter (legacy)". for me this results in the same behaviour as using the open vpn client

dten avatar Sep 05 '24 18:09 dten

OpenVPN 2.4.7 works https://openvpn.net/community-downloads/ (it's from 2019)

2.4.8 breaks it

I had this theory from this other ticket about configuring MAC https://github.com/OpenVPN/tap-windows6/issues/97

dten avatar Sep 09 '24 11:09 dten

I can also go back and forth between 2.5.10 (not working) and 2.6.0 (working) as long as i restart wsl between with wsl.exe --shutdown I can actually upgrade to 2.6.12 which is the latest version as long as i restart wsl after installing

dten avatar Sep 09 '24 14:09 dten

stay tuned

DogeFlow avatar Sep 19 '24 02:09 DogeFlow

any update on this?

carlosrmendes avatar Oct 30 '24 14:10 carlosrmendes

@carlosrmendes did you find a workaround for this?

MohaAmiry avatar Nov 03 '24 09:11 MohaAmiry

@carlosrmendes did you find a workaround for this?

no, I downgraded openvpn to v2.4.7

carlosrmendes avatar Nov 04 '24 09:11 carlosrmendes

any solution or workaround ?

ymuuuu avatar Dec 20 '24 11:12 ymuuuu

any solution or workaround ?

The suggestions to downgrade OpenVPN to v2.4.7 work.

akamch avatar Dec 20 '24 12:12 akamch

any solution or workaround ?

The suggestions to downgrade OpenVPN to v2.4.7 work.

unfortunately, this has a lot of problems regarding the data ciphers for some config files, trying to edit this config to match the errors still does not work error : Options error: Unrecognized option or missing or extra parameter(s) in config.ovpn:14: data-ciphers (2.4.7) Use --help for more information.

ymuuuu avatar Dec 20 '24 13:12 ymuuuu

Upgrading openvpn also works (for me)

dten avatar Dec 20 '24 13:12 dten

Upgrading openvpn also works (for me)

which version ?

ymuuuu avatar Dec 20 '24 15:12 ymuuuu

I previously wrote 2.6.12 was working. I've since updated to later versions just fine

dten avatar Dec 20 '24 16:12 dten

I previously wrote 2.6.12 was working. I've since updated to later versions just fine

yea already tried that, unfortunately not working either :(

ymuuuu avatar Dec 20 '24 17:12 ymuuuu

Make sure to do WSL.exe --shutdown between attempts

dten avatar Dec 20 '24 18:12 dten

Turn on the OpenVPN DCO option and it works fine

CoalYa avatar Dec 27 '24 09:12 CoalYa

WSL Version: 2.1.5.0

Installing

OpenVPN Connect 3.6.0 (4074) bundled with OpenVPN Core 3.10.5

Setting in advanced settings via OpenVPN Connect GUI:

Security Level - Preffered
Enable DCO - True
Allow using local dns Resolvers - True

and restarting wsl

wsl --shutdown
wsl

solved the issue for me

dr1nf3rn0 avatar Jan 10 '25 14:01 dr1nf3rn0

For anyone using openvpn community on windows, I find the new Wintun driver works.

Just add a line to your ovpn config file:

windows-driver wintun

Cheers

ly4096x avatar Feb 23 '25 01:02 ly4096x

For anyone using openvpn community on windows, I find the new Wintun driver works.

Just add a line to your ovpn config file:

windows-driver wintun

Cheers

Thanks ! The method you suggested worked on my machine. Thank you again.

CyberWa1ker avatar Feb 24 '25 07:02 CyberWa1ker

the new Wintun driver works.

Just add a line to your ovpn config file:

windows-driver wintun

The limitation is that it does not support TAP interfaces, only TUN.

yoctozepto avatar Feb 24 '25 08:02 yoctozepto

https://github.com/microsoft/WSL/issues/10879#issuecomment-2676499999

I'm using OpenVpn GUI 11.14 and when I change ovpn config, then I can't connect because it gives me an error.

What I have to do?

jromagos avatar Feb 24 '25 22:02 jromagos

For anyone using openvpn community on windows, I find the new Wintun driver works.

Just add a line to your ovpn config file:

windows-driver wintun

Cheers

This seems to work on latest WSL Ubuntu 22.04 along with enabling systemd boot in /etc/wsl.conf and using OpenVPN 2.7.

Windows localhost servers are accessible from WSL, WSL localhost servers are accessible from Windows, and WSL can also access the Internet over OpenVPN.

mvx-team avatar Jun 07 '25 01:06 mvx-team

WSL Version: 2.1.5.0

Installing

OpenVPN Connect 3.6.0 (4074) bundled with OpenVPN Core 3.10.5

Setting in advanced settings via OpenVPN Connect GUI:

Security Level - Preffered
Enable DCO - True
Allow using local dns Resolvers - True

and restarting wsl

wsl --shutdown
wsl

solved the issue for me

ur a livesaver, thank u

rtabulov avatar Sep 17 '25 12:09 rtabulov

WSL Version: 2.1.5.0

Installing

OpenVPN Connect 3.6.0 (4074) bundled with OpenVPN Core 3.10.5

Setting in advanced settings via OpenVPN Connect GUI:

Security Level - Preffered
Enable DCO - True
Allow using local dns Resolvers - True

and restarting wsl

wsl --shutdown
wsl

solved the issue for me

This also solved my problem, thank you.

winterallen avatar Oct 27 '25 08:10 winterallen