Cisco Anyconnect bug on WSL2

wsl2 should be able to reach the internet, like “ping google.com” without any extra work.
This is true with vpn OpenConnect.
This is not true with vpn Anyconnect. wsl2 cannot reach the internet at all.

How Anyconnect v4.9 breaks it:
It adds a route for wsl2 with a low metric 2, lower than 5256, which causes vpn becomes the chosen route, and of course that will never work. As seen below.
c:> route.exe print Note: “172.17.228.192 255.255.255.240” is the wsl2 destination subnet.
172.17.228.192 255.255.255.240 On-link 172.17.228.193 5256
172.17.228.192 255.255.255.240 10.255.0.1 10.255.0.71 2
This problem is solved when I change the vpn route metric to 5500, higher than 5256, by doing so:
Control Panel – network – click the vpn – property – IPv4 – property, advanced – automatic metric: uncheck it and type in 5500.

Why OpenConnect 1.5.3 32bit causes no problem:
It doesn’t add a route for the wsl2 destination subnet, with vpn being the gateway.
So with route.exe print, I only see:
172.17.228.192 255.255.255.240 On-link 172.17.228.193 5256

Posted by Rio Wing on December 13, 2020

https://riowingwp.wordpress.com/2020/12/13/anyconnect-bug/