WSL2 unable to ping host machine

[jiesu12]

Please use the following bug reporting template to help produce issues which are actionable and reproducible, including all command-line steps necessary to induce the failure condition. Please fill out all the fields! Issues with missing or incomplete issue templates will be closed.

If you have a feature request, please post to the UserVoice.

If this is a console issue (a problem with layout, rendering, colors, etc.), please post to the console issue tracker.

Important: Do not open GitHub issues for Windows crashes (BSODs) or security issues. Please direct all Windows crashes and security issues to [email protected]. Ideally, please configure your machine to capture minidumps, repro the issue, and send the minidump from "C:\Windows\minidump".

Please fill out the below information:

• Your Windows build number: (Type ver at a Windows Command Prompt)
  10.0.18917.100

• What you're doing and what's happening: (Copy&paste the full set of specific command-line steps necessary to reproduce the behavior, and their output. Include screen shots if that helps demonstrate the problem.)
  ping host machine, whose IP was obtained from /etc/resolv.conf.

• What's wrong / what should be happening instead:
  Ping timed out. Additionally, I can ping 8.8.8.8, but not www.google.com.

[ghost]

We’ve labelled your issue as ‘need-repro’ since we need more steps to help identify your problem. Could you please provide us with reproducible steps for the issue you’re experiencing, including things such as the specific command line steps necessary to reproduce the behavior and their output. Thank you! -The WSL Team

[lawrencehlee]

Same issue. I'm running Windows 10.0.18932.1000 + WSL 2 with Debian.

The exact commands:

λ ~/ cat /etc/resolv.conf 
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.19.224.1
λ ~/ ping 172.19.224.1
PING 172.19.224.1 (172.19.224.1) 56(84) bytes of data.
^C
--- 172.19.224.1 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6257ms

λ ~/

I am able to ping google.com/external sites in general - just not the host machine.

[xa0082249956]

I can't ping anything.
This problem has bothered me for two days.
Finally I solved this by performing a Network Reset in Settings > Network & Internet > Status > Change your network settings.

I think this problem is caused by wrong mask in ip address and wrong routing table after upgrade to WSL 2.

[mikuta0407]

Version 10.0.18995.1
Command : ping 192.168.0.90 (My PC's IP)

I can ping 8.8.8.8, www.google.com, 192.168.0.1, 192.168.0.100(Raspberry Pi).
but I cannot ping 192.168.0.90.

I tried "Reset Network" but did not improve anything.

[mikuta0407]

In WSL2, I was able to access the web server started on Windows side using w3m with IP address specification (192.168.0.90), but I could not connect to VcXsrv.
Ubuntu recognizes the existence of the X server, but says "Connection refused".
In summary, HTTP was possible, but X and Ping were not possible.
WSL1 all worked on the same Windows version.

[craigloewen-msft]

@mikuta0407 make sure to disable access control when starting up your X server, this will allow it to accept external connections and will likely resolve your 'Connection refused' error.

[xDarksome]

same here, "Reset Network" didn't help.

[jonpetersathan]

The Windows Firewall is blocking all traffic, except HTTP per default. In order for VcXsrv to work, you need to allow all inbound rules (private and public) for "VcXsrv windows server" under advanced settings in the windows firewall section of Windows Security. (Or select the public and private checkbox on the windows firewall prompt that appears if you run VcXsrc for the first time.)

In order for ping to work, you need to create a new rule. Click on Action/New Rule and select custom rule.

Select Next on the Program step. Then select ICMPv4 as protocol type.

Select Next until you end up in the Name section, then enter any name and click Finish.

If you now try pinging your host ip from wsl2, it should work as expected.

For every other connection between your wsl2 and your host, you have to allow the inbound rules for private and public networks or if they don't exists manually create the rules for the corresponding UDP/TCP port, but be aware that this might impact your security, if you use your computer in public networks.

[heartlock]

It works for me , thanks @BBJip

[franciscosuca]

The Windows Firewall is blocking all traffic, except HTTP per default. In order for VcXsrv to work, you need to allow all inbound rules (private and public) for "VcXsrv windows server" under advanced settings in the windows firewall section of Windows Security. (Or select the public and private checkbox on the windows firewall prompt that appears if you run VcXsrc for the first time.)

In order for ping to work, you need to create a new rule. Click on Action/New Rule and select custom rule.

Select Next on the Program step. Then select ICMPv4 as protocol type.

Select Next until you end up in the Name section, then enter any name and click Finish.

If you now try pinging your host ip from wsl2, it should work as expected.

For every other connection between your wsl2 and your host, you have to allow the inbound rules for private and public networks or if they don't exists manually create the rules for the corresponding UDP/TCP port, but be aware that this might impact your security, if you use your computer in public networks.

It worked! thanks a lot.

I will just add that in the "scope" step, I added the group of IP that I am using to reach my WSL instance and the host IP block to reduce the security issues.

[kazami-hayato]

all you need to do is change your windows firewall settings,and allow hyper-v access

[h34rtb34t]

PLEASE HELP ME OUT !!PLEASE PLEASE!!
I have fresh install of win10 Entr and I went through the process of installing wsl2 and successfully installed kali as my default wsl version2 OS. It all worked fine and and was smooth till i logged into my Kali shell.
I did my apt update && apt upgrade -y and installed all the tools I needed and it was perfect. I was trying to set up my Kali box for the HTB machines and once I set up the PVN connection I was successfully able to ping all the HTB machines pretty straightforward. I was able to nmap and do other enumerations like gobuster and so on.. on any machine. However when it comes to getting a reverse shell from a pwn box, I symply do not get any connection what so ever.
I tried everything I found on the web; I tried to reset all the PC connections, WSL2 connections, tried to unable and then disable the Virtualization on the BIOS, added IP rules on the Win firewall, playing around with the HyperV WSL adapter and such and such....I tried anything I could find to get this working. After messing around for a while I disinstalled and deacativated everything from WSl2 to HyperV settings for the last time and then REinstalled and got running kali back again. Now not only I CANNOT get a reverse connection from a VPN connected machine(HTB), but I cannot even ping to Windows host!! PLease point me in the right direction.

MY sysinfo:

My Win net info

My Kali net info

AND HERE IS WHAT I GET

Win10 is able to ping Kali WSL2

KaliWSL2 not able to ping Win10 Host box

KaliWLS2 able to ping HackTheBox machine

I've been struggling with this for a while now and just can't get it done. I keep going through Microsoft WSL2 documentation and guidelines and could not really get any useful information on this specific issue. I tried follow up with discussions in focrums and blogs but it seems no one came accross my same issue. Please if you think you could have any useful information point me in the right direction. I really appreciate any kind of help. I'm not just trying to solve the problem but I really want to fully understand what is the root of the problem.

Thanks in advance to everyone.

[jonpetersathan]

@h34rtb34t Did you connect to the HTB VPN from your windows host or from your Kali distro?

[h34rtb34t]

Hi there, thanks very much for answering back. I've tried both, I mean either way it just won't work. I first tried connecting to the VPN via windows machine, then within Kali wsl and the result is the same. I tried to play with routing tables(according to what is out there on Google that other have tried) ; I went through un installing and re-installing kali wsl multiple times; tried different scripts to reset the wsl2 networking settings etc etc.... And just could not do it. At the moment I'm working on a Kali Docker container and after few initial settings I get things done here within Docker. I really would like to have the chance switch back to my kali wsl2 and keep rolling from there. It is really strange and 'weird' I could not come across a similar issue to mine. As I said I keep searching on forums etc etc and still trying to get it working, but still I'm not able to use my Kali wsl. If there is any info you could provide me or at least point i the right direction that would be GREAT. Thanks a lot

[jonpetersathan]

I guess you already tried resetting your TCP/IP stack like so:

Uninstall OpenVPN form host.
RESET Kali Linux (Right click in start menu / App Settings / Reset).
Then run:

netsh winsock reset
netsh int ip reset
ipconfig /release
ipconfig /renew
ipconfig /flushdns

Run kali and install open vpn.

Make sure you are running kali with WSL2
wsl --set-version kali-linux 2

Run kali again and load your .ovpn file.

Make sure to ping the ip of your tunnel interface from inside the htb machine.

If you did indeed all of this and still are not able to ping your kali from a htb machine, I'm also clueless. Windows Firewall shouldn't be an issue here, nor anything else from your host.

[zhixiangjoy]

Same issue. I'm running Windows 10.0.18932.1000 + WSL 2 with Debian.

The exact commands:

λ ~/ cat /etc/resolv.conf 
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 172.19.224.1
λ ~/ ping 172.19.224.1
PING 172.19.224.1 (172.19.224.1) 56(84) bytes of data.
^C
--- 172.19.224.1 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6257ms

λ ~/

I am able to ping google.com/external sites in general - just not the host machine.

I meet the same problem. wsl2 ubuntu host not able to ping the ip which in the /etc/resolv.conf (Vethernet WSL)。 So my wsl2 can't ping any domain via DNS unless I change the nameserver in the resolv.conf. I try to change the windows firewall setting, but unuseful , I don't know what's wrong .

[skumarlabs]

After trying all the methods above, what worked for me was uncheck "Block all connections, including those in the list of allowed apps" under Public Network Firewall setting (screenshot attached).

If you are tying ping, make sure your ICMP port is allowed in the firewall or follow the steps by @johnnyP4

I understand this can be considered not a "security best practice" as you are allowing incoming connections to apps on public network but this issues was fixed for me after doing so.

[chaoszh]

FYI,
in WSL2, the firewall setting name is Virtual Machine Monitoring

After enabling the inbound rules, pinging windows host works fine.

[duyanning]

thank you @chaoszh
After enabling the firewall rule "Virtual Machine Monitoring(Echo Request-ICMPv4-In)", I can ping host from wsl2 now.

[jiesu12]

Thanks @skumarlabs.

This is definitely something can be easily missed. Seems for some newly installed Windows 10, it would be default enable "Block all incoming connections, including those in the list of allowed apps".

[stackh34p]

FYI, in WSL2, the firewall setting name is Virtual Machine Monitoring

After enabling the inbound rules, pinging windows host works fine.

The firewall settings were disabled by default and I followed the above configuration. It did not work for me, I had to also remove the CAP_NET_RAW setting on my Debian distro:

    sudo setcap cap_net_raw+p /bin/ping

See for more info: #5109 (comment)

[biwiki]

Thank you @chaoszh , you saved my day!

[danfly09]

If you're using McAfee like me you have to enable here

[alex-jitbit]

If anyone bumps into this issue - one more thing to check is disable VPN connection on the host machine (if any)

[teadrinker2015]

For the record, WSL is considered 'PUBLIC' from windows guys (I haven't figured out why). That means if you just try to simply disable the firewall of the your current profile (which in my case 'Private') to check if it's a firewall issue, that's not gonna work.

[pete-by]

For the record, WSL is considered 'PUBLIC' from windows guys (I haven't figured out why). That means if you just try to simply disable the firewall of the your current profile (which in my case 'Private') to check if it's a firewall issue, that's not gonna work.

Thank you to pointing me into the right direction, because I tried to disable the defender or add custom rules and it did not work. What actually has worked is when I went to Windows Defender Firewall Properties and unchecked vEthernet WSL from being protected for all the profiles.

[pepdevs]

I faced this problem but I didn't want to open firewall options for Public networks.

Then set the connection related to WSL2 to private
Set-NetConnectionProfile -InterfaceIndex 4 -NetworkCategory Private

Check the change worked

[com314159]

FYI, in WSL2, the firewall setting name is Virtual Machine Monitoring

After enabling the inbound rules, pinging windows host works fine.

this works for me

[UmairMirza1]

For the record, WSL is considered 'PUBLIC' from windows guys (I haven't figured out why). That means if you just try to simply disable the firewall of the your current profile (which in my case 'Private') to check if it's a firewall issue, that's not gonna work.

Thank you to pointing me into the right direction, because I tried to disable the defender or add custom rules and it did not work. What actually has worked is when I went to Windows Defender Firewall Properties and unchecked vEthernet WSL from being protected for all the profiles.

Thank you for this! This worked

[jiang849725768]

FYI, in WSL2, the firewall setting name is Virtual Machine Monitoring

After enabling the inbound rules, pinging windows host works fine.

It worked! Now in my settings there is a Virtual Machine Monitoring (ICMPv4-In). I only enabled it and then my ping works fine.

[KonanTheLibrarian]

NETWORK on WSL2 STILL JUST BREAKS: CLOSING THOUSANDS OF BUG REPORTS ON THIS 10 YEAR OLD BUG (WHICH IS NOT FIXED) IS WEIRD!

I have implemented that hard coded DNS solution by adding the DNS hosts directly to /etc/resolv.conf locked with chattr etc done swap=0 in Windows home area .wslconfig file and all sorts and it is a lot better, but WSL2 still looses it's DNS and entire network connection even if you disconnect briefly and reconnect your IPsec VPN. Once that happens still have to reboot.
(I am running WSL2 on top end Dell laptop with up-to-date bios and Windows 10 up to date patches and drivers.)

It is NOT just DNS because you can't ping via raw IP address. All windows apps network capability is retained whilst WSL2 JUST BREAKS and ABSOLUTLY NO SOLUTION BUT TO REBOOT - a bug 10 YEARS OLD!!!!!!!

Setup /etc/wsl.conf to use /etc/resolv.conf (which is protected by chattr). Sure it works after reboot but any network disruption triggers the BUGS WRITTEN BY WINDOWS PROGRAMMERS WHO CAN'T CODE LINUX NETWORK CODE TO SAVE THEIR LIVES - AND CLOSE THE BUG REPORTS OVER AND OVER AND OVER AND OVER - THOUSANDS OF THEM!!!!!!!!

/etc/wsl.conf

WSL2 runs without hyper-v, but WSL1 used hyper-v. NOTE: WSL1 had the exact same BROKEN NETWORK BUG!

NEVER FIXED AND IT IS KILLING MICROSOFTS Linux reputation to the tune of at least $30 BILLION - NO JOKE!

When running ordinary applications under Windows or on a Linux PC, any disconnection of the network and reconnection allows all applications to reconnect to the network no problem; not so with WSL2 it's still got a fragile broke WSL network that fails to ping! When running WSL, DNS resolution is lost even with a brief disconnection or the lease time on the network driver laps and reconnects (which is normal), after that you can’t connect or even ping devices unless you reboot! This is specifically a WSL Linux bug that was coded brilliantly by Windows network programmers and they have closed THOUSANDS of similar bug reports; that is WEIRD!

Even with millions of complaints, and thousands of bug reports, this bug has been persistent for almost a decade and NOT FEXED IN JULY 2023! This is so serious many developers avoid all Docker development under WSL and Windows.
When Windows programmers write Linux network code, what could possibly go wrong?

WSL team members even close bug reports rather than combine the data from thousands of similar reports. When reports are closed so that others can’t comment the geniuses have magically fixed the major bug right? NOT! The use of Docker Desktop makes it 100 times worse, but fortunately Docker Desktop is NOT Docker and many people run WSL2 without Docker Desktop.

[SparkLee]

FYI, in WSL2, the firewall setting name is Virtual Machine Monitoring
After enabling the inbound rules, pinging windows host works fine.

It worked! Now in my settings there is a Virtual Machine Monitoring (ICMPv4-In). I only enabled it and then my ping works fine.

It works for me, tks very much.

注：WSL Ubuntu 或 Hypef-V 虚拟机网络被默认设定为公用网络[public network]，而非专用网络[private network]。

1、在 WSL Ubuntu 或 Hypef-V 虚拟机中 Ping 通 Windows 宿主机

2、在 WSL Ubuntu 或 Hypef-V 虚拟机中正常访问 Windows 宿主机的 Apifox 本地 Mock 服务