WSL2 Proxy Guide For Non-mirrored Network

NOTE: This guide is only for non-mirrored network. For mirrored network, see Microsoft Guide

With the default WSL2 distro setting, WSL2 will have a net interface within private network (, and you can check it with ifconfig). And the Windows Host also has a virtual net interface called vEthernet (WSL), which allows WSL2 to comunicate with it and other networks (, see the routetrack with tracepath or traceroute).

This private net can be used as a LAN proxy tunnel. What we do is just to get the Win host ip and set LAN proxy for WSL2.

Table of Contents

• BEFORE YOU START
• WSL SHELL ENV SETTINGS
• WINDOWS FIREWALL RULES
• UBUNTU SUDO ENV INHERITENCE

BEFORE YOU START

This guide assumes you are using clash as the proxy application. The example commands below use its default local port 7890; if your proxy listens on a different port, replace 7890 accordingly.

Turn on the Allow LAN of clash, the proxy will go through our WSL LAN.

WSL SHELL ENV SETTINGS

The Windows host DNS config is in /etc/resolv.conf (, a symlink to /mnt/wsl/resolv.conf), which is auto-generated by WSL, so we can get the host ip with shell script, and set the LAN proxy.

NOTE: If you close the generateResolvConf in /etc/wsl.conf, you should turn it on, or you cannot get the dynamically assigned host ip in the WSL private network.

Add this into the env config files like .bashrc

export hostip=$(cat /etc/resolv.conf |grep -oP '(?<=nameserver\ ).*')
export https_proxy="http://${hostip}:7890"
export http_proxy="http://${hostip}:7890"

Ref: https://zhuanlan.zhihu.com/p/153124468

or you can directly use the Win host’s domain name: "$(hostname).mshome.net"

export host_domain="$(hostname).mshome.net"
export https_proxy="http://${host_domain}:7890"
export http_proxy="http://${host_domain}:7890"

WINDOWS FIREWALL RULES

Update windows firewall and reset sockets using PowerShell.

New-NetFirewallRule -DisplayName "WSL" -Direction Inbound  -InterfaceAlias "vEthernet (WSL)"  -Action Allow
netsh winsock reset

NOTE: the firewall inbound-rules for clash-win64 should also be allowed (especially the public profile) to let inbound traffic goes to clash-win64!

注：windows防火墙的入站规则中，clash-win64 也需要设置为允许 （特别是公用网络）

Ref: https://halc.top/p/6088c65c

UBUNTU SUDO ENV INHERITENCE

By using sudo visudo, add those following lines into the config files,

Defaults  env_keep += "http_proxy"
Defaults  env_keep += "https_proxy"
Defaults  env_keep += "HTTP_PROXY"
Defaults  env_keep += "HTTPS_PROXY"

so that the sudo can inherit the current user’s http proxy settings.

---

<

Blog Archive

Archive of all previous blog posts

>

Next Post

A Guide to WSL Dokcer Installation