Introduction
This article is guide to using vpn from inside wsl2. The host windows maybe not on VPN. This can be useful sometimes when you are testing networking codes etc. For this article I am using mullvad VPN as I think its the best of the VPNs i have tried so far and the prices are reasonable.
Setup Mullvad VPN
I will be using the openVPN version of the mullvad installer. First create an account in mullvad and pay the fee. Then go to your account page and configure the openvpn setting as shown in the screenshot below and download the zip file.
The do the following steps as detailed in the mullvad OpenVPN installation on Linux page.
1
2
3
4
5
6
7
8
9
10
11
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install unzip
sudo apt-get install openvpn
unzip xxxx_xx.zip (replace xxxx_xx.zip with the name of the file you downloaded from the mullvad configurator for example mine was mullvad_config_linux_gb_lon.zip).
sudo cp ./mullvad_config_linux_gb_lon/* /etc/openvpn/
sudo openvpn --config ./mullvad_config_linux_gb_lon/mullvad_gb_lon.conf
sudo service openvpn start
To check whether you are indeed connected to mullvad vpn run the following and see an expected result
1
2
3
4
$ curl https://am.i.mullvad.net/connected
You are connected to Mullvad (server gb-lon-ovpn-302). Your IP address is xxx.xxx.xxx.xxx
To check if openvpn service is running correctly without errors run the following. It should show as active.
1
sudo systemctl status openvpn@mullvad_gb_lon.service
Plug DNS leaks
Unfortunately the story isn’t complete yet. if you fireup firefox from within WSL and go to the mullvad check website it will probably show that you are conected to mullvad but your DNS is the non-mullvad DNS. To resolve this do the following (mullvad link)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
sudo systemctl enable systemd-resolved
sudo vim /etc/systemd/resolved.conf
# Select a DNS option in the resolved.conf by removing the # in front of the one you want to use:
DNS=194.242.2.2 #dns.mullvad.net
DNSSEC=no
DNSOverTLS=yes
Domains=~.
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolved
resolvectl status
By default WSL re-writes the resolved configs so we have to disable that in wsl.
1
2
3
4
5
6
7
sudo vim /etc/wsl.conf
and add these lines at the end of the file
[network]
generateResolvConf = false
go to windows command line and execute the following
1
wsl --shutdown
Run ubuntu wsl again, and check status of resolved daemon using the following:
1
2
3
4
5
6
7
8
9
10
resolvectl status
``
If there is an error you may have to run the following command again.
``bash
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolved
resolvectl status
How to check everything is fine
go to the mullvad check status page using firefox from within wsl and see its results. All should be green with no leaks etc.
Check status from bash
Checking whether there is DNS leak or mullvad is working is not ideal. However, there is a tool which lets you check whether there is a DNS leak in github call dnsleaktest.
1
2
3
4
5
6
curl https://raw.githubusercontent.com/macvk/dnsleaktest/master/dnsleaktest.sh -o dnsleaktest.sh
chmod +x dnsleaktest.sh
./dnsleaktest.sh
curl https://am.i.mullvad.net/connected
This will show if you are leaking dns AND if you are connected to the mullvad servers.
References
- https://mullvad.net/en
- https://mullvad.net/account/openvpn-config?platform=linux
- https://mullvad.net/en/help/linux-openvpn-installation
- https://mullvad.net/en/check
- https://joemo.dev/posts/wsl-dns-resolution/
- https://mullvad.net/en/help/dns-over-https-and-dns-over-tls#linux
- https://github.com/macvk/dnsleaktest