WSL2 networkingMode=mirrored connection timed out when going over two VPNs

[marbaa]

Windows Version

Microsoft Windows [Version 10.0.22631.4317]

WSL Version

2.3.26.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

5.15.167.4-1

Distro Version

Debian 11

Other Software

No response

Repro Steps

1. Enable mirrored networking
2. Connect via VPN (Cisco AnyConnect)
3. Connect via second VPN (CheckPoint Securemote) - new routes for target networks are added
4. Make ssh from windows cmd - works
5. Make ssh from any WSL2 distro - connection timed out

We use AnyConnect to connect to company network. To access target servers, we need to further connect to other VPN with Checkpoint.
ssh to servers located on first VPN works with mirrored mode from WSL2 distro.
ssh to servers located behind second VPN doesn't work from WSL2 distro.

However ssh to servers behind second VPN works from windows cmd.

Routes from Windows are propagated into WSL2 distro, also destination ip is shown in route table through same gateway ip.
Doesn't matter in which order I connect to second VPN/wsl --shutdown.

Expected Behavior

Working ssh connection from WSL2 distro with mirrored network.

Actual Behavior

Timed out connection from WSL2 distro with mirrored network.

Diagnostic Logs

No response

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Open similar issues:

• openvpn connection stops working after upgraded to 2.0.9 with mirrored networking (#10879), similarity score: 0.80
• Starting VPN failed when WSL with networkingMode=mirrored is running (#10830), similarity score: 0.75

Closed similar issues:

• Unable to access VPN from WSL2 when networking mode set to mirrored (#11072), similarity score: 0.83
• Unable to use VPN routes from within WSL 2 (#7315), similarity score: 0.76
• Internet in WSL2 error when using mirrored network with firewall (#11585), similarity score: 0.75

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

[marbaa]

I'm unable to collect network logs as it is secured corporate notebook.

PS C:\> Get-NetRoute -DestinationPrefix "6.151.100.0/23"

ifIndex DestinationPrefix                              NextHop                                  RouteMetric ifMetric PolicyStore
------- -----------------                              -------                                  ----------- -------- -----------
46      6.151.100.0/23                                 10.128.0.1                                         1          ActiveStore


PS C:\>
PS C:\> ssh 6.151.101.242 -l test
This server was flagged as default-system on deployment.
[email protected]'s password:

WSL2:

$ ip r get 6.151.101.242
6.151.101.242 via 10.128.0.1 dev eth1 src 10.128.0.2 uid 1000
    cache
$ ssh 6.151.101.242
ssh: connect to host 6.151.101.242 port 22: Connection timed out
$
$ ip a s eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc mq state UP group default qlen 1000
    link/ether 54:73:cf:79:21:0f brd ff:ff:ff:ff:ff:ff
    inet 10.128.0.2/30 brd 10.128.0.3 scope global noprefixroute eth1

WSL2 tcpdump

$ sudo tcpdump -vni eth1
tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:49:51.118532 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.128.0.1 is-at 44:55:4d:4d:59:2d, length 28
20:49:52.072705 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.128.0.1 is-at 44:55:4d:4d:59:2d, length 28
20:49:57.308445 IP (tos 0x0, ttl 64, id 36368, offset 0, flags [DF], proto TCP (6), length 60)
    10.128.0.2.45103 > 6.151.101.242.22: Flags [S], cksum 0x7739 (incorrect -> 0x89a9), seq 1169495868, win 65500, options [mss 1310,sackOK,TS val 649860114 ecr 0,nop,wscale 7], length 0
20:49:58.311997 IP (tos 0x0, ttl 64, id 36369, offset 0, flags [DF], proto TCP (6), length 60)
    10.128.0.2.45103 > 6.151.101.242.22: Flags [S], cksum 0x7739 (incorrect -> 0x85bd), seq 1169495868, win 65500, options [mss 1310,sackOK,TS val 649861118 ecr 0,nop,wscale 7], length 0
20:50:00.391997 IP (tos 0x0, ttl 64, id 36370, offset 0, flags [DF], proto TCP (6), length 60)
    10.128.0.2.45103 > 6.151.101.242.22: Flags [S], cksum 0x7739 (incorrect -> 0x7d9d), seq 1169495868, win 65500, options [mss 1310,sackOK,TS val 649863198 ecr 0,nop,wscale 7], length 0
20:50:04.472098 IP (tos 0x0, ttl 64, id 36371, offset 0, flags [DF], proto TCP (6), length 60)
    10.128.0.2.45103 > 6.151.101.242.22: Flags [S], cksum 0x7739 (incorrect -> 0x6dad), seq 1169495868, win 65500, options [mss 1310,sackOK,TS val 649867278 ecr 0,nop,wscale 7], length 0
20:50:12.552164 IP (tos 0x0, ttl 64, id 36372, offset 0, flags [DF], proto TCP (6), length 60)
    10.128.0.2.45103 > 6.151.101.242.22: Flags [S], cksum 0x7739 (incorrect -> 0x4e1d), seq 1169495868, win 65500, options [mss 1310,sackOK,TS val 649875358 ecr 0,nop,wscale 7], length 0
20:50:29.192140 IP (tos 0x0, ttl 64, id 36373, offset 0, flags [DF], proto TCP (6), length 60)
    10.128.0.2.45103 > 6.151.101.242.22: Flags [S], cksum 0x7739 (incorrect -> 0x0d1d), seq 1169495868, win 65500, options [mss 1310,sackOK,TS val 649891998 ecr 0,nop,wscale 7], length 0
20:50:34.232018 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.128.0.1 tell 10.128.0.2, length 28
20:50:34.232355 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.128.0.1 is-at 44:55:4d:4d:59:2d, length 28
20:51:01.832147 IP (tos 0x0, ttl 64, id 36374, offset 0, flags [DF], proto TCP (6), length 60)
    10.128.0.2.45103 > 6.151.101.242.22: Flags [S], cksum 0x7739 (incorrect -> 0x8d9c), seq 1169495868, win 65500, options [mss 1310,sackOK,TS val 649924638 ecr 0,nop,wscale 7], length 0
20:51:06.871981 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.128.0.1 tell 10.128.0.2, length 28
20:51:06.872473 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.128.0.1 is-at 44:55:4d:4d:59:2d, length 28
20:51:35.300243 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.128.0.1 is-at 44:55:4d:4d:59:2d, length 28
20:51:37.408764 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.128.0.1 is-at 44:55:4d:4d:59:2d, length 28
20:51:38.410895 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.128.0.1 is-at 44:55:4d:4d:59:2d, length 28
^C
16 packets captured
16 packets received by filter
0 packets dropped by kernel

[OneBlue]

/logs

[marbaa]

WslLogs-2024-11-23_12-36-05.zip
Attached logs from collect-wsl-logs.ps1.

collect-networking-logs.ps1 is bugged. After i press any key, it produces some error and when creating zip file, it deletes all files without creating any final .zip file.

> .\collect-networking-logs.ps1

                                                                                                                                                                                                                                                                                                                Directory: C:\Users\xxx\Downloads                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          Mode                 LastWriteTime         Length Name                                                                                                                                                                                                                                                      ----                 -------------         ------ ----                                                                                                                                                                                                                                                      d-----      23. 11. 2024     12:48                WslNetworkingLogs-2024-11-23_12-48-43                                                                                                                                                                                                                     wsl_networking.wprp not found in the current directory. Downloading it from GitHub.                                                                                                                                                                                                                         networking.sh not found in the current directory. Downloading it from GitHub.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           Initializing data collection -- please wait.                                                                                                                                                                                                                                                                Initialization complete. Reproduce the scenario, then run 'capture stop'.                                                                                                                                                                                                                                   
Log collection is running. Please reproduce the problem and press any key to save the logs.
Saving logs...
/bin/bash: line 1: killall: command not found
Wait-Process : This command stopped operation because process "wsl (15872)" is not stopped in the specified time-out.
At C:\Users\xxx\Downloads\collect-networking-logs.ps1:264 char:13

Data collection successful; output = WslNetworkingLogs-2024-11-23_12-48-43/wfpdiag.cab

100%  [>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>]

ZipArchiveHelper : The process cannot access the file 'C:\Users\xxx\Downloads\WslNetworkingLogs-2024-11-23_12-48-43\tcpdump.log' because it is being used by another process.
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psm1:697 char:30
+ ... sArchived = ZipArchiveHelper $subDirFiles.ToArray() $destinationPath  ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (C:\Users\xxx...-43\tcpdump.log:String) [Write-Error], IOException
    + FullyQualifiedErrorId : CompressArchiveUnauthorizedAccessError,ZipArchiveHelper

New-Object : Exception calling ".ctor" with "1" argument(s): "Stream was not readable."
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Archive\Microsoft.PowerShell.Archive.psm1:808 char:38
+ ...     $srcStream = New-Object System.IO.BinaryReader $currentFileStream
+                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

Logs saved in: C:\Users\xxx\Downloads\WslNetworkingLogs-2024-11-23_12-48-43.zip

External window with running tcpdump is not closed automatically, however it doesn't show anything.

[github-actions]

Diagnostic information

.wslconfig found
Detected appx version: 2.3.26.0

[marbaa]

After I closed external tcpdump window manually, not by 'press any key' from window where script was exectuted, .zip file was created.
It has 28MB, can't upload it here.

[marbaa]

WslNetworkingLogs-2024-11-23_13-16-58.zip

[github-actions]

Diagnostic information

.wslconfig found
Detected appx version: 2.3.26.0
optional-components.txt not found

[lifetraveler]

try networkingmode=nat,say goodbye to mirrored

[ymuuuu]

try networkingmode=nat,say goodbye to mirrored

so it is like an update or smth that happened ? cause it used to work fine before ?