Is it possible to change the connection type in Windows 7? I have a OpenVPN connection which is identified as "unidentified network" and I do not want to apply certain rules to all unidentified networks in the firewall.
How does one conquer this?
Look at "TAP driver / identified vs unidentified networks" or "Vista and Windows Server 2008 - Unidentified network"
You have to add default gateway for OpenVPN network interface.
The way I found is adding route to target address 0.0.0.0 via network interface used OpenVPN.
In this example I have a computer with the physical interface with IP addres 10.20.20.20 in network 10.20.20.0/24 and the OpenVPN TAP interface with IP address 10.1.1.10/24 in network 10.1.1.0/24 (IP address of server on VPN network is 10.1.1.1).
1) Find out your network interfaces and information about current route to 0.0.0.0:
C:\>route print -4
===========================================================================
Interface List
15...00 ff 6c 3f 5b 0c ......TAP-Win32 Adapter V9
11...00 0e 0c d9 b5 c8 ......Intel(R) PRO/1000 GT Desktop Adapter
===========================================================================
IPv4 Route table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.20.20.1 10.20.20.20 10
10.20.20.0 255.255.255.0 On-link 10.20.20.20 266
...
At now we know that your OpenVPN network interface number is 15. Another important information is the metric of current route to 0.0.0.0. New route to 0.0.0.0 for OpenVPN network should have higher metric value than current to avoid redirecting whole network traffic to your OpenVPN connection instead of physical network (in case of two routes with the same routes, the route with lower metric will be chosen).
2) Add route to 0.0.0.0 via OpenVPN interface:
route -p add 0.0.0.0 mask 0.0.0.0 10.1.1.1 metric 50 if 15
This command adds route to 0.0.0.0 via interface 15 with metric at least 50 and gateway 10.1.1.1. Replace the gateway with your own (IP address of server on VPN network). And of course, replace the interface number with your own.
The -p argument adds route as permanent so it will be preserved after system reboot.
3) (Re)connect to VPN server and look into route table again:
C:\>route print -4
...
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.20.20.1 10.20.20.20 10
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.10 80
...
And network is now identified in Network and Sharing Center so the 'Set a location...' window should appear ;-)
I dont' know why the above solutions are so complicated, e.g. using
route add -p commands
or even adding to the OpenVPN server.conf file
route 0.0.0.0 vpn_subnet_mask default_gateway
The error could simply be solved by going to:
Control Panel\Network and Internet\Network Connections
(1)Right-click OpenVPN tun/tap interface and select Status > select Details > take note of the IPv4 DHCP Server entry. you would need to fill this in as the default gateway in (2).
(2)Right-click OpenVPN tun/tap interface and select Properties > open TCP/IPv4 properties > click Advanced. under default gateways, click add and type in exact same entry as used as DHCP server, metric 'automatic'. Now wait for the adapter to magically appear as private.
What you just did the exact same thing as the above two solutions - adding persistent routes - but this is even better - it survives restarts since it's configured in Windows. You can actually check in cmd by typing 'route print' and you'll see 1 entry added in the routing table, as well as 1 entry under persistent routes. If the metric of the new route is smaller than that of your physical adapter, redo (2) and change the metric from 'automatic' to a value higher than the physical adapter.
If your gateway (openvpn server IP) is static, adding it (2) does the job.
I think the absolutely simplest and best way to solve this is to do this:
route 0.0.0.0 0.0.0.0 vpn_gateway 50
(don't change vpn_gateway, it's an environment variable) and save.secpol.msc
go to 'Network List Manager Policies'This way you won't have to care about your VPN gateway IP, and also works with dynamic VPN gateways.
This works nicely with some VPN connections, but lets say the default gateway for your VPN constantly changes. That means, every time you reset the computer, you have to use the 'route add' command over and over again. That is unacceptable.
While researching an issue with VMware in windows 7, I came across a registry dword called *NdisDeviceType. What this does is, it tells windows not to try to identify a specific virtual network adapter. All you have to do is go in the registry and navigate to HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
.
Once there, look in the keys for a string called DriverDesc
with a value of 'Tap-win'. This is the key that deals with the virtual adapter that OpenVPN uses. Next create a dword called *NdisDeviceType and assign it a value of 1.
Finally restart your computer. Now you shouldn't see an unidentified network. Please remember to backup your registry before you attempt this modification. If you are using OpenVPN, and you don't feel comfortable doing this, you can download a script that will do this for you.
This works, but it is better if you take it one step further by changing the IP settings for the TAP adapter manually. Use ipconfig
to figure out the proper settings and use the gateway for the DNS server.
Update: Ignore this step - if you do it your IP address won't be masked. I don't know why that is but I have done everything I can think of to reverse it, but the only way is to undo what I did in this step and reboot the computer.
Update: A problem I have with this is that I configured Windows 7 to start the connection when I boot Windows. Sometimes when I reboot or shutdown the computer, the network would go back to unknown. The route would still be in the table. A workaround to this was to modify my configuration file for the VPN client I connect to. The command I added was:
#Dummy default gateway to work around Windows 'unidentified network'/'unknown network' (put a "#" in front of this)
route-metric 30
route 0.0.0.0 0.0.0.0 10.0.0.1.
Metric is retrieved by reading the route table that is displayed with:
route print -4
10.0.0.1 is the gateway that the VPN connects to. For example when I'm connected to the VPN, my route table looks something like this:
-------------------------------------------------------------------------
IPv4 Route Table
-------------------------------------------------------------------------
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 25
0.0.0.0 128.0.0.0 10.0.0.1 10.0.7.102 30
The first entry is the route to my router. The second one is the VPN Connection. Now when I modify the VPN connection file (vpn.ovpn in my case) I use the network destination and make the netmask 0.0.0.0, and use 10.0.0.1 as my gateway. I then note that the metric is set to 30 and set it to 30 in the config file.
If you have completed the addition of the default gateway (through commands or the Windows GUI), you may still need a way to indicate to Windows that you want apply the designation of Private or Domain to the network. Perhaps you accidentally labelled the network as Public already or for whatever reason never had the chance to choose with the "Set a location..." prompt. I ran into this scenario on Windows 10.
To set this via the Registry, navigate to the Network Profiles key, at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
. From here, the
Profiles
key contains a list of keys with GUIDs which correspond to all of the networks your computer has saved. You can look through these GUID keys and find your network by matching the ProfileName
value in the key. Once you find the correct network in the
Profiles
key, you want to alter the Category
value for the network key.
A value in the Category
value of 0
indicates a Public network. You can change this value to 1
to label the network as Private or 2
to designate the network as a Domain network. To apply this change, you may need to reinitialize the network connection.
All the solutions mentioned above are actually just workarounds but, every commodity / product has its own buyers as the say.
The simplest is to delete the unknown 0.0.0.0
route created and then everything should get back in place. Just run cmd.exe
(as admin) from your command line and then type route delete 0.0.0.0
That's it.
I don't think that registering junk routes and other garbage or just doing it vice versa and making an elephant out of the fly is the one of the greatest ideas... Good luck!
On my Windows 7 machine, the "Unidentified Network" was the symptom of the OpenVPN problem, not the cause. In my case, the fix is to start the OpenVPN client GUI using Administrator Privileges.
one thing that worked for me after trying some of the methods above with mixed success was going into the adapter settings for the TAP NordVPN Windows adapter V9 > Properties > Configure > Advanced > Non Admin Access > Not Allowed. Adapter disconnected as public and reconnected as private. I think this worked in conjunction with droidgren's solution.
The simplest way I have recently found is to change it through the elevated powershell. Run "Get-NetConnectionProfile" to list all the network connections, and then run "Set-NetConnectionProfile -InterfaceIndex -NetworkCategory Private"
There is so many answers, but using secpol.msc only trick like suggested by @droidgren is the best and safest way. Adding broken routes with high metrics as a workaround is really sick, even if it works
I tested on Windows 10 and latest OpenVPN Connect client. The dynamically assigned TAP network can properly be set to private and the setting is remembered later
Also, this far better than other threads suggesting to keep the VPN network as public and set the Open Wifi adapter to private to setup firewall rules blocking all non VPN internet traffic. Clearly, VPN adapter must be set to private and any open Wifi or unsecure adapter to public