Skip to main content

Curious case of Cisco AnyConnect and WSL2

One thing Covid has taught me is the importance of VPN. Also one other thing COVID has taught me while I work from home is that your Windows Machine can be brilliant as long as you have WSL2 configured in it.

So imagine my dismay when I realized I cannot access my University resources while being inside the University provided VPN client.

Both of the institutions I have affiliation with, requires me to use VPN software which messes up WSL2 configuration (which of course I realized at 1:30 AM). Don't get me wrong, I have faced this multiple times last two years (when I was stuck in India), and mostly I have been lazy and bypassed the actual problem by side-stepping with my not-so-noble alternatives, which mostly include one of the following:
  • Connect to a physical machine exposed to the internet and do an ssh tunnel from there (not so reliable since this is my actual box sitting at lab desk, also not secure enough)
  • Create a poor man's socks proxy in that same box to have my own VPN (OpenVPN and wireguard both works fine with WSL2). Again a security nightmare if IT guy finds out
  • And my least favorite method, use Putty
Tonight though high on 7 coffee, I decided to take a shot at it finally to figure out what the heck is even going on with this AnyConnect scenario. Lo and behold a google search reveals thousands of complaints and even more solutions (most of which didn't work for me).

So I ended up cobbling together the solution which worked for me. Actually, two solutions since it seem the most efficient one is only working for one of my machines and not the other one, for which I had to choose an even more esoteric way.

So hopefully one of these will work for you.

Method 1: Auto-manually rewrite WSL2's DNS config by getting the VPN values 

There of course is a manual solution. But whats the fun in that. Just download or copy paste this gist inside your WSL2 instance. A lot of this has been taken from this Github issue



echo "Getting current DNS servers, this takes a couple of seconds"

/mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command '
Get-NetAdapter -InterfaceDescription "Cisco AnyConnect*" | Get-DnsClientServerAddress | Select -ExpandProperty ServerAddresses
Get-NetAdapter | ?{-not ($_.InterfaceDescription -like "Cisco AnyConnect*") } | Get-DnsClientServerAddress | Select -ExpandProperty ServerAddresses
' | \
        awk 'BEGIN { print "# Generated by vpn-fix on", strftime("%c"); print } { print "nameserver", $1 }' | \
        tr -d '\r' > /etc/resolv.conf

Mark it as executable
sudo chmod a+x
Now just run this using sudo ./
And you should something like this
You can automate so that this gets called everytime you open WSL. Not to mess with VPN again and again. Note, you will have to run it after you have connected via anyconnect.

Method 2: Use the awesome gvisor-tap-vsock to tunnel your connection

This utilizes the awesome wsl-vpn toolkit. Since this uses a lot of third party code and was a bit overkill, I did not prefer this initially. But one of my machines did not update the resolve conf even after I restarted the wsl backend multiple times, so I had to go this path (that one has kali linux on it instead of ubuntu)

Just follow the below procedure

# download wsl-vpnkit
tar --strip-components=1 -xf wsl-vpnkit.tar.gz app/wsl-vpnkit files/wsl-gvproxy.exe files/wsl-vm
rm wsl-vpnkit.tar.gz

# place Windows exe
USERPROFILE=$(wslpath "$(powershell.exe -c 'Write-Host -NoNewline $env:USERPROFILE')")
mkdir -p "$USERPROFILE/wsl-vpnkit"
mv wsl-gvproxy.exe "$USERPROFILE/wsl-vpnkit/wsl-gvproxy.exe"

# place Linux bin
chmod +x wsl-vm
sudo chown root:root wsl-vm
sudo mv wsl-vm /usr/local/sbin/wsl-vm

# run the wsl-vpnkit script
chmod +x wsl-vpnkit
sudo ./wsl-vpnkit

This should get your VPN and WSL2 working again.


Popular posts from this blog

FirefoxOS, A keyboard and prediction: Story of my first contribution

Returning to my cubical holding a hot cup of coffee and with a head loaded with frustration and panic over a system codebase that I managed to break with no sufficient time to fix it before the next morning.  This was at IBM, New York where I was interning and working on the TJ Watson project. I returned back to my desk, turned on my dual monitors, started reading some blogs and engaging on Mozilla IRC (a new found and pretty short lived hobby). Just a few days before that, FirefoxOS was launched in India in the form of an Intex phone with a $35 price tag. It was making waves all around, because of its hefty price and poor performance . The OS struggle was showing up in the super low cost hardware. I was personally furious about some of the shortcomings, primarily the keyboard which at that time didn’t support prediction in any language other than English and also did not learn new words. Coincidentally, I came upon Dietrich Ayala in the FirefoxOS IRC channel, who at

April Fool and Google Part 2: A Round Up of ALL of Google’s April Fools Jokes

Ok....this post I think will contain all of the pranks I could find  for today. After my last post here Last Time I reported Only a handful of the pranks.. Understandable, as it was only the morning. After that I stumbled upon more of them Which I am gonna round up here. Now staring with the list. The very first one is obviously our favourite Google Maps Quest The above is their official video. In a post in Google Plus they say about it as follows  Today  + Google Maps  announced Google Maps 8-bit for NES. With #8bitmaps , you can do everything you'd normally do in Maps—search for famous landmarks and sites around the world, get directions and even use Street View. Just in time for April Fool's Day, Google has introduced Google Maps Quest, a retro 8-bit version of its mapping tool that is... totally awesome. In a characteristically whimsical video, available above, Google emplo