wsl-vpnkit

Uses VPNKit and npiperelay to provide network connectivity to the WSL 2 VM. This requires no settings changes or admin privileges on the Windows host.

Setup

The following steps will use WSL to setup wsl-vpnkit. If you do not have connectivity in WSL 2, you can switch your WSL version to WSL 1 for setup and back to WSL 2 once done. Alternatively, you can refer to this post to setup wsl-vpnkit from the Windows side.

Install vpnkit.exe and vpnkit-tap-vsockd

This will download and extract vpnkit.exe and vpnkit-tap-vsockd from the Docker Desktop for Windows installer. Alternatively, build vpnkit.exe and vpnkit-tap-vsockd from VPNKit.

sudo apt install p7zip genisoimage

wget https://desktop.docker.com/win/stable/amd64/Docker%20Desktop%20Installer.exe
7zr e Docker\ Desktop\ Installer.exe resources/vpnkit.exe resources/wsl/docker-for-wsl.iso
mkdir -p /mnt/c/bin
mv vpnkit.exe /mnt/c/bin/wsl-vpnkit.exe
isoinfo -i docker-for-wsl.iso -R -x /containers/services/vpnkit-tap-vsockd/lower/sbin/vpnkit-tap-vsockd > ./vpnkit-tap-vsockd
chmod +x vpnkit-tap-vsockd
sudo mv vpnkit-tap-vsockd /sbin/vpnkit-tap-vsockd
sudo chown root:root /sbin/vpnkit-tap-vsockd
rm Docker\ Desktop\ Installer.exe docker-for-wsl.iso

Install npiperelay.exe

Download from npiperelay.

sudo apt install unzip

wget https://github.com/jstarks/npiperelay/releases/download/v0.1.0/npiperelay_windows_amd64.zip
unzip npiperelay_windows_amd64.zip npiperelay.exe
rm npiperelay_windows_amd64.zip
mkdir -p /mnt/c/bin
mv npiperelay.exe /mnt/c/bin/

Install socat

sudo apt install socat

Configure DNS for WSL

Disable WSL from generating and overwriting /etc/resolv.conf with the network options in wsl.conf.

sudo tee /etc/wsl.conf <<EOL
[network]
generateResolvConf = false
EOL

Close all shells and wait for WSL to shutdown the distro and reopen your shell for the change to take effect. You may need to run wsl --shutdown.

Manually set DNS servers to use when not running wsl-vpnkit. 1.1.1.1 is provided here as an example.

sudo tee /etc/resolv.conf <<EOL
nameserver 1.1.1.1
EOL

Clone wsl-vpnkit

git clone https://github.com/sakai135/wsl-vpnkit.git
cd wsl-vpnkit/

Run

sudo ./wsl-vpnkit

Keep this terminal open.

In some environments, explicitly pass the environment variable WSL_INTEROP to sudo.

sudo --preserve-env=WSL_INTEROP ./wsl-vpnkit

Services on the WSL 2 VM should be accessible from the Windows host using localhost through the WSL networking integrations which can be configured by the localhostForwarding option in .wslconfig. Services on the Windows host should be accessible from WSL 2 using the IP from VPNKIT_HOST_IP (192.168.67.2).

Run in the Background

This uses wsl.exe and start-stop-daemon to run wsl-vpnkit in the background. A log file will be created at /var/log/wsl-vpnkit.log with the output from wsl-vpnkit.

sudo ./wsl-vpnkit.service start

Run as a Service

This is an example setup to run wsl-vpnkit as a service.

Create Service

sudo ln -s $(pwd)/wsl-vpnkit.service /etc/init.d/wsl-vpnkit

Setup Sudoers

This allows running the wsl-vpnkit service without entering a password every time.

This step can be dangerous. Read Sudoers before doing this step.

sudo visudo -f /etc/sudoers.d/wsl-vpnkit

yourusername ALL=(ALL) NOPASSWD: /usr/sbin/service wsl-vpnkit *

Run Automatically

Add the following to your .profile or .bashrc to start wsl-vpnkit when you open your WSL terminal.

sudo service wsl-vpnkit start

Troubleshooting

Configure VS Code Remote WSL Extension

If VS Code takes a long time to open your folder in WSL, enable the setting "Connect Through Localhost".

Try shutting down WSL VM to reset

wsl.exe --shutdown

Stop-Process -Name wsl-vpnkit

Check for the required processes

ps aux | grep wsl-vpnkit

• socat ... npiperelay.exe
• wsl-vpnkit.exe
• vpnkit-tap-vsockd

Run VPNKit with Debug

sudo VPNKIT_DEBUG=1 ./wsl-vpnkit

Configure http_proxy.json and gateway_forwards.json

This step is only necessary for using a HTTP proxy or exposing some service from the Windows host to the WSL 2 VM through VPNKit.

Set the variables VPNKIT_HTTP_CONFIG and/or VPNKIT_GATEWAY_FORWARD_CONFIG to the Windows host path to these configuration files. Example values are provided in ./wsl-vpnkit for using the configuration generated by Docker Desktop. If using Docker Desktop's http_proxy.json and gateway_forwards.json, ensure that Docker Desktop is setup for WSL 2 integration and is running Docker.

http_proxy.json points to any HTTP proxies that might be configured on the Windows host. See an example http_proxy.json from VPNKit.

gateway_forwards.json points to any services to forward to the WSL 2 VM. See an example gateway_forwards.json from VPNKit.