Hi Krishna, can you add more details? Your answer says that we need to update another conf file like in comments above but I'm not sure what other comments you are referring to.
I have the exact same issue: Ubuntu on WSL2 can't talk to some servers when connection to VPN (through the Windows PulseSecure client app). Same issue as everyone else. I'd like to try your solution but am not sure what to cut and paste into the conf files. Should I copy the lines exactly "as is" with the stars * ? Can you add what other file you updated and paste the changes here? Thanks! I'm also completely stuck, I have to disconnect and reconnect to VPN multiple times per day to run some commands while on VPN and other while off VPN to be able to do my work, it's super frustrating.
Thanks for the help!
Had same issue with WSL2 & PulseSecure.
I was able to work this around by downgrading WSL2 -> WSL1:
PowerShell> wsl --set-version Ubuntu-20.04 1
Solution that really *worked* for me with WSL2 is to lower the MTU value of the network adapter of the Linux under WSL:
sudo ip link set dev eth0 mtu 1380
Sorry to revive this topic, but it seems I bumped in the same case, and despite digging in a lot of places, I haven't found any positive solution to my problem.
To clarify the case, I believe the pulse configuration is Split tunneling enabled and All routes tunneled. This is the first configuration listed on https://docs.pulsesecure.net/WebHelp/PDC/9.0R1/Content/PDC_AdminGuide_9.0R1/Pulse_Split_Tunneling_Su...
An evidence of this is that if I ping the WSL gateway from the WSL Linux, it doesn't work. But if I suspend the tunnel (which is a possible exception of this configuration) it works during the time of suspension. Hence, the internal WSL network seems categorized as local network, just as a physical network.
Another evidence, is:
if I manually change the Windows internal route for the WSL adapter and reenable its configuration as without VPN, the connexion works again for a few seconds before being changed again. In the row below, 172.21.96.1 is the IP address of the WSL gateway as seen in Windows.
route print 172.21.*
172.21.96.0 255.255.240.0 On-link 10.89.94.42 1 <-------------- Routed on VPN end-point address
172.21.96.1 255.255.255.255 On-link 172.21.96.1 271
route change 172.21.96.0 mask 255.255.240.0 172.21.96.1 metric 10
Yet, this workaround is no good, because with this routing, the WSL Linux instance traffic is routed outside the VPN. What is expected is:
- for the internal virtual network to work normally, espeially the gateway delivers DNS to the Linux WSL instance, so it must be reachable;
- for Linux access to the external network to be NATted by the virtual switch, and routed through VPN, just as any other connexion from the Windows host.
Is there a way to distinguish between local physical network and local virtual networks in the Pulse configuration? Am I missing something in the WSL2 / Hyper-V configuration that would provide the intended behaviour?
Thanks for any idea.
Hi, I'm still sruggling with thisissue did somone was able to find solution, all solutions I saw on internet does not work for me.
Im woking on corprate Windows 11 + WSL2 + VPM Pulse Secure 9.1.14 (13525)
Not sure even what to discuss with VPN team to be honest... But seems it all closes at Pulse Secure VPN if I'm out it works, if connected is not. I only see that once i connect to VPN new Ethernet4 interface shows up and it seems taht WSL2 is not aware of it so it deas not use it as deafult for routing requests.
I Will tell you one solution that works for me.
-Before get connected to the VPN: Disable vEthernet (WSL) network connection.
-Connect to the VPN (This will create the interface Pulse Secure)
-Enable vEthernet (WSL)
With this steps i am able to connect to IPs inside vpn network from WSL and i am able to navigate trough the internet also inside WSL
As I found, the client modifies route connections in wsl interface, making it no longer able to connect to internet. More info at https://wheatevo.com/wsl-2-and-vpn/
I modified a bit the script in that web so we delete the vpn new rule and re create the old route rule:
NOTE: In my PC Pulse secure network is called "Ethernet 3", that may not be your case. Check with Get-NetAdapter in powershell console.
With this script i am able to connect to the internet (22.214.171.124 for example) and to the VPN network.
PowerShell script need elevated privileges:
$wsl = Get-NetIPInterface -InterfaceAlias "vEthernet (WSL)" -AddressFamily IPv4
$vpn = Get-NetIPInterface -InterfaceAlias "Ethernet 3" -AddressFamily IPv4
$ip = Get-NetIPAddress -InterfaceAlias "vEthernet (WSL)" -AddressFamily IPv4
$networkIp = "$($ip.IPAddress -replace "\.\d+$", ".0")"
route delete $networkIp IF $vpn.ifIndex
route add $networkIp mask 255.255.240.0 0.0.0.0 IF $wsl.ifIndex