networkingMode mirrored does not respect IPv6 privacy addresses

[heliosfa]

Windows Version

Microsoft Windows [Version 10.0.26100.3037]

WSL Version

2.3.26.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

5.15.167.4-microsoft-standard-WSL2

Distro Version

Debian 12

Other Software

No response

Repro Steps

Standard Debian (or Ubuntu or OpenSUSE Leap) install on WSL 2 install with networkingMode=mirrored set in %USERPROFILE%/.wslconfig and connected to a network with working IPv6 configured to use SLAAC and DHCPv6.

Expected Behavior

The WSL system should respect the host system's preference for using temporary privacy addresses as the source address for connections where the host system uses them. i.e. if the host has an interface-stable SLAAC-generated address, a DHCPv6-assigned address and a non-deprecated temporary privacy address, traffic should originate from the temporary privacy address. This is the behaviour of the host system and WSL 1.

Sanitised host IP configuration:

PS C:\Users\helios> ipconfig /all
Ethernet adapter 10G:

   Connection-specific DNS Suffix  . : example.com
   Description . . . . . . . . . . . : Marvell AQtion 10Gbit Network Adapter
   Physical Address. . . . . . . . . : 12-34-56-78-90-ab
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:db8::1234(Preferred)
   Lease Obtained. . . . . . . . . . : 07 February 2025 02:01:57
   Lease Expires . . . . . . . . . . : 10 February 2025 02:01:58
   IPv6 Address. . . . . . . . . . . : 2001:db8::2d56:9e0a:fe40:5678(Preferred)
   Temporary IPv6 Address. . . . . . : 2001:db8::5c7d:f5cc:e8fe:abcd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1234:5678:901b:cdef%2(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 07 February 2025 02:01:56
   Lease Expires . . . . . . . . . . : 10 February 2025 02:01:56
   Default Gateway . . . . . . . . . : fe80::9abe:94ff:fe5a:18c0%2
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
                                       2001:db8::1
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List : example.com

Sanitised WSL1 output:

helios@Debian:~$ ip a show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 group default qlen 1
    link/ether 12:34:56:78:90:ab
    inet 192.168.1.10/24 brd 192.168.1.255 scope global dynamic
       valid_lft 258382sec preferred 258382sec
    inet6 2001:db8::2d56:9e0a:fe40:5678/64 scope global dynamic
       valid_lft 86390sec preferred_lft 14390sec
    inet6 2001:db8::1234/128 scope global dynamic
       valid_lft 258383sec preferred_lft 161183sec
    inet6 2001:db8::5c7d:f5cc:e8fe:abcd/128 scope global dynamic
       valid_lft 86390sec preferred_lft 14390sec
    inet6 fe80::1234:5678:901b:cdef/64 scope link dynamic
       valid_lft forever preferred_lft forever
helios@Debian:~$ curl icanhazip.com
2001:db8::5c7d:f5cc:e8fe:abcd

Actual Behavior

Under WSL2, the system uses the DHCPv6 allocated address as the source address rather than the interface-stable privacy address or the temporary privacy address.

Sanitised WSL2 output:

helios@Debian:~$ ip a show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 12:34:56:78:90:ab brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 2001:db8::1234/128 scope global nodad noprefixroute
       valid_lft forever preferred_lft forever
    inet6 2001:db8::5c7d:f5cc:e8fe:abcd/128 scope global nodad noprefixroute
       valid_lft forever preferred_lft forever
    inet6 2001:db8::2d56:9e0a:fe40:5678/64 scope global nodad deprecated noprefixroute
       valid_lft forever preferred_lft 0sec
    inet6 fe80::1234:5678:901b:cdef/64 scope link nodad noprefixroute
       valid_lft forever preferred_lft forever
helios@Debian:~$ curl icanhazip.com
2001:db8::1234

This occurs in every distribution under WSL2.

Diagnostic Logs

No response

[github-actions]

Logs are required for review from WSL team

If this a feature request, please reply with '/feature'. If this is a question, reply with '/question'.
Otherwise please attach logs by following the instructions below, your issue will not be reviewed unless they are added. These logs will help us understand what is going on in your machine.

How to collect WSL logs

Download and execute collect-wsl-logs.ps1 in an administrative powershell prompt:

Invoke-WebRequest -UseBasicParsing "https://raw.githubusercontent.com/microsoft/WSL/master/diagnostics/collect-wsl-logs.ps1" -OutFile collect-wsl-logs.ps1
Set-ExecutionPolicy Bypass -Scope Process -Force
.\collect-wsl-logs.ps1

The script will output the path of the log file once done.

If this is a networking issue, please use collect-networking-logs.ps1, following the instructions here

Once completed please upload the output files to this Github issue.

Click here for more info on logging
If you choose to email these logs instead of attaching to the bug, please send them to [email protected] with the number of the github issue in the subject, and in the message a link to your comment in the github issue and reply with '/emailed-logs'.

View similar issues

Please view the issues below to see if they solve your problem, and if the issue describes your problem please consider closing this one and thumbs upping the other issue to help us prioritize it!

Open similar issues:

• IP route not working properly for multiple ip address in mirror mode (#12548), similarity score: 0.77
• Mirrored networking IPv6 localhost (and localhost addresses) and hostAddressLoopback (for assigned addresses) not working from host (WSL2) (#10803), similarity score: 0.73
• Mirrored mode - WSL chooses to mirror the disconnected host wifi adapter instead of the connected host ethernet adapter (#10884), similarity score: 0.73
• networkingMode=mirrored doesn't work as expected (#11090), similarity score: 0.73

Closed similar issues:

• WSL mirror mode not working (#12161), similarity score: 0.75

Note: You can give me feedback by thumbs upping or thumbs downing this comment.

[heliosfa]

WslNetworkingLogs-2025-02-07_02-52-34.zip

[github-actions]

Diagnostic information

.wslconfig found
Detected appx version: 2.3.26.0
optional-components.txt not found