You have installed WSL successfully on your machine only to find out that you cannot connect to the internet. I have encountered this problem before sometimes it can be fixed externally, but from my experience, no matter what you do, you will end up having to mock around with the resolv.conf file within WSL, more on that later.
You may encounter an internet issue in WSL when the network administrator had configured Windows Defender to not allow local fire rules to be merged with rules applied at the enterprise level. You can confirm that this is applicable to you by searching for Windows Defender Firewall with Advance Security on the start menu, then going to Action, then Properties, under properties switching to the Public Profile tab, then clicking customize under settings. Now look under “Rule Merging”, if these options are set to no, then you will not be able to connect from WSL.
Your first option here is to talk to the network administrator, and see if they can change the rule. If they can, then great if not then you will have to follow the guide at the end of this blog post.
Another way you can encounter this issue is when you actually have internet access but you cannot connect to resources behind a VPN. As of October 2022, the only solution that I am aware of that works is modifying the resolve.conf file within WSL. Keep an eye on the following GitHub issues,5068,4277, 1350, I’m hoping that this problem is eventually fixed and becomes a setting that can be applied when WSL is installed.
Before I get into the solution I would like to explain what is happening. When you launch WSL by default it is configured to write a resolv.config file in the /etc directory. This file is what controls DNS resolution in WSL. You can see the contect of the file by running the following command from WSL
The content of the file resembles the following code snippet.
Where nameserver point to the IP of your machine. What needs to be done is to change the nameserver to point to another DNS provider like 126.96.36.199 (Google) or 188.8.131.52 (Cloudflare), before that, the setting that makes WSL generates a new resolv.config on starts needs to be changed, otherwise, you would lose your settings on every boot of WSL.
The first step in getting internet in WSL is to update the file wsl.conf located in the /etc directory. This file applies WSL setting per WSL distribution, if you would like to apply a setting across all distributions then you will need to modify the .wslconfig file. For more information, visit Advanced settings configuration in WSL.
Back to wsl.cofig, run the following command to modify the file.
If this is your first time opening this file then it is more than likely empty, if not delete the content and replace it with the following code snippet.
Save the file and exit nano.
Time to update the resolv.conf file, you can open the file by running the following code snippet
Change the nameserver to your desired provider, in my case I prefer 184.108.40.206 from Cloudflare, so my file ends up looking like the following code snippet.
Save and exit nano. Run a ping command.
You should get back a response similar to the code snippet below.
Congratulations, you have internet access.
Important, to make these changes permanent you will need to shut down WSL. On a shell/terminal from the host machine, not WSL, run the following command.
Wait a few seconds, then open WSL again, and confirm that you still have internet access, if not double-check yourself, and start by confirming that a new instance of WSL did not reset the resolv.conf file.
Oh, right. You followed the instructions above and were able to restore internet access within WSL. However, you still cannot connect to resources that are behind a VPN. The solution to this problem is simple, you have to add the IP of your VPN provider.
On a shell/terminal on the host machine, not WSL, run nslookup while connected to the VPN, this is essential, you must be connected to the VPN.
The command should output a result that is similar to the following code snippet.
Copy the IP address, open WSL, and run the following command to open resolv.conf
Update the content by adding another nameserver, you can put it before or after doesn’t matter. You should note though that there is a 5-second timeout in WSL. So if you look up some DNS and the first server doesn’t find it, it will take about 5 seconds for the first DNS server to time out, then the second DNS server will do a DNS lookup.
After updating the resolv.conf file, the content may look similar to the following code snippet. Where YY.Y.YYY.YY represents the IP obtained from the nslookup command.
Do another ping against google to confirm the internet is still accessible, then do another ping against a resource that seats behind the VPN.
Both ping commands should work.