Issue when setupping the WSL-VPNKit
IllanRULDACUNHA opened this issue · 16 comments
Hello,
Some users of my company have a strange issue when setupping the WSL-VPNKit. They get this error message, thus can't install the tool:
Invoke-WebRequest : Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
At line:1 char:1
+ Invoke-WebRequest -Uri "https://github.com/AmmarRahman/wsl-vpn/releas ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], IOException
+ FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
We managed to workaround the issue by downloading the binaries and modifying the script to use the binaries locally instead of downloading them, but it's filthy and hard to document for new users. So do you have any idea of how to solve this issue cleanly?
Thank you much for your help. Good day!
That is odd... I'm glad you got it working at least. Do you use a proxy server for https traffic by any chance?
Hello Andy,
Indeed, we managed to make it work but it's kind of filthy. ^^
We indeed use a HTTPS proxy in our company to exit the intranet. What is troubling me is that the setup worked perfectly for everyone since almost 2 years, and now for three users at the time of this message, it doesn't anymore.
That is indeed perplexing, as we are just using one of the (many) standard Powershell download commands.
Now that windows comes standard with curl, I wonder if that works.
If I understand correctly, on the trouble machines, this should fail (in powershell):
Invoke-WebRequest -Uri "https://github.com/AmmarRahman/wsl-vpn/releases/latest/download/wslbin.tar.gz"
Does the following work?
C:\windows\system32\curl -L "https://github.com/AmmarRahman/wsl-vpn/releases/latest/download/wslbin.tar.gz" -o nul
The Invoke-WebRequest command works in PowerShell. But when it is launched by the setup.sh script, it does not.
For the curl command, we get this error:
Invoke-WebRequest : A parameter cannot be found that matches parameter name 'L'. At line:1 char:6
Ok, that tells a very interesting story. (Let's not worry about the curl error. Powershell is being dumb there and it doesn't matter.) New theory: there are environment variables that are set in the test you just ran now that are different from when it is called from wsl. If that is the case, this should fail:
From WSL:
powershell.exe -NoProfile -Command 'Invoke-WebRequest -Uri "https://github.com/AmmarRahman/wsl-vpn/releases/latest/download/wslbin.tar.gz"'
I suspect that will fail just like the script, because proxy environment variables may not be set in WSL???
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-7.3#notes mentions HTTPS_PROXY and ALL_PROXY, are either of these set in powershell?
Does exporting them in WSL make things happy?
Unfortunately, the user of mine which has the issue with the setup.sh did not have any issue with this command. :/
Hmmm. What about:
sudo powershell.exe -NoProfile -Command 'Invoke-WebRequest -Uri "https://github.com/AmmarRahman/wsl-vpn/releases/latest/download/wslbin.tar.gz"'
Just occurred to me, we're running that powershell command in setup.sh using the sudo root environment, not normal user. So that totally has a chance to have different environment variables
With the sudo, it doesn't work on my user's computer. Without it, it works.
I think there is a story of environment variables depending on which OS you use (sudo => Linux, no sudo => Windows), but I'm kind of lost. :(
TL;DR
Please post the output from the diff in section 1 and the wsl.exe test in section 2. Mask out any values you don't want to share, the PROXY values shouldn't be important
I'm hoping the PROXY variables show up for you and are indeed the cause and fix
I'm not 100% sure what is going on here either.
- This should tell us of there is something different between the environments:
sudo printf '' # You need to unlock sudo for a few minutes so the next command works
diff <(/mnt/c/windows/system32/WindowsPowerShell/v1.0/powershell.exe Get-ChildItem env:) <(sudo /mnt/c/windows/system32/WindowsPowerShell/v1.0/powershell.exe Get-ChildItem env:)E.g. In my case, all I get is:
54d53
< WSLENV WT_SESSION::WT_PROFILE_ID
WSLENV seems interesting... Which, I had never heard of until today. Let's see...
WSLENV is a colon-delimited list of environment variables that should be included when launching WSL processes from Win32 or Win32 processes from WSL
And, it looks like sudo looses that (which in my opinion means the WSL base images are broken, as the sudoers files should be programmed to handle this, but it's happening on both my Fedora Remix and Ubuntu WSLs 🤷♂️). So if we can verify it's one of those *_PROXY variables, I can try an idea.
- So I can formulate a fix, I'm hoping this correctly shows your PROXY variables:
sudo /mnt/c/Windows/system32/wsl.exe bash -c 'declare -p $(compgen -A export | \grep _PROXY$)'Where $(compgen -A export | \grep _PROXY$) should find all variables ending in _PROXY. (or list them all if none match that pattern). I'm hoping whatever magic populates the environment variables you need can be recovered using this workaround.
My user gets this with the diff:
53d52< WSLENV WT_SESSION::WT_PROFILE_ID
My user and I tested the "declare" command and it showed all our env variables, but no PROXY variable.
Strangely, if we do a env | grep -i "proxy", some proxy variables are displayed.
Oh that's right, that can be upper or lower case. So does this mean the sudo command can reacquire these values?
sudo /mnt/c/Windows/system32/wsl.exe bash -c 'declare -p $(compgen -A export | \grep -i _proxy$)'
@IllanRULDACUNHA I think I have a fix for you. Would it be at all possible for you to test it out? https://github.com/andyneff/wsl-vpn/tree/issue_16_proxy_support
# E.g.
git clone -b issue_16_proxy_support https://github.com/andyneff/wsl-vpn.git
You should be able to run unsetup and then setup again to see if this fixes the root proxy problem.
Hello Andy,
Thank you for the fix.
Unfortunately, it didn't change anything. :(
~/wsl-vpn-issue_16_proxy_support > sudo ./wsl-vpnkit-setup.sh --no-docker 10:16:02
[sudo] password for XXXX:
Invoke-WebRequest : Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
At line:1 char:1
- Invoke-WebRequest -Uri "https://github.com/AmmarRahman/wsl-vpn/releas ...
-
+ CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], IOException
+ FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand ~/wsl-vpn-issue_16_proxy_support >
Hmmm... I guess that didn't work because I didn't set WSLENV, but it wasn't set for those variables before either... I'm actually not sure why it breaks the way it does still.
If you go back to the main branch, do either of these work?
sudo -E ./wsl-vpnkit-setup.sh --no-docker
WSLENV="${WSLENV}::http_proxy::https_proxy" sudo -E ./wsl-vpnkit-setup.sh --no-dockerHello Andy,
The user gets the same error with both commands.
~/wsl-vpn main !2 ?1 > sudo -E ./wsl-vpnkit-setup.sh --no-docker 10:11:17
[sudo] password for XXXX:
Invoke-WebRequest : Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
At line:1 char:1
+ Invoke-WebRequest -UseBasicParsing -Uri 'https://github.com/AmmarRahm ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], IOException
+ FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand ~/wsl-vpn main !2 ?1 >
~/wsl-vpn main !2 ?1 > WSLENV="${WSLENV}::http_proxy::https_proxy" sudo -E ./wsl-vpnkit-setup.sh --no-docker 43s 10:12:36
Invoke-WebRequest : Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
At line:1 char:1
+ Invoke-WebRequest -UseBasicParsing -Uri 'https://github.com/AmmarRahm ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-WebRequest], IOException
+ FullyQualifiedErrorId : System.IO.IOException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand ~/wsl-vpn main !2 ?1 >