Mcafee Endpoint Security and WSL2 DNS #8382
Replies: 2 comments
-
|
Hey @ruojiang-wang were you able to figure it out? I've got the same problem here. |
Beta Was this translation helpful? Give feedback.
-
|
Nearly same setup here: corporate laptop,
Once done, it may break some corporate security policies, because allowing incoming DNS, HTTP/S and other protocols will be laptop-wide. Your SecOps may be mad. (I'm not a McAfee expert, maybe there is a way to allow only local/virtual traffic) But it may be not OK yet, if you have a VPN, you may also face WSL -> Windows host traffic being captured by your VPN client. You will have to configure the VPN client to split the tunneling for local (WSL) traffic. But it's not easy since the Hyper-V subnet change all the time. Another solution (used by docker desktop with vpnkit) is to transport network packets into userland. WSL2 team should propose an option to use such implementation 😄 |
Beta Was this translation helpful? Give feedback.
-
Version
Microsoft Windows [Version 10.0.19042.1645]
WSL Version
Kernel Version
5.10.16
Distro Version
Ubuntu 20.04
Other Software
No response
Repro Steps
I have a company issued laptop, running windows 10. Installed WSL2 and Ubuntu. It has GlobalProtect VPN and McAfee Endpoint Security installed.
Before I connect thru VPN, I run Ubuntu. I cannot do any dns resolution. I setup wsl.conf and resolv.conf with 8.8.8.8.
It turns out it is an issue with McAfee.
https://kc.mcafee.com/corporate/index?page=content&id=KB94601
It says to create a custom firewall rule. How do you do that?
Expected Behavior
The expected behavior is that user should be able to do name resolution.
Actual Behavior
$ host google.com
;; connection timed out; no servers could be reached
$ ping www.google.com
ping: www.google.com: Temporary failure in name resolution
Diagnostic Logs
No response
Beta Was this translation helpful? Give feedback.
All reactions