Uses VPNKit and npiperelay to provide network connectivity to the WSL 2 VM. This requires no settings changes or admin privileges on the Windows host.
The following steps will use WSL to setup wsl-vpnkit
. If you do not have connectivity in WSL 2, you can switch your WSL version to WSL 1 for setup and back to WSL 2 once done. Alternatively, you can refer to this post to setup wsl-vpnkit
from the Windows side.
This will download and extract vpnkit.exe
and vpnkit-tap-vsockd
from the Docker Desktop for Windows installer. Alternatively, build vpnkit.exe
and vpnkit-tap-vsockd
from VPNKit.
sudo apt install p7zip genisoimage
wget https://desktop.docker.com/win/stable/amd64/Docker%20Desktop%20Installer.exe
7zr e Docker\ Desktop\ Installer.exe resources/vpnkit.exe resources/wsl/docker-for-wsl.iso
mkdir -p /mnt/c/bin
mv vpnkit.exe /mnt/c/bin/wsl-vpnkit.exe
isoinfo -i docker-for-wsl.iso -R -x /containers/services/vpnkit-tap-vsockd/lower/sbin/vpnkit-tap-vsockd > ./vpnkit-tap-vsockd
chmod +x vpnkit-tap-vsockd
sudo mv vpnkit-tap-vsockd /sbin/vpnkit-tap-vsockd
sudo chown root:root /sbin/vpnkit-tap-vsockd
rm Docker\ Desktop\ Installer.exe docker-for-wsl.iso
Download from npiperelay.
sudo apt install unzip
wget https://github.com/jstarks/npiperelay/releases/download/v0.1.0/npiperelay_windows_amd64.zip
unzip npiperelay_windows_amd64.zip npiperelay.exe
rm npiperelay_windows_amd64.zip
mkdir -p /mnt/c/bin
mv npiperelay.exe /mnt/c/bin/
sudo apt install socat
Disable WSL from generating and overwriting /etc/resolv.conf
with the network options in wsl.conf
.
sudo tee /etc/wsl.conf <<EOL
[network]
generateResolvConf = false
EOL
Close all shells and wait for WSL to shutdown the distro and reopen your shell for the change to take effect. You may need to run wsl --shutdown
.
Manually set DNS servers to use when not running wsl-vpnkit
. 1.1.1.1
is provided here as an example.
sudo tee /etc/resolv.conf <<EOL
nameserver 1.1.1.1
EOL
git clone https://github.com/sakai135/wsl-vpnkit.git
cd wsl-vpnkit/
sudo ./wsl-vpnkit
Keep this terminal open.
In some environments, explicitly pass the environment variable WSL_INTEROP
to sudo
.
sudo --preserve-env=WSL_INTEROP ./wsl-vpnkit
Services on the WSL 2 VM should be accessible from the Windows host using localhost
through the WSL networking integrations which can be configured by the localhostForwarding
option in .wslconfig
. Services on the Windows host should be accessible from WSL 2 using the IP from VPNKIT_HOST_IP
(192.168.67.2
).
This uses wsl.exe
and start-stop-daemon
to run wsl-vpnkit
in the background. A log file will be created at /var/log/wsl-vpnkit.log
with the output from wsl-vpnkit
.
sudo ./wsl-vpnkit.service start
This is an example setup to run wsl-vpnkit
as a service.
sudo ln -s $(pwd)/wsl-vpnkit.service /etc/init.d/wsl-vpnkit
This allows running the wsl-vpnkit
service without entering a password every time.
This step can be dangerous. Read Sudoers before doing this step.
sudo visudo -f /etc/sudoers.d/wsl-vpnkit
yourusername ALL=(ALL) NOPASSWD: /usr/sbin/service wsl-vpnkit *
Add the following to your .profile
or .bashrc
to start wsl-vpnkit
when you open your WSL terminal.
sudo service wsl-vpnkit start
If VS Code takes a long time to open your folder in WSL, enable the setting "Connect Through Localhost".
wsl.exe --shutdown
Stop-Process -Name wsl-vpnkit
ps aux | grep wsl-vpnkit
socat ... npiperelay.exe
wsl-vpnkit.exe
vpnkit-tap-vsockd
sudo VPNKIT_DEBUG=1 ./wsl-vpnkit
This step is only necessary for using a HTTP proxy or exposing some service from the Windows host to the WSL 2 VM through VPNKit.
Set the variables VPNKIT_HTTP_CONFIG
and/or VPNKIT_GATEWAY_FORWARD_CONFIG
to the Windows host path to these configuration files. Example values are provided in ./wsl-vpnkit
for using the configuration generated by Docker Desktop. If using Docker Desktop's http_proxy.json
and gateway_forwards.json
, ensure that Docker Desktop is setup for WSL 2 integration and is running Docker.
http_proxy.json
points to any HTTP proxies that might be configured on the Windows host. See an example http_proxy.json
from VPNKit.
gateway_forwards.json
points to any services to forward to the WSL 2 VM. See an example gateway_forwards.json
from VPNKit.