so I was having issues with domain resolution with WSL whenever I use the VPN. I would get this:
ping: google.com: Temporary failure in name resolutionI tried following instructions from these answers Temporary Failure in name resolution on WSL
Specifically from this part:
Inside WSL2, create or append file: /etc/wsl.conf
Put the following lines in the file in order to ensure the your DNS changes do not get blown away
echo "[network]" | sudo tee /etc/wsl.conf echo "generateResolvConf = false" | sudo tee -a /etc/wsl.confIn a cmd window, run
wsl --shutdownStart WSL2
Run the following inside WSL2
sudo rm -rf /etc/resolv.conf sudo cat << EOF > /etc/resolv.conf search [yourbase.domain.local] nameserver 8.8.8.8 nameserver 1.1.1.1 EOF
However, I cannot seem to be able to edit the file /etc/resolv.conf as I would get zsh: permission denied: /etc/resolv.conf
I also don't know what it means [yourbase.domain.local] or with what I should be replacing it. I already messed up my domain resolution, and now I get the first error every time, even when my laptop is not connected to the VPN. I really need to know how to fix the config files that I modified
Edit: using muru's suggestion from the comments, I was able to fix the domain resolution with the command
sudo tee /etc/resolv.conf <<EOFHowever, I'd like to know if there is a solution for this error when I connect to a VPN. Since none of the solutions from the mentioned link didn't work for me.
41 Answer
Well, it's a different potential solution than I've seen before, but it's worked for some folks. I'm no longer on Cisco VPN, so I can't test it, but ...
There are two parts to resolving the issue:
- Fix Internet Connectivity
- Fix DNS resolution
In the comments, you confirmed that you also can't ping 8.8.8.8, which may mean that you haven't resolved the first part. However, I do see in this Github comment that ping just won't work at all with some AnyConnect settings, so perhaps that's not the best indicator.
Try:
wget (powershell.exe -c "(Resolve-DnsName -type a askubuntu.com)[0] | Select-Object -ExpandProperty IPAddress" | tr -d '\r')That's going to use PowerShell to resolve the IP Address for Ask Ubuntu, then attempt to wget from it. It should fail, but you should get back:
ERROR: cannot verify 151.101.129.69's certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:
...If not, then you probably really haven't resolve the connection issue. And until that is fixed, DNS resolution definitely won't work.
Try the 4th command there:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000Then try the wget above again. Any difference?
If not, then try (in this order):
Exit Ubuntu
Disconnect AnyConnect
wsl --shutdownfrom POwerShellStart Ubuntu
Connect to AnyConnect
Run (again):
In PowerShell:
Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000In Ubuntu:
wget (powershell.exe -c "(Resolve-DnsName -type a askubuntu.com)[0] | Select-Object -ExpandProperty IPAddress" | tr -d '\r')
If you do then have Internet connection, then follow the rest of the steps to try to fix the DNS resolution.
But for some users, this continues to be a problem.
Also see this gist for what may be a better guide. It's the same overall information, but slightly different order and implementation.
Possible Alternative - Run Ubuntu in WSL1
If your use-case for WSL supports it, WSL1 will typically run without issues when connect to a VPN. You can convert the instance from PowerShell via:
wsl -l -v
# Confirm distribution name, adjust commands as needed
wsl --export Ubuntu \windows\path\to\save\ubuntu.tar
wsl --set-version Ubuntu 1Or, if you'd like, you can wsl --import that backup into a new instance WSL1 instance via wsl --import UbuntuWSL1 \location\for\instance \path\to\ubuntu.tar --version 1
