microsoft
OpenVPN network is not accessible in WSL when connection established from (Windows Host OpenVPN Application), it is accessible only if the connection established inside WSL2 container.
Windows Version
Microsoft Windows [Version 10.0.22631.5699]
WSL Version
2.5.9.0
Are you using WSL 1 or WSL 2?
- [x] WSL 2
- [ ] WSL 1
Kernel Version
6.6.87.2-1
Distro Version
Kali 2025.1
Other Software
OpenVPN v3.7.2 (4253)
Repro Steps
i used Hack The Box OpenVPN File from https://app.hackthebox.com/starting-point
1- try to run any openVPN file on windows host. 2- ping any available IP on the VPN from within the WSL terminal. 3- you will notice the target IP is unreachable.
as we see in the image below, the openVPN is connected using "Windows OpenVPN App", yet the WSL can't reach the target IP.
then run the same openVPN file from within the WSL terminal.
1- use the command sudo openvpn --config /path/to/vpnFile.ovpn
2- try to ping any available IP on the VPN from within the WSL terminal.
3- the target IP will answer.
in the following image, i ran the same VPN file from within the WSL comtainer, not the Windows OpenVPN App, then used ping command and the target IP was reachable.
Expected Behavior
i expect to Run VPN files from the windows host (not the WSL), and access the VPN from both windows and WSL at the same time.
Actual Behavior
i can't access VPN in WSL if the connection is established from the Windows host. WSL can access VPN only and only if the connection is established from the WSL container it self.
Diagnostic Logs
The File is 99MB so it github rejected the upload, so i uploaded it to google drive: WSLNetworkingLogsDriveURL.zip
here is a dummy file for github bot WslNetworkingLogs-2025-07-26_18-20-19.zip
Logs are required for review from WSL team
If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'. Otherwise, please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.
How to collect WSL logs
Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:
Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1
The script will output the path of the log file once done.
If this is a networking issue, please use collect-networking-logs.ps1, following the instructions in Collect WSL logs for networking issues
Once completed please upload the output files to this GitHub issue.
See Collect WSL logs (recommended method).
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
No logs.etl found in the archive. Make sure that you ran collect-wsl-logs.ps1 as administrator and that the logs.etl file is in the archive.
Diagnostic information
Issue was edited and new log file was found: https://github.com/user-attachments/files/21452497/WslNetworkingLogs-2025-07-26_18-20-19.zip
appxpackage.txt not found
optional-components.txt not found
No logs.etl found in archive.
Error while parsing the logs. See action page for details
No logs.etl found in the archive. Make sure that you ran collect-wsl-logs.ps1 as administrator and that the logs.etl file is in the archive.
Diagnostic information
Issue was edited and new log file was found: https://github.com/user-attachments/files/21452513/WslNetworkingLogs-2025-07-26_18-20-19.zip
appxpackage.txt not found
optional-components.txt not found
No logs.etl found in archive.
Error while parsing the logs. See action page for details
Diagnostic information
Found '/question', adding tag 'question'
Run this in Windows CMD or PowerShell:
route print
Look for the interface used by your VPN (often labeled OpenVPN TAP adapter) and note:
The interface IP address (e.g., 10.10.14.247)
The VPN network/subnet (e.g., 10.129.0.0/24) or it can be /26 or /28
In WSL, run:
cat /etc/resolv.conf
Look for the line like:
nameserver 172.22.64.1
This is the Windows Host IP address. WSL sees this as the DNS resolver, so any ping goes through that but only for the main interface (your wifi/ethernet adapter)
Add a Static Route in WSL
Suppose your VPN subnet is 10.129.0.0/24 and nameserver is 172.22.64.1
Run this inside WSL:
sudo ip route add 10.8.0.0/24 via 172.22.64.1
WSL will run your ping for subnet 10.8.0.0/24 through the Windows Host.
Now traffic to the VPN subnet will go through Windows, using the HTB VPN tunnel.
Try this and let me know how it goes.
https://learn.microsoft.com/en-us/windows/wsl/networking#auto-proxy
This might work as well
Run this in Windows CMD or PowerShell:
route printLook for the interface used by your VPN (often labeled OpenVPN TAP adapter) and note: The interface IP address (e.g., 10.10.14.247) The VPN network/subnet (e.g., 10.129.0.0/24) or it can be /26 or /28In WSL, run:
cat /etc/resolv.confLook for the line like:nameserver 172.22.64.1This is the Windows Host IP address. WSL sees this as the DNS resolver, so any ping goes through that but only for the main interface (your wifi/ethernet adapter)Add a Static Route in WSL Suppose your VPN subnet is 10.129.0.0/24 and nameserver is 172.22.64.1 Run this inside WSL:
sudo ip route add 10.8.0.0/24 via 172.22.64.1WSL will run your ping for subnet 10.8.0.0/24 through the Windows Host. Now traffic to the VPN subnet will go through Windows, using the HTB VPN tunnel.Try this and let me know how it goes.
i've been testing with what you said and it didn't work.. so i will go through what i did:
1- this is my /etc/resolv.conf
nameserver 10.2.0.1
nameserver 192.168.1.1
so the nameserver is 10.2.0.1, i think the second nameserver is secondary in case the first fails to resolve.
2- my VPN IP address is 10.10.14.113 and the Subnet is 10.10.14.0/23 as the image below states.
3- i've ran sudo ip route add 10.10.14.0/23 via 10.2.0.1, then printed the routes.. as the image below states, the route is added correctly!
4- i've tried to ping the target, which is 10.129.108.102, while being online (connected to the VPN), but the ping didn't work from within the WSL
target Image:
ping image:
from within WSL
from windows Host
Using autoProxy
i was using the autoProxy, DNSTunelling features even before asking this question, it didn't work too
In mirror mode, encountered the same issue, now can only connect to openvpn within WSL to play hackthebox.
- wsl
- windows
In mirror mode, encountered the same issue, now can only connect to openvpn within WSL to play hackthebox.
- wsl
- windows
This is what i do to overcome this issue, but it isn't a solution, as i use WSL to extend my toolset on domains other than HTB, i used HTB because it is the only public domain i know i can demonstrate this issue on.
Same goes for Anyconnect, and other VPN solutions. I have exactly the same issue.
Same issue here. I tried networking=mirror, dnstunelling and autoProxy and they didn't work. Now I have to use openvpn command inside WSL to make it work.
