Uses VPNKit and npiperelay to provide network connectivity to the WSL 2 VM. This requires no settings changes or admin privileges on the Windows host.
The following steps will use WSL to setup wsl-vpnkit
. If you do not have connectivity in WSL 2, you can switch your WSL version to WSL 1 for setup and back to WSL 2 once done. Alternatively, you can refer to this post to setup wsl-vpnkit
from the Windows side.
This will download and extract vpnkit.exe
and vpnkit-tap-vsockd
from the Docker Desktop for Windows installer. Alternatively, build vpnkit.exe
and vpnkit-tap-vsockd
from VPNKit.
sudo apt install p7zip-full
wget https://desktop.docker.com/win/stable/Docker%20Desktop%20Installer.exe
7z e Docker\ Desktop\ Installer.exe resources/vpnkit.exe resources/wsl/docker-for-wsl.iso
7z e docker-for-wsl.iso containers/services/vpnkit-tap-vsockd/lower/sbin/vpnkit-tap-vsockd
rm Docker\ Desktop\ Installer.exe docker-for-wsl.iso
mkdir -p /mnt/c/bin
mv vpnkit.exe /mnt/c/bin/wsl-vpnkit.exe
chmod +x vpnkit-tap-vsockd
sudo chown root:root vpnkit-tap-vsockd
sudo mv vpnkit-tap-vsockd /usr/local/sbin/vpnkit-tap-vsockd
Download from npiperelay.
wget https://github.com/albertony/npiperelay/releases/latest/download/npiperelay_windows_amd64.zip
7z e npiperelay_windows_amd64.zip npiperelay.exe
rm npiperelay_windows_amd64.zip
mkdir -p /mnt/c/bin
mv npiperelay.exe /mnt/c/bin/
sudo apt install socat
Disable WSL from generating and overwriting /etc/resolv.conf
with the network options in wsl.conf
.
sudo tee /etc/wsl.conf <<EOL
[network]
generateResolvConf = false
EOL
Shutdown the WSL2 VM and reopen your shell for wsl.conf
to take effect.
wsl.exe --shutdown
Manually set DNS servers to use when not running wsl-vpnkit
. 1.1.1.1
is provided here as an example.
sudo tee /etc/resolv.conf <<EOL
nameserver 1.1.1.1
EOL
git clone https://github.com/sakai135/wsl-vpnkit.git
cd wsl-vpnkit/
sudo ./wsl-vpnkit
Keep this terminal open.
In some environments, explicitly pass the environment variable WSL_INTEROP
to sudo
.
sudo --preserve-env=WSL_INTEROP ./wsl-vpnkit
Services on the WSL 2 VM should be accessible from the Windows host using localhost
through the WSL networking integrations which can be configured by the localhostForwarding
option in .wslconfig
. Services on the Windows host should be accessible from WSL 2 using the IP from VPNKIT_HOST_IP
(192.168.67.2
).
This uses wsl.exe
and start-stop-daemon
to run wsl-vpnkit
in the background. A log file will be created at /var/log/wsl-vpnkit.log
with the output from wsl-vpnkit
.
sudo ./wsl-vpnkit.service start
This is an example setup to run wsl-vpnkit
as a service.
sudo ln -s $(pwd)/wsl-vpnkit.service /etc/init.d/wsl-vpnkit
This allows running the wsl-vpnkit
service without entering a password every time.
This step can be dangerous. Read Sudoers before doing this step.
sudo visudo -f /etc/sudoers.d/wsl-vpnkit
yourusername ALL=(ALL) NOPASSWD: /usr/sbin/service wsl-vpnkit *
Add the following to your .profile
or .bashrc
to start wsl-vpnkit
when you open your WSL terminal.
sudo service wsl-vpnkit start
If VS Code takes a long time to open your folder in WSL, enable the setting "Connect Through Localhost".
wsl.exe --shutdown
Stop-Process -Name wsl-vpnkit
ps aux | grep wsl-vpnkit
socat ... npiperelay.exe
wsl-vpnkit.exe
vpnkit-tap-vsockd
sudo VPNKIT_DEBUG=1 ./wsl-vpnkit