Score:2

Can't connect to server over HTTPS in WSL

ru flag
Joe

I'm trying to use a command line tool for a scheduler we have installed at my company, and decided to install it in my WSL ubuntu installation. However, I can't seem to connect to the server...

curl "[server]" --verbose 
*  Trying [server:443]...
*TCP_NODELAY set
*connect to [server] port 443 failed: Connection timed out

I would assume something is up with either the server's firewall or my Windows firewall... except:

  • I can run the exact same curl command from CMD in windows (on the same machine) and connect
  • I can run the same curl command from WSL to any common secure website (say, https://google.com) and it connects

I also figured it could be certificate related, but it doesn't seem like I get to the certificate part of the connection (and again, works fine from Windows, and I didn't do anything special there). I've tried the server's IP in case it was DNS-related, as well. Ping works fine, and I verified port 443 is correct.

Is there an Ubuntu firewall in WSL that I need to separately deal with, which could be allowing traffic to some sites and not to others? Other similar issues seem like when they're firewall related, ping doesn't work either and/or they have the same issues on Windows as WSL/Ubuntu.

I'm on Windows 10 (version 1909) and WSL 2 (Ubuntu 20.04.3 LTS/focal). I'm on a (Corporate) VPN.

ru flag
Joe
Hmm, I don't have the ability to upgrade Windows (corp managed laptop, they're in charge of that). Might be able to update Ubuntu, though, WSL is something I installed. Will see.
ru flag
Joe
Updated to 20.04.3, the current LTS release; still having the issue.
ru flag
Joe
I suppose, but I'm asking - what? I have talked to others in IT (I am also in IT) and nobody here has any specific suspicions, given I can connect to the site from my laptop in Windows - hence my question about whether Ubuntu itself is doing anything.
NotTheDr01ds avatar
vn flag
@Joe Provided an answer already (could be right, could be a red herring), but curious what `nc -zv <server> 443` shows from WSL/Ubuntu. To answer part of your question, no there is no firewall in WSL/Ubuntu that would be getting in the way.
NotTheDr01ds avatar
vn flag
@Joe Deleted my answer, since it just because obvious to me as I read the last line of your question. It's the VPN -- It doesn't extend to WSL, most likely. Can you access *any* internal corporate sites from WSL?
ru flag
Joe
@NotTheDr01ds Hmm, good question.
Score:2
vn flag

I'm suspecting the VPN doesn't extend to WSL2. This is a common problem. For most people, all traffic is routed through the VPN, which causes all networking from within WSL2 to break when the VPN is active.

It sounds like only internal traffic may be routed over your VPN. I seem to recall this is a normal configuration for AnyConnect, and likely some others as well.

The simplest solution, if it works for you, is to run a WSL1 instance. WSL1 operates on the same NIC as Windows, whereas WSL2 is on a vNIC that is NAT'd behind the Windows host.

You can always just run the WSL1 instance when you need to work with this scheduling tool, and continue to use WSL2 if you need it for other use-cases.

To clone your existing WSL2 to WSL1, create a directory where you want it to be installed, and:

wsl --export Ubuntu backup.tar
wsl --import Ubuntu_WSL1 <directoryName> backup.tar --version 1

You'll need to set the default user for the new instance as well using /etc/wsl.conf. See this answer (Method 1 preferably) for details.

ru flag
Joe
Exactly right - worked perfectly!
NotTheDr01ds avatar
vn flag
Excellent! I'm horrible about skipping those last few words when reading a question. Sometimes they are the most important part! :-)
ru flag
Joe
Glad I thought to include them at the end!
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.