This configuration requires WSL 2.0.5+ in combination with Windows 11 23H2.
- Enables
mirrorednetworking-mode, DNS tunneling and Hyper-V firewall support - Sets automatic memory reclamation to
gradual - Enables sparse VHDXs for new WSL2-instances
- In case of an existing WLS-instance:
wsl --manage <distro> --set-sparse true
- In case of an existing WLS-instance:
- Adds the
kernelCommandLinerequired for AppArmor to work- Based on
microsoft/WSL#8709;
see also
📄 etc/fstabon the Linux-side
- Based on
microsoft/WSL#8709;
see also
For more details on these options, see: https://devblogs.microsoft.com/commandline/windows-subsystem-for-linux-september-2023-update/.
Without Hyper-V firewall support (the only option available pre-2.0.0), the
SharedAccess-service on the Windows-side needs to be allowed through
Simplewall for WSL2 to have
(unrestricted) network access. The (post-2.0.0) firewall support offers a
far superior solution which doesn't require this blanket exception.
Enabling mirrored networking-mode will cause ports to be shared between
Windows and WSL2 which might cause issues with certain services (e.g. sshd).
Disable either one, or move one to a different port – optionally use
experimental.ignoredPorts
to exclude the port on the WSL2-side (making that service only available inside
WSL2 itself).
With regards to sshd, it's probably wisest to disable/remove the service
altogether on WSL2 as I never use it there anyway... I do have the OpenSSH SSH
Service enabled on the Windows-side so I can
ProxyJump through it to workaround some
OpenVPN-related issues in WSL2.
After enabling the sparse VHDX functionality, the reported Size of the
VHDX-file in Windows doesn't change. Instead, look at Size on disk (in the
"Properties"-tab) to see the actual impact. Sparse VHDX appears to be
implemented as part of SSD trim, so it won't work if the disk image is stored on
a mechanical drive...
On the Linux-side, you might need to trim the drive and/or enable trim-support to actually release unused disk space:
sudo fstrim -v /On Ubuntu 22.04, the weekly timer running trim (fstrim.timer) is disabled when
running inside an container (ie, WSL2). To enable it for WSL2, run
sudo systemctl edit fstrim.timer and add the following override:
[Unit]
ConditionVirtualization=
ConditionVirtualization=wsl
WSLg automatically creates application shortcuts in Windows' Start Menu based
upon .desktop-files. By default, it looks for these files in system-wide
locations (e.g. /usr/share/applications, and
/var/lib/snapd/desktop/applications for snaps).
The updated
WSLg configuration
makes it also look in ~/.local/share/applications/. Files there get priority
over the system-wide definitions.
To modify to a .desktop-entry, copy it into the user-specific location and
make changes there. To stop WSLg from creating a shortcut, add NoDisplay=true
to the file in question.
Changes (appear) to be picked up almost immediately by WSLg/Windows...
Install OpenSSH for Windows32:
winget install Microsoft.OpenSSH.BetaSubsequently copy 📄 ~/.ssh/config and 📄 .ssh/id_rsa_yubikey.pub from
Ubuntu into Windows' 📂 %USERPROFILE%\.ssh folder – alternatively, use the
Windows-specific copy of the SSH configuration kept in OneDrive.
See 📄 yubikey/README.md for more
details.
To workaround some
OpenVPN-related issues in WSL2,
use ProxyJump to jump through localhost (ie, the OpenSSH server running on
Windows) to a target machine inside the OpenVPN accessible network:
ssh -J localhost [target-machine]For this to work, ensure your SSH-key is added to
📄 %PROGRAMDATA%\ssh\administrators_authorized_keys – as that is where
Windows' OpenSSH server looks for them... See https://superuser.com/a/1651276
for more details.
By default, WSL2's VHDX-files are stored somewhere in %APPDATA%. To move them
(to another drive), do something along the lines of:
wsl --shutdown
wsl --export Ubuntu D:\Temp\ubuntu.vhdx --vhd
wsl --unregister Ubuntu
wsl --import Ubuntu D:\wslStore\Ubuntu D:\Temp\ubuntu.vhdx --version 2 --vhd❗ N.B. First update 📄 /etc/wsl.conf as
otherwise the default user gets lost (and Ubuntu will use root instead).