WSL - 连接到 VPN 时 DNS 不工作

解决。

Ubuntu 子系统 (WSL) 在打开或关闭 VPN 时无法解析公司和非公司域。

固定的。

必须创建 /etc/wsl.conf 文件并添加一个条目以终止重新启动时自动生成的 resolv.conf 文件。将代码块添加到/etc/wsl.conf：

[network] 

generateResolvConf = false

然后以管理员身份打开 powershell 并运行命令来重新启动 ubuntu 子系统：

wsl --shutdown

现在，重新打开 ubuntu 子系统

按顺序使用这些命令：

cd /etc
ls

该目录应显示“resolv.conf”文件（这是一个符号链接）。该链接现在应该是红色的，表明该链接没有通向任何地方。删除resolv.conf链接并创建新的/etc/resolv.conf文件

在新的resolv.conf文件中，写入以下代码块

search    your.domain.com
nameserver    x.x.x.x
nameserver    x.x.x.x
nameserver    y.y.y.y

其中 X 是 Cisco Anyconnect VPN 适配器中配置的 DNS 地址。在网络设置中找到 Cisco VPN 适配器，右键单击 Cisco VPN 适配器并单击“属性”，现在突出显示 IPv4 并单击“属性”。然后记下首选 DNS 和备用 DNS 并将其复制到 resolv.conf 文件中。

Y 是您的普通 IPv4 DNS 地址

现在再次从 Powershell 重新启动子系统。注意：如果这不起作用，则意味着 resolv.conf 文件再次被子系统吹走。为了使其工作，系统必须读取 wsl.conf 文件。如果未读取，请尝试重新安装子系统或升级到 20.04。

请参阅此处根据与 IPv6 DNS 服务器观察到的冲突提出的解决方法：

https://github.com/microsoft/WSL/issues/1350#issuecomment-742454940

请注意一个重要事实和解决方法：

/etc/resolv.conf当另一个网络适配器正在使用时，不会添加来自 VPN 连接的 DNS 服务器IPv6 DNS 服务器，这似乎会导致某种冲突（额外的 IPv4 DNS 服务器被丢弃）。

检查使用 IPv6 DNS 服务器的适配器：

Get-DnsClientServerAddress -AddressFamily IPv6 | Where-Object ServerAddresses -NE "{}" | Select-Object -ExpandProperty InterfaceAlias

获取其相关的适配器绑定

Get-NetAdapterBinding -ComponentID ms_tcpip6 | Where-Object Name -In (Get-DnsClientServerAddress -AddressFamily IPv6 | Where-Object ServerAddresses -NE "{}" | Select-Object -ExpandProperty InterfaceAlias)

使用 Powershell 为每个适配器绑定（或直接为所有适配器）禁用 IPv6具有管理员权限：

Disable-NetAdapterBinding -Name "Wi-Fi" -ComponentID ms_tcpip6 -PassThru
Disable-NetAdapterBinding -Name "Network Bridge" -ComponentID ms_tcpip6 -PassThru
...
Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6 -PassThru

或者，简单地在以太网/wifi 适配器上禁用 IPv6使用 Windows 用户界面：

现在，启用 VPN 连接时可以正确添加名称服务器，禁用 VPN 时可以正确删除名称服务器。

连接 VPN 后：

$ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 192.168.1.1
nameserver xx.xx.xx.x1 # obfuscated company dns
nameserver xx.xx.xx.x2 # obfuscated company dns
search home

VPN 断开连接时：

$ cat /etc/resolv.conf
# This file was automatically generated by WSL. To stop automatic generation of this file, add the following entry to /etc/wsl.conf:
# [network]
# generateResolvConf = false
nameserver 192.168.1.1
search home

过去几天我遇到了这个问题，这让我发疯。对于我的口味来说，周围的解决方案都太老套了。我创建了一个非常简单的wsl-resolv-handler.ps1（请参阅本消息后面的脚本块），它可以根据 InterfaceMetric 自动设置正确的名称服务器顺序，创建正确的搜索行。

基本上，您可以为 VPN 接口设置较低（==较高优先级）的 InterfaceMetric，如下所示（以管理员身份启动 powershell）：

 # Get a list of interfaces, Note the InterfaceIndex and InterfaceMetric for your VPN adapter
> Get-NetIpInterface
# For example, if your VPN adapter has InterfaceIndex 12, we're setting
# the InterfaceMetric to 10, making sure 10 is lower than whatever your
# WiFi or Ethernet adapter has
> Set-NetIPInterface -InterfaceIndex 12 -InterfaceMetric 10 

设置好接口指标后，您可以使用下面脚本块中的脚本。脚本的顶部包含如何使用的完整说明以及一些需要正确的设置（WslDistroName 和 ResolvConfFile）。

# Before attempting to run this script, review and/or follow the 
# following steps.
#
# 0. Make sure you can execute powershell scripts. Start Powershell as an
#    administrator and execute:
#
#      Set-ExecutionPolicy RemoteSigned

# 1. Make sure you disable wsl's broken resolv.conf handler.
#    Create /etc/wsl.conf with the following 2 lines (without the pound signs):
#
#      [network]
#      generateResolvConf = false
#
#    After that, make sure you issue a wsl.exe --shutdown.
#
# 2. Configure your WSL distro name in $WslDistroName below and make sure we're
#    pointing at your resolv.conf file in $ResolvConfFile. Also make sure we can write 
#    to the resolv.conf file. I had to set permissions pretty broadly at 666.
#
# 3. Schedule this script with Task Scheduler:
#
#      * Click Action –> Create Task…
#      * Give your task a name in the General tab
#      * Click on the Triggers tab and then click New…
#      * In the "Begin the task" menu, choose “On an event.” Then, choose:
#
#          Log: Microsoft-Windows-NetworkProfile/Operational
#          Source: NetworkProfile
#          Event ID: 10000
#
#      * Event ID 10000 is logged when you connect to a network. Add another
#        one when a disconnect would occur (Event ID 10001):
#
#          Log: Microsoft-Windows-NetworkProfile/Operational
#          Source: NetworkProfile
#          Event ID: 10001
#
#      * Go to the Conditions tab. Make sure it runs regardless of AC adapter
#        connected/disconnected, peruse the other options there.
#
#      * Go to the Actions tab. Add a run script action and then:
#
#          Program/script: powershell.exe
#          Arguments: -noprofile -file "c:\where\you\stored\wsl-resolv-handler.ps1"
#

$WslDistroName = "Debian"
$ResolvConfFile = [string]::Format("\\wsl$\{0}\etc\resolv.conf", $WslDistroName)

function Convert-To-UnixLineEndings($path) {
  $oldBytes = [io.file]::ReadAllBytes($path)
  if (!$oldBytes.Length) {
      return;
  }
  [byte[]]$newBytes = @()
  [byte[]]::Resize([ref]$newBytes, $oldBytes.Length)
  $newLength = 0
  for ($i = 0; $i -lt $oldBytes.Length - 1; $i++) {
      if (($oldBytes[$i] -eq [byte][char]"`r") -and ($oldBytes[$i + 1] -eq [byte][char]"`n")) {
          continue;
      }
      $newBytes[$newLength++] = $oldBytes[$i]
  }
  $newBytes[$newLength++] = $oldBytes[$oldBytes.Length - 1]
  [byte[]]::Resize([ref]$newBytes, $newLength)
  [io.file]::WriteAllBytes($path, $newBytes)
}

Function Pause ($message)
{
    # Check if running Powershell ISE
    if ($psISE)
    {
        Add-Type -AssemblyName System.Windows.Forms
        [System.Windows.Forms.MessageBox]::Show("$message")
    }
    else
    {
        Write-Host "$message" -ForegroundColor Yellow
        $x = $host.ui.RawUI.ReadKey("NoEcho,IncludeKeyDown")
    }
}

$NetworkInterfaces  = Get-NetIPInterface -AddressFamily IPv4 | Where-Object ConnectionState -EQ 'Connected' | Where-Object NlMtu -LT 9001
$DNSServerAddresses = Get-DnsClientServerAddress -AddressFamily IPv4
$DNSClients = Get-DnsClient

$Entries = $NetworkInterfaces | ForEach-Object {
  [PSCustomObject]@{
    'InterfaceAlias'      = $_.InterfaceAlias
    'InterfaceIndex'      = $_.InterfaceIndex
    'InterfaceMetric'     = $_.InterfaceMetric
    'DNSServerAddresses'  = ($DNSServerAddresses | Where-Object InterfaceIndex -EQ $_.InterfaceIndex | Where-Object AddressFamily -EQ 2).ServerAddresses
    'DNSSuffixes'  =  @(($DNSClients | Where-Object InterfaceIndex -EQ $_.InterfaceIndex).ConnectionSpecificSuffix) + @(($DNSClients).ConnectionSpecificSuffixSearchList | Out-Null)
  }
} | Sort-Object InterfaceMetric -Unique

$CommentLine = [string]::Format("# Generated by wsl-resolv-handler.ps1.")
Write-Output $CommentLine | Set-Content -Path $ResolvConfFile
$SearchLine = [string]::Format("search {0}", ($Entries.DNSSuffixes -join " "))
  Write-Output $SearchLine | Add-Content -Path $ResolvConfFile
$Entries | ForEach-Object {
  $_.DNSServerAddresses | ForEach-Object {
    $NameServerLine = [string]::Format("nameserver {0}", $_)
    Write-Output $NameServerLine | Add-Content -Path $ResolvConfFile
  }
}

Convert-To-UnixLineEndings $ResolvConfFile

Pause "Press any key to continue..."

将上述脚本保存为wsl-resolv-handler.ps1并按照注释中的说明进行操作。祝你好运 + 玩得开心（注意，这种方法应该适用于任何类型的 VPN 或网络拓扑更改，只要您正确配置它并在 Windows 任务管理器中正确设置任务，它就可以在没有手动愚蠢的情况下工作。您不需要提升权限才能运行它，只要脚本可以写入/etc/resolv.conf）！

注意：我还在此处发布了对此最相关的 github 问题的答案（有大量关于 wsl 的 resolv.conf 生成器损坏的 github 问题）：https://github.com/Microsoft/WSL/issues/2884#issuecomment-928299305

这对我有用，所以希望它能减轻其他人的挫败感。

创建/etc/wsl.conf

[network] 

generateResolvConf = false

删除或备份 /etc/resolv.conf

sudo rm -f /etc/resolv.conf

从命令提示符重新启动 wsl

wsl --shutdown

启动一个新的 bash 会话，DNS 解析应该与主机上完全一样。