-
-
Save ikorchynskyi/3d3e660d410e06ea5e9cb52c9938b97c to your computer and use it in GitHub Desktop.
Revisions
-
pyther revised this gist
Feb 4, 2021 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,15 +20,15 @@ At this point you should have connectivity in your container (but without name r Once connected the VPN determine the DNS servers that are configured: ```powershell PS C:\Users\gyurgyik> (Get-NetAdapter | Where-Object InterfaceDescription -like "Cisco AnyConnect*" | Get-DnsClientServerAddress).ServerAddresses 10.10.0.124 10.10.0.132 ``` Update /etc/resolv.conf ```shell N-20S5PF20MB4R:~$ cat /etc/resolv.conf nameserver 10.10.0.124 nameserver 10.10.0.132 ``` Verify Connectivity -
Feb 4, 2021 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -20,15 +20,15 @@ At this point you should have connectivity in your container (but without name r Once connected the VPN determine the DNS servers that are configured: ```powershell PS C:\Users\gyurgyik> (Get-NetAdapter | Where-Object InterfaceDescription -like "Cisco AnyConnect*" | Get-DnsClientServerAddress).ServerAddresses 1.1.1.1 1.0.0.1 ``` Update /etc/resolv.conf ```shell N-20S5PF20MB4R:~$ cat /etc/resolv.conf nameserver 1.1.1.1 nameserver 1.0.0.1 ``` Verify Connectivity -
Jan 28, 2021 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -112,6 +112,7 @@ We will create two tasks. The first task, will configure the interface metric wh * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2010` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2061` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2041` * At log on: At log on of $USER * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-WindowStyle Hidden -NonInteractive -ExecutionPolicy Bypass -File %HOMEPATH%\wsl\scripts\setDns.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 4. Test: Connect to the VPN, a powershell window should pop-up briefly -
Jan 4, 2021 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,7 @@ # WSL 2 Cisco AnyConnect Networking Workaround ## Overview WSL 2 uses a Hyper-V Virtual Network adapter. Network connectivity works without any issue when a VPN is not in use. However when a Cisco AnyConnect VPN session is established Firewall Rules and Routes are added which breaks connectivity within the WSL 2 VM. This issue is tracked [WSL/issues/4277](https://github.com/microsoft/WSL/issues/4277) Below outline steps to automatically configure the Interface metric on VPN connect and update DNS settings (/etc/resolv.conf) on connect/disconnect. -
Dec 31, 2020 . 1 changed file with 5 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -90,27 +90,28 @@ Windows Scheduled Tasks allows you to trigger an action when a certain log event We will create two tasks. The first task, will configure the interface metric when the VPN connects. The second task, will execute the dns update script inside of your Linux VM when the VPN Connects and Disconnects. #### Cisco AnyConnect Events - 2039: VPN Established and Passing Data - 2061: Network Interface for the VPN has gone down - 2010: VPN Termination - 2041: The entire VPN connection has been re-established. #### Procedure 1. Open Task Scheduler 2. Create a Folder called `WSL` (Optional, but easier to find rules later) 3. Create Rules 1. Update AnyConnect Adapter Interface Metric for WSL2 * General: Check: Run with highest privileges * Triggers: * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2041` * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-WindowStyle Hidden -NonInteractive -ExecutionPolicy Bypass -File %HOMEPATH%\wsl\scripts\setCiscoVpnMetric.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 2. Update DNS in WSL2 Linux VMs * Triggers: * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2010` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2061` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2041` * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-WindowStyle Hidden -NonInteractive -ExecutionPolicy Bypass -File %HOMEPATH%\wsl\scripts\setDns.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 4. Test: Connect to the VPN, a powershell window should pop-up briefly -
Dec 28, 2020 . 1 changed file with 57 additions and 25 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,33 +6,66 @@ WSL 2.0 uses a Hyper-V Virtual Network adapter. Network connectivity works witho Below outline steps to automatically configure the Interface metric on VPN connect and update DNS settings (/etc/resolv.conf) on connect/disconnect. ## Manual Configuration ### Set Interface Metrics After connecting to the VPN, you'll want to modify the Interface Metric of the Cisco VPN Adapter ```powershell PS C:\Users\gyurgyik> Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000 ``` Run the following command in Powershell with Administrative permission. At this point you should have connectivity in your container (but without name resolution). You can test this by running `ping 8.8.8.8`. ### Set DNS servers in Linux VM Once connected the VPN determine the DNS servers that are configured: ```powershell PS C:\Users\gyurgyik> (Get-NetAdapter | Where-Object InterfaceDescription -like "Cisco AnyConnect*" | Get-DnsClientServerAddress).ServerAddresses 135.5.25.53 135.5.25.16 ``` Update /etc/resolv.conf ```shell N-20S5PF20MB4R:~$ cat /etc/resolv.conf nameserver 135.5.25.53 nameserver 135.5.25.16 ``` Verify Connectivity ```shell ping google.com -c 4 ``` ## Automatic Configuration ### Create Scripts Save the following scripts to `%homepath%\wsl\scripts` #### setCiscoVpnMetric.ps1 ```powershell Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000 ``` #### setDns.ps1 ```powershell $dnsServers = (Get-NetAdapter | Where-Object InterfaceDescription -like "Cisco AnyConnect*" | Get-DnsClientServerAddress).ServerAddresses -join ',' $searchSuffix = (Get-DnsClientGlobalSetting).SuffixSearchList -join ',' function set-DnsWsl($distro) { if ( $dnsServers ) { wsl.exe -d $distro -u root /opt/wsl_dns.py --servers $dnsServers --search $searchSuffix } else { wsl.exe -d $distro -u root /opt/wsl_dns.py } } set-DnsWsl fedora ``` #### wsl_dns.py Download from: https://gist.github.com/pyther/20bba4aee1a7e1485dd065adbf736891/raw/bb00f46d30da1b1eb7ba0fec4e6946a654c7b186/wsl_dns.py ### Disable WSL Resolv Update For each Linux instance: 1. Disable automatic updating of resolv.conf by WSL @@ -44,12 +77,11 @@ For each Linux instance: ``` 2. Restart/Shutdown WSL: `wsl --shutdown` (WARNING: this will kill all current sessions!) ### Copy wsl_dns.py to Linux VMs For each VM, run: ```shell $ cp /mnt/c/Users/$username/wsl/scripts/wsl_dns.py /opt/wsl_dns.py $ chmod +x /opt/wsl_dns.py ``` ### Create Scheduled Tasks @@ -72,16 +104,16 @@ We will create two tasks. The first task, will configure the interface metric wh 1. Update AnyConnect Adapter Interface Metric for WSL2 * General: Check: Run with highest privileges * Triggers: On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-WindowStyle Hidden -NonInteractive -ExecutionPolicy Bypass -File %HOMEPATH%\wsl\scripts\setCiscoVpnMetric.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 2. Update DNS in WSL2 Linux VMs * Triggers: * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2010` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2061` * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-WindowStyle Hidden -NonInteractive -ExecutionPolicy Bypass -File %HOMEPATH%\wsl\scripts\setDns.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 4. Test: Connect to the VPN, a powershell window should pop-up briefly ## FAQ Q: Does traffic orginating from the Linux VM still route through the VPN?\ -
Dec 24, 2020 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -60,8 +60,9 @@ We will create two tasks. The first task, will configure the interface metric wh #### Cisco AnyConnect Events - 2127: VPN Adapter Configuration - 2080: Host Configuration - 2057: Automatic Configuration of Routing Table - 2039: VPN Established and Passing Data - 2061: Network Interface for the VPN has gone down - 2010: VPN Termination #### Procedure @@ -77,6 +78,7 @@ We will create two tasks. The first task, will configure the interface metric wh * Triggers: * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2010` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2061` * Action: Start a program, Program: `wsl.exe`, Add arguments: `-d fedora -u root /opt/wsl_dns.py` * Condition: Uncheck: Start the task only if the computer is on AC power 4. Test: Connect to the VPN, a powershell windown and command prompt window (wsl) should pop-up briefly -
Dec 22, 2020 . 1 changed file with 5 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,16 +37,17 @@ $ /opt/wsl_dns.py For each Linux instance: 1. Disable automatic updating of resolv.conf by WSL ``` $ cat <<EOF > /etc/wsl.conf [network] generateResolvConf = false EOF ``` 2. Restart/Shutdown WSL: `wsl --shutdown` (WARNING: this will kill all current sessions!) ### Create Powershell Script Create a powershell script for the Interface Metric command %HOMEPATH%/wsl/UpdateAnyConnectMetric.ps1 ``` Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000 ``` @@ -65,12 +66,12 @@ We will create two tasks. The first task, will configure the interface metric wh #### Procedure 1. Open Task Scheduler 2. Create a Folder called `WSL` (Optional, but easier to find rules later) 3. Create Rules 1. Update AnyConnect Adapter Interface Metric for WSL2 * General: Check: Run with highest privileges * Triggers: On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-ExecutionPolicy Bypass -File %HOMEPATH%\wsl\UpdateAnyConnectMetric.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 2. Update DNS in WSL2 Linux VMs * Triggers: -
Dec 11, 2020 . 1 changed file with 4 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -91,4 +91,7 @@ Q: Can the Linux VM communicate with Windows?\ A: No, it appears a firewall rule is preventing traffic between Windows and the Linux VM. Q: Can I still run WSL1 instances?\ A: Yes, you can run WSL1 and WSL2 insatnces simutaneously Q: How do I revert/disable these changes?\ A: Disable scheduled Tasks, remove/modify `/etc/wsl.conf` from each WSL Instance, Reboot -
Dec 11, 2020 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -17,8 +17,9 @@ You'll need to run the following command in a Powershell session with Administra At this point you should have connectivity in your container (but no dns/name resolution). You can test this by running `ping 8.8.8.8`. ### DNS Update Script You'll need to install the `/opt/wsl_dns.py` script for each Linux VM/instance.\ The script is located here: https://gist.github.com/pyther/20bba4aee1a7e1485dd065adbf736891\ The script needs python3, make sure python3 is installed. #### Install: ``` @@ -43,7 +44,7 @@ For each Linux instance: 2. Restart/Shutdown WSL: `wsl --shutdown` (WARNING: this will kill all current sessions!) ### Create Powershell Script Create a powershell script for the Interface Metric command %HOMEPATH%/UpdateAnyConnectMetric.ps1 ``` -
Dec 11, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -45,7 +45,7 @@ For each Linux instance: ### Create Powershell Script Create a powershell script for the Interface Metric command, I decided to store mine in `C:/Users/$USER/UpdateAnyConnectMetric.ps1` %HOMEPATH%/UpdateAnyConnectMetric.ps1 ``` Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000 ``` -
Dec 11, 2020 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,9 +34,9 @@ $ /opt/wsl_dns.py ## Automate ### Disable WSL Resolv Update For each Linux instance: 1. Disable automatic updating of resolv.conf by WSL ``` $ cat /etc/wsl.conf [network] generateResolvConf = false ``` -
Dec 11, 2020 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -34,8 +34,8 @@ $ /opt/wsl_dns.py ## Automate ### Disable WSL Resolv Update For each Linux instance: 1. Disable automatic updating of resolv.conf by WSL\ /etc/wsl.conf ``` [network] generateResolvConf = false -
Dec 11, 2020 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -35,11 +35,11 @@ $ /opt/wsl_dns.py ### Disable WSL Resolv Update For each Linux instance: 1. Disable automatic updating of resolv.conf by WSL /etc/wslconf ``` [network] generateResolvConf = false ``` 2. Restart/Shutdown WSL: `wsl --shutdown` (WARNING: this will kill all current sessions!) ### Create Powershell Script -
Dec 11, 2020 . 1 changed file with 4 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -80,18 +80,14 @@ We will create two tasks. The first task, will configure the interface metric wh 4. Test: Connect to the VPN, a powershell windown and command prompt window (wsl) should pop-up briefly ## FAQ Q: Does traffic orginating from the Linux VM still route through the VPN?\ A: Yes, I believe so. I did not see any leaked traffic when running a tcpdump on my router. Q: Are VPN resources accessible from the Linux VM?\ A: Yes Q: Can the Linux VM communicate with Windows?\ A: No, it appears a firewall rule is preventing traffic between Windows and the Linux VM. Q: Can I still run WSL1 instances?\ A: Yes, you can run WSL1 and WSL2 insatnces simutaneously -
Dec 11, 2020 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -81,13 +81,17 @@ We will create two tasks. The first task, will configure the interface metric wh ## FAQ Q: Does traffic orginating from the Linux VM still route through the VPN? A: Yes, I believe so. I did not see any leaked traffic when running a tcpdump on my router. Q: Are VPN resources accessible from the Linux VM? A: Yes Q: Can the Linux VM communicate with Windows? A: No, it appears a firewall rule is preventing traffic between Windows and the Linux VM. Q: Can I still run WSL1 instances? A: Yes, you can run WSL1 and WSL2 insatnces simutaneously -
Dec 11, 2020 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -55,13 +55,14 @@ Windows Scheduled Tasks allows you to trigger an action when a certain log event We will create two tasks. The first task, will configure the interface metric when the VPN connects. The second task, will execute the dns update script inside of your Linux VM when the VPN Connects and Disconnects. #### Cisco AnyConnect Events - 2127: VPN Adapter Configuration - 2080: Host Configuration - 2039: VPN Established and Passing Data - 2057: Automatic Configuration of Routing Table - 2010: VPN Termination #### Procedure 1. Open Task Scheduler 2. Create a Folder called `WslAnyConnect` (Optional, but easier to find rules later) 3. Create Rules -
Dec 11, 2020 . 1 changed file with 11 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -65,19 +65,17 @@ Cisco AnyConnect Events 1. Open Task Scheduler 2. Create a Folder called `WslAnyConnect` (Optional, but easier to find rules later) 3. Create Rules 1. Update AnyConnect Adapter Interface Metric for WSL2 * General: Check: Run with highest privileges * Triggers: On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-ExecutionPolicy Bypass -File %HOMEPATH%\UpdateAnyConnectMetric.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 2. Update DNS in WSL2 Linux VMs * Triggers: * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2010` * Action: Start a program, Program: `wsl.exe`, Add arguments: `-d fedora -u root /opt/wsl_dns.py` * Condition: Uncheck: Start the task only if the computer is on AC power 4. Test: Connect to the VPN, a powershell windown and command prompt window (wsl) should pop-up briefly ## FAQ -
Dec 11, 2020 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -66,11 +66,13 @@ Cisco AnyConnect Events 2. Create a Folder called `WslAnyConnect` (Optional, but easier to find rules later) 3. Create Rules 1. Update AnyConnect Adapter Interface Metric for WSL2 * General: Check: Run with highest privileges * Triggers: On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-ExecutionPolicy Bypass -File %HOMEPATH%\UpdateAnyConnectMetric.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 2. Update DNS in WSL2 Linux VMs * Triggers: * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2010` -
Dec 11, 2020 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,7 +14,7 @@ Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect" ``` You'll need to run the following command in a Powershell session with Administrative permission. At this point you should have connectivity in your container (but no dns/name resolution). You can test this by running `ping 8.8.8.8`. ### DNS Update Script You'll need to install the `/opt/wsl_dns.py` script for each Linux VM/instance. The script is located here: https://gist.github.com/pyther/20bba4aee1a7e1485dd065adbf736891 -
Dec 11, 2020 . 1 changed file with 92 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1 +1,92 @@ # WSL 2.0 Cisco AnyConnect Networking Workaround ## Overview WSL 2.0 uses a Hyper-V Virtual Network adapter. Network connectivity works without any issue when a VPN is not in use. However when a Cisco AnyConnect VPN session is established Firewall Rules and Routes are added which breaks connectivity within the WSL 2.0 VM. This issue is tracked [WSL/issues/4277](https://github.com/microsoft/WSL/issues/4277) Below outline steps to automatically configure the Interface metric on VPN connect and update DNS settings (/etc/resolv.conf) on connect/disconnect. ## Configuration ### Modify Interface Metrics After connecting to the VPN, you'll want to modify the Interface Metric of the Cisco VPN Adapter ``` Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000 ``` You'll need to run the following command in a Powershell session with Administrative permission. At this point you should have connectivity in your container (but no dns/name resolution). You can test this by runnig `ping 8.8.8.8`. ### DNS Update Script You'll need to install the `/opt/wsl_dns.py` script for each Linux VM/instance. The script is located here: https://gist.github.com/pyther/20bba4aee1a7e1485dd065adbf736891 The script uses python3 built-ins, so make sure you have python3 installed. #### Install: ``` $ curl https://gist.github.com/pyther/20bba4aee1a7e1485dd065adbf736891/raw/bb00f46d30da1b1eb7ba0fec4e6946a654c7b186/wsl_dns.py --output /opt/wsl_dns.py $ chmod +x /opt/wsl_dns.py ``` #### Test the script: ``` $ /opt/wsl_dns.py ``` ## Automate ### Disable WSL Resolv Update For each Linux instance: 1. Disable automatic updating of resolv.conf by WSL /etc/resolv.conf ``` [network] generateResolvConf = false ``` 2. Restart/Shutdown WSL: `wsl --shutdown` (WARNING: this will kill all current sessions!) ### Create Powershell Script Create a powershell script for the Interface Metric command, I decided to store mine in `C:/Users/$USER/UpdateAnyConnectMetric.ps1` C:/Users/$USER/UpdateAnyConnectMetric.ps1 ``` Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000 ``` ### Create Scheduled Tasks Windows Scheduled Tasks allows you to trigger an action when a certain log event comes in. The Cisco AnyConnect VPN client generates a number of log events. We will create two tasks. The first task, will configure the interface metric when the VPN connects. The second task, will execute the dns update script inside of your Linux VM when the VPN Connects and Disconnects. Cisco AnyConnect Events - 2127: VPN Adapter Configuration - 2080: Host Configuration - 2039: VPN Established and Passing Data - 2057: Automatic Configuration of Routing Table - 2010: VPN Termination 1. Open Task Scheduler 2. Create a Folder called `WslAnyConnect` (Optional, but easier to find rules later) 3. Create Rules 1. Update AnyConnect Adapter Interface Metric for WSL2 * General: Check: Run with highest privileges * Triggers: On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * Action: Start a program, Program: `Powershell.exe`, Add arguments: `-ExecutionPolicy Bypass -File %HOMEPATH%\UpdateAnyConnectMetric.ps1` * Condition: Uncheck: Start the task only if the computer is on AC power 2. Update DNS in WSL2 Linux VMs * Triggers: * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2039` * On an Event, Log: `Cisco AnyConnect Secure Mobility Client`, Source: `acvpnagent`, Event ID: `2010` * Action: Start a program, Program: `wsl.exe`, Add arguments: `-d fedora -u root /opt/wsl_dns.py` * Condition: Uncheck: Start the task only if the computer is on AC power 4. Test: Connect to the VPN, a powershell windown and command prompt window (wsl) should pop-up briefly ## FAQ Q: Does traffic orginating from the Linux VM still route through the VPN? A: Yes, I believe so. I did not see any leaked traffic when running a tcpdump on my router. Q: Are VPN resources accessible from the Linux VM? A: Yes Q: Can the Linux VM communicate with Windows? A: No, it appears a firewall rule is preventing traffic between Windows and the Linux VM. Q: Can I still run WSL1 instances? A: Yes, you can run WSL1 and WSL2 insatnces simutaneously -
Dec 11, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1 @@ == Overview