Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

After Windows Update 24H2 WSL cannot access the internet #12353

Open
1 of 2 tasks
maphew opened this issue Dec 7, 2024 · 19 comments
Open
1 of 2 tasks

After Windows Update 24H2 WSL cannot access the internet #12353

maphew opened this issue Dec 7, 2024 · 19 comments
Labels

Comments

@maphew
Copy link

maphew commented Dec 7, 2024

Windows Version

Microsoft Windows [Version 10.0.26100.2314]

WSL Version

2.3.26.0

Are you using WSL 1 or WSL 2?

  • WSL 2
  • WSL 1

Kernel Version

5.15.167.4-1

Distro Version

any / all

Other Software

No response

Repro Steps

All of the below started after installing Windows Update 24H2. I had no WSL network issues in the days prior.

  1. Open any WSL distribution (example below with Alpine)

  2. Try to ping an external IP:

    > wsl ping -c 3 microsoft.com
    PING microsoft.com (20.112.250.133): 56 data bytes
    
    --- microsoft.com ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss
  3. Observe 100% packet loss

  4. Verify that DNS resolution works:

    > wsl nslookup microsoft.com
    Server:         10.255.255.254
    Address:        10.255.255.254:53
    
    Non-authoritative answer:
    Name:   microsoft.com
    Address: 20.236.44.162
    Name:   microsoft.com
    Address: 20.231.239.246
    Name:   microsoft.com
    Address: 20.76.201.171
    Name:   microsoft.com
    Address: 20.70.246.20
    Name:   microsoft.com
    Address: 20.112.250.133
    
    Non-authoritative answer:
    Name:   microsoft.com
    Address: 2603:1030:c02:8::14
    Name:   microsoft.com
    Address: 2603:1020:201:10::10f
    Name:   microsoft.com
    Address: 2603:1030:20e:3::23c
    Name:   microsoft.com
    Address: 2603:1030:b:3::152
    Name:   microsoft.com
    Address: 2603:1010:3:3::5b
  5. Verify host Windows can ping the same addresses successfully

    PS A:\> ping -n 3 microsoft.com
    
    Pinging microsoft.com [20.236.44.162] with 32 bytes of data:
    Reply from 20.236.44.162: bytes=32 time=63ms TTL=109
    Reply from 20.236.44.162: bytes=32 time=66ms TTL=109
    Reply from 20.236.44.162: bytes=32 time=67ms TTL=109
    
    Ping statistics for 20.236.44.162:
       Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
       Minimum = 63ms, Maximum = 67ms, Average = 65ms
  6. Test http

WSL fails:

> wsl wget --timeout=5 --no-verbose https://google.com
Connecting to google.com (142.251.211.238:443)
wget: download timed out

Windows host succeeds:

 > wget.exe --timeout=1 --no-verbose https://google.com
2024-12-07 07:43:25 URL:https://www.google.com/ [20094] -> "index.html.2" [1]

Remedies Attempted

1. WSL Network Reset

  • Executed wsl --shutdown
  • Restarted WSL service
  • Rebooted entire system
  • Result: No change

2. Firewall Configuration

  • Added explicit allow rules for WSL executable
  • Added allow rules for all WSL network traffic
  • Verified firewall profiles (Domain, Private, Public all set to BlockInbound,AllowOutbound)
  • Result: No change

3. Network Configuration

  • Attempted to reset WSL network settings by removing registry entries:
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Lxss\NatGatewayIpAddress
    • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Lxss\NatNetwork
  • Adjusted MTU on WSL network adapter to match other interfaces (1280)
  • Result: No change

4. Basic Network Verification

  • Confirmed routing table is correct (default route via 172.21.176.1)
  • Verified network interface configuration
  • Confirmed WSL can't reach its own gateway (100% packet loss to 172.21.176.1)

Current Situation

  • Host Windows networking works perfectly
  • WSL instances can resolve DNS names but cannot transmit/receive packets
  • All WSL distributions affected
  • Problem persists across WSL restarts and system reboots
  • Network configuration appears correct but packets are not reaching/returning from the gateway

Expected Behavior

connection to and response from any normally accessible internet host.

Actual Behavior

see repo steps

Diagnostic Logs

No response

Copy link

github-actions bot commented Dec 7, 2024

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Open similar issues:

Closed similar issues:

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

@maphew
Copy link
Author

maphew commented Dec 7, 2024

Diagnostic logs - WslNetworkingLogs-2024-12-07_07-22-13.zip

Copy link

github-actions bot commented Dec 7, 2024

Diagnostic information
.wslconfig found
Detected appx version: 2.3.26.0
optional-components.txt not found

@maphew
Copy link
Author

maphew commented Dec 9, 2024

Using WSL Settings and changing network mode from NAT to VirtioProxy enables http from within WSL (e.g. wget google.com works) but ping is still blocked. Disabling HYper-V firewall has no effect. Turning off Windows Defender Firewall has no effect.

@justus-camp-microsoft
Copy link
Collaborator

@CatalinFetoiu looks like this user is using NAT and doesn't have connectivity. What would be the next steps to root cause?

@CatalinFetoiu
Copy link
Collaborator

thanks for sending the logs
does using mirrored networking resolve the issue? (try using networkingMode=mirrored in your wslconfig file)

@maphew
Copy link
Author

maphew commented Dec 14, 2024

sorry no, with mirrored all network commands seem to be broken.

C:\apps\cmder
λ wsl --shutdown

:: In WSL Settings just changed from 'VirtioProxy' to 'Mirrored'

C:\apps\cmder
λ wsl
framation:/mnt/c/apps/cmder# wget --no-verbose google.com
wget: bad address 'google.com'

framation:/mnt/c/apps/cmder# nslookup google.com
nslookup: can't connect to remote host: Network unreachable
framation:/mnt/c/apps/cmder#

C:\apps\cmder
λ wsl --shutdown

:: In WSL Settings just changed from 'Mirrored' to 'VirtioProxy'

C:\apps\cmder
λ wsl
framation:/mnt/c/apps/cmder# nslookup google.com
Server:         192.168.8.1
Address:        192.168.8.1:53

Non-authoritative answer:
Name:   google.com
Address: 2607:f8b0:400a:80b::200e

Non-authoritative answer:
Name:   google.com
Address: 142.250.217.110

framation:/mnt/c/apps/cmder# wget --no-verbose google.com
Connecting to google.com (142.250.217.110:80)
Connecting to www.google.com (172.217.14.228:80)
saving to 'index.html'
index.html           100% |****************************************| 20246  0:00:00 ETA 'index.html' saved

framation:/mnt/c/apps/cmder# ping google.com
PING google.com (142.250.217.110) 56(84) bytes of data.
^C
--- google.com ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5213ms

maphew added a commit to maphew/trilium that referenced this issue Dec 17, 2024
@maphew
Copy link
Author

maphew commented Dec 17, 2024

Upgrading to pre-release 2.4.8 did not change behaviour in any noticeable way.

WSL version: 2.4.8.0
Kernel version: 5.15.167.4-1
WSLg version: 1.0.65
MSRDC version: 1.2.5716
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.26100.1-240331-1435.ge-release
Windows version: 10.0.26100.2605

VirtioProxy:

λ code\tnext\wsl-test.cmd
---

wsl --shutdown
---

type C:\Users\maphe\.wslconfig
[experimental]
autoMemoryReclaim=gradual
dnsTunneling=false
hostAddressLoopback=true
networkingMode=virtioproxy
[wsl2]
dnsProxy=false
---

wsl nslookup google.com
Server:         192.168.8.1
Address:        192.168.8.1:53

Non-authoritative answer:
Name:   google.com
Address: 142.251.33.78

Non-authoritative answer:
Name:   google.com
Address: 2607:f8b0:400a:806::200e

---

wsl wget google.com   && if exist index.html del index.html
Connecting to google.com (142.251.33.78:80)
Connecting to www.google.com (142.251.215.228:80)
saving to 'index.html'
index.html           100% |***************************************************************************| 20219  0:00:00 ETA 'index.html' saved
---

wsl ping -c2 google.com
PING google.com (142.251.33.78) 56(84) bytes of data.

--- google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1021ms

Mirrored:

A:\
λ code\tnext\wsl-test.cmd
---

wsl --shutdown
---

type C:\Users\maphe\.wslconfig
[experimental]
autoMemoryReclaim=gradual
dnsTunneling=false
hostAddressLoopback=true
networkingMode=mirrored
[wsl2]
dnsProxy=false
---

wsl nslookup google.com
nslookup: can't connect to remote host: Network unreachable
---

wsl wget google.com   && if exist index.html del index.html
wget: bad address 'google.com'
---

wsl ping -c2 google.com
ping: google.com: Try again

@hdbin
Copy link

hdbin commented Dec 17, 2024

Same problem here after 24H2 update. Using "virtioproxy" enables connectivity for https at least, but ping is not working.

@tmfksoft
Copy link

+1 Here, I've tried (recluctantly) reinstalling WSL, Hyper-V etc but no avail.
I also noticed the name of the Hyper-V adapter is corrupted:
Image

As I rely on WSL for work it's brought me to a grinding halt and we're supposed to be on the latest Windows updates as part of our company policies.

Hopefully there will be a fix soon.

@hdbin
Copy link

hdbin commented Dec 18, 2024

Same problem here after 24H2 update. Using "virtioproxy" enables connectivity for https at least, but ping is not working.

Couple additional details:

  • With "virtioproxy" it seems that the connection may work for a while and then stop working suddenly
  • Using "Restore Default Policy" from Windows Defender Firewall with Advanced Security seem to resolve issue temporarily: WSL connectivity is normal without "virtioproxy" configuration, but only until next Windows reboot after which the default policy needs to be restored again.

@maphew
Copy link
Author

maphew commented Dec 20, 2024

Using "Restore Default Policy" from Windows Defender Firewall with Advanced Security seem to resolve issue temporarily: WSL connectivity is normal without "virtioproxy" configuration, but only until next Windows reboot after which the default policy needs to be restored again.

Unfortunately this didn't change anything for my machine, but thanks for giving me something to try!

@maphew
Copy link
Author

maphew commented Dec 20, 2024

I stepped through https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall. Two possibly interesting things I observed:

  • Default Inbound action was 'Block' (changing it to Allow had no effect tho)
  • Turning hyperv-firewall off in WSL Settings does not turn it off according to powershell

Firewall is false in wslconfig:

PS A:\> type $env:userprofile\.wslconfig
[experimental]
autoMemoryReclaim=gradual
hostAddressLoopback=true
networkingMode=virtioproxy
dnsTunneling=false
autoProxy=false
firewall=false
[wsl2]
dnsProxy=false

but still enabled:

PS A:\> Get-NetFirewallHyperVVMSetting -PolicyStore ActiveStore -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}'


Name                  : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
Enabled               : True
DefaultInboundAction  : Allow
DefaultOutboundAction : Allow
LoopbackEnabled       : True
AllowHostPolicyMerge  : True

(meta: the enable firewall cmdlet shown in the doc page has a typo for -Name parameter and won't work as is. Use the one from get cmdlet instead.)

@maphew
Copy link
Author

maphew commented Dec 20, 2024

I tried to uninstall the windows update but the restore point seems to have been removed? wtf! It was there yesterday.

Image

@patrick-pnl
Copy link

Same issue here

@DrewWing
Copy link

DrewWing commented Dec 20, 2024

Same issue here, already tried resetting all network stuff (perhaps this comment on a past issue would be helpful if it still worked).

Oddly enough, I'm not on 24H2 yet and it's still broken.
Image

@maphew
Copy link
Author

maphew commented Dec 21, 2024

I tried resetting winsock as per that comment, rebooting twice as recommended by output of first two commands, but nothing changed.

Admin prompt:

netsh winsock reset
:: reboot
netsh int ip reset all
:: reboot
netsh winhttp reset proxy
ipconfig /flushdns

I also tried shutting off the firewall using cmd line per a further comment in that thread (thinking perhaps using the Settings gui as I tried ealier does something differently):

netsh advfirewall set allprofiles state off

no change, network still broken.

@pepdekpd
Copy link

pepdekpd commented Dec 30, 2024

Had the same wsl issue after upgrading to windows 11 24H2. Using windows update - update history - uninstall updates and uninstall KB5048667 resolved the connectivity issue with WSL (after restart of laptop).
Not a solution, but might give some relief.
(also paused the updates for 3 weeks, not sure if it pauses the security updates as well...)


updated
changing the "DefaultOutboundAction" as described below: #12353 (comment) worked for me with KB5048667 installed.

Thanks @jvitammela

@jvitammela
Copy link

I had this problem, but unlike maphew, changing Hyper-V DefaultOutboundAction did help. Before I realized this, I could get networking to work with .wslconfig using virtioproxy or with firewall=false. Mirrored networking was broken for me.

[wsl2]
networkingMode=nat
#networkingMode=virtioproxy
firewall=false

After testing this, had a look at maphew's comment and Microsoft docs , after which I changed the default outbound action via an elevated PowerShell:

PS C:\WINDOWS\system32> Get-NetFirewallHyperVVMCreator
VMCreatorId  : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
FriendlyName : WSL

PS C:\WINDOWS\system32> Get-NetFirewallHyperVVMSetting -PolicyStore ActiveStore -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}'
Name                  : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
Enabled               : True
DefaultInboundAction  : Block
DefaultOutboundAction : Block
LoopbackEnabled       : True
AllowHostPolicyMerge  : True

PS C:\WINDOWS\system32> Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultOutboundAction Allow
PS C:\WINDOWS\system32> Get-NetFirewallHyperVVMSetting -PolicyStore ActiveStore -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}'
Name                  : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
Enabled               : True
DefaultInboundAction  : Block
DefaultOutboundAction : Allow
LoopbackEnabled       : True
AllowHostPolicyMerge  : True

After this, I re-enabled firewall in .wslconfig and started Ubuntu instance, networking seems to work like it did before. My pings and curls were towards 8.8.8.8 so DNS resolution shouldn't be in play here, though that seems to be working fine as well. Unfortunately YMMV since seemingly the same steps had no effect for maphew, posting this here since it comes up fairly high in search results.

My wsl.conf:

❯ cat /etc/wsl.conf
[boot]
systemd=true

[network]
generateHosts = true
generateResolvConf = true

Version info:

PS C:\WINDOWS\system32> wsl --status
Default Distribution: Ubuntu
Default Version: 2

PS C:\WINDOWS\system32> wsl --version
WSL version: 2.3.26.0
Kernel version: 5.15.167.4-1
WSLg version: 1.0.65
MSRDC version: 1.2.5620
Direct3D version: 1.611.1-81528511
DXCore version: 10.0.26100.1-240331-1435.ge-release
Windows version: 10.0.26100.2605

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

9 participants