2

I'm trying to use a command line tool for a scheduler we have installed at my company, and decided to install it in my WSL ubuntu installation. However, I can't seem to connect to the server...

curl "[server]" --verbose 
*  Trying [server:443]...
*TCP_NODELAY set
*connect to [server] port 443 failed: Connection timed out

I would assume something is up with either the server's firewall or my Windows firewall... except:

  • I can run the exact same curl command from CMD in windows (on the same machine) and connect
  • I can run the same curl command from WSL to any common secure website (say, https://google.com) and it connects

I also figured it could be certificate related, but it doesn't seem like I get to the certificate part of the connection (and again, works fine from Windows, and I didn't do anything special there). I've tried the server's IP in case it was DNS-related, as well. Ping works fine, and I verified port 443 is correct.

Is there an Ubuntu firewall in WSL that I need to separately deal with, which could be allowing traffic to some sites and not to others? Other similar issues seem like when they're firewall related, ping doesn't work either and/or they have the same issues on Windows as WSL/Ubuntu.

I'm on Windows 10 (version 1909) and WSL 2 (Ubuntu 20.04.3 LTS/focal). I'm on a (Corporate) VPN.

Joe
  • 123
  • 1
  • 6
  • Hmm, I don't have the ability to upgrade Windows (corp managed laptop, they're in charge of that). Might be able to update Ubuntu, though, WSL is something I installed. Will see. – Joe Oct 15 '21 at 18:42
  • Updated to 20.04.3, the current LTS release; still having the issue. – Joe Oct 15 '21 at 18:54
  • I suppose, but I'm asking - what? I have talked to others in IT (I am also in IT) and nobody here has any specific suspicions, given I can connect to the site from my laptop in Windows - hence my question about whether Ubuntu itself is doing anything. – Joe Oct 15 '21 at 19:46
  • @Joe Provided an answer already (could be right, could be a red herring), but curious what `nc -zv 443` shows from WSL/Ubuntu. To answer part of your question, no there is no firewall in WSL/Ubuntu that would be getting in the way. – NotTheDr01ds Oct 15 '21 at 20:05
  • @Joe Deleted my answer, since it just because obvious to me as I read the last line of your question. It's the VPN -- It doesn't extend to WSL, most likely. Can you access *any* internal corporate sites from WSL? – NotTheDr01ds Oct 15 '21 at 20:08
  • @NotTheDr01ds Hmm, good question. – Joe Oct 15 '21 at 20:47

1 Answers1

2

I'm suspecting the VPN doesn't extend to WSL2. This is a common problem. For most people, all traffic is routed through the VPN, which causes all networking from within WSL2 to break when the VPN is active.

It sounds like only internal traffic may be routed over your VPN. I seem to recall this is a normal configuration for AnyConnect, and likely some others as well.

The simplest solution, if it works for you, is to run a WSL1 instance. WSL1 operates on the same NIC as Windows, whereas WSL2 is on a vNIC that is NAT'd behind the Windows host.

You can always just run the WSL1 instance when you need to work with this scheduling tool, and continue to use WSL2 if you need it for other use-cases.

To clone your existing WSL2 to WSL1, create a directory where you want it to be installed, and:

wsl --export Ubuntu backup.tar
wsl --import Ubuntu_WSL1 <directoryName> backup.tar --version 1

You'll need to set the default user for the new instance as well using /etc/wsl.conf. See this answer (Method 1 preferably) for details.

NotTheDr01ds
  • 15,380
  • 6
  • 51
  • 79