Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Broken DNS behind VPN on windows #8156

Open
Nino-K opened this issue Jan 29, 2025 · 3 comments
Open

Broken DNS behind VPN on windows #8156

Nino-K opened this issue Jan 29, 2025 · 3 comments
Assignees
@Nino-K
Labels
area/networking kind/bug Something isn't working
Milestone
1.18

Comments

@Nino-K
Copy link
Member

Nino-K commented Jan 29, 2025

As previously reported (#8088, #8055, and #8058), the DNS lookup behind the VPN was broken in version 1.17. The root cause was an upgrade to gvisor-tap-vsock v0.8.1. As part of the fix, we have downgraded it to v0.7.5, which should resolve the issue in version 1.17.1.

Additionally, we should investigate the fix in the upstream gvisor-tap-vsock repository and consider contributing a pull request to address the issue.
@Nino-K Nino-K added area/networking kind/bug Something isn't working labels Jan 29, 2025
@Nino-K Nino-K added this to the 1.18 milestone Jan 29, 2025
@Nino-K Nino-K self-assigned this Jan 29, 2025
@Nino-K
Copy link
Member Author

Nino-K commented Jan 29, 2025

Submited the following issue in the upstream and they agreed to revert the PR that caused the issue in here: containers/gvisor-tap-vsock#467

@jankap
Copy link

jankap commented Feb 6, 2025
edited
Loading

Not sure if this is DNS related, but I can't pull any images when connected to the corporate VPN.

Commands done in WSL Ubuntu (not rancher-desktop WSL)

docker pull hello-world
Using default tag: latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp 44.208.254.194:443: i/o timeout

curl on the same machine works

curl https://registry-1.docker.io/v2/
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":null}]}

curl -v shows that the correct proxy, set via http(s)_proxy are used.

Since the domain is translated into the IP by rancher, this is not a DNS error, correct?

I'm on WSL2, v2.4.10.0, Win 11, rancher 1.17.1., using the new mirrored network mode

EDIT: Interesting, after restarting WSL and Rancher Desktop, after VPN connection, I get now a

docker pull hello-world
Using default tag: latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": EOF

Maybe it's DNS related.

Logging into rancher-desktop distribution:

docker -d rancher-desktop

ping www.google.de
ping: bad address 'www.google.de'

ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=115 time=22.046 ms
64 bytes from 8.8.8.8: seq=1 ttl=115 time=29.356 ms
64 bytes from 8.8.8.8: seq=2 ttl=115 time=38.626 ms

cat /etc/resolv.conf
nameserver 192.168.127.1

ping 192.168.127.1
PING 192.168.127.1 (192.168.127.1): 56 data bytes
<timeout>

So what is 192.168.127.1?

@Qenupve
Copy link

Qenupve commented Feb 7, 2025

So what is 192.168.127.1?

That looks to be the gateway IP hard coded in gvisor-tap-vsock

@jankap have you checked the Rancher Desktop WSL Proxy settings? Someone noted that it was causing them issues in 1.17.1 #8055 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Nino-K Nino-K

Labels
area/networking kind/bug Something isn't working
Projects
None yet
Milestone
1.18
Development

No branches or pull requests
3 participants
@Nino-K @jankap @Qenupve