Update Nov. 2020: the latest comments on WSL2 4253 point out to:
set MTU to 1350 (same as VPN interface):
sudo ifconfig eth0 mtu 1350
# or
ip link set dev eth0 mtu 1350
Check your MTU:
PS C:\> netsh interface ipv4 show subinterface
MTU MediaSenseState Bytes In Bytes Out Interface
------ --------------- --------- --------- -------------
4294967295 1 0 117945 Loopback Pseudo-Interface 1
1500 1 879583365 308029141 Wi-Fi
...
1500 1 3616963 2778319 vEthernet (WSL)
vs.
➜ ip addr | grep mtu
5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
A Windows 10 build 20231 might be needed to ensure issue 5821 "WSL vEthernet adapter shows up as disconnected" is fixed.
B. Agustín Amenábar Larraín explains:
Until this issue I never had heard of MTU, and it was hard for me to believe that was the cause, well it is.
- I'm having isues when my Pulse Secure VPN is connected and I'm trying to connect to the internal self-hosted Gitlab.
- SSH traffic to the regular internet is fine.
- I'm using WSL2 Ubuntu 20.04, if I drop it to WSL1, all works as expected (Same for Debian).
Try upgrading your drivers first, that thidn't work for me.
First open a PowerShell prompt and type:
netsh interface ipv4 show subinterface
You will get an output like the following:
MTU MediaSenseState Bytes In Bytes Out Interface
------ --------------- --------- --------- -------------
4294967295 1 0 5974969 Loopback Pseudo-Interface 1
1500 1 2678641808 213293706 Wi-Fi
1500 5 0 0 Local Area Connection* 1
1500 5 0 0 Local Area Connection* 2
1500 1 0 529702 vEthernet (Default Switch)
1300 1 2106 509236 vEthernet (WSL)
1200 1 553027168 20290571 Local Area Connection* 13
1500 1 0 22759124 VirtualBox Host-Only Network #3
1500 5 0 0 Bluetooth Network Connection 4
The key is in the Local Area Connection 13 MTU* (The name and value can change from machine to machine), that is the VPN interface. In my case it's 1200 which is why
set MTU to 1350 (same as VPN interface):
sudo ifconfig eth0 mtu 1350
didn't work for me... and I didn't know how to get the VPN Interface MTU.
(I also hated to install ifconfig
which is deprecated in favor of ip
).
Now that we know, you can change the VPN MTU from Windows it in a PowerShell with Elevated Privileges,
netsh interface ipv4 set subinterface "Local Area Connection* 13" mtu=1400 store=persistent
If you want to skip the next step, you can set it to 1500, but you are leaving no room for the VPN to wrap the packets, for example I have had trouble with Github because of setting it to 1500.
Then, inside your WSL2 distro, you can check your current MTU values with:
❯ ip addr | grep mtu
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default qlen 1000
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
We care about eth0 (the virtual ethernet connection to Windows), you have to set a matching MTU to where you left it in the previous step.
sudo ip link set eth0 mtu 1400
Sadly both settings get resetted every time you start a new VPN session, or restart the WSL2, or even switch from WLAN to LAN.
Leonardo Oliveira adds:
Your solution to the problem was similar to mine, however I changed the Ethernet MTU inside on my WSL2 to the same numbering I saw in windows power shell (Ethernet WSL), and that way it worked for me.