24

Is it possible to change the connection type in Windows 7? I have a OpenVPN connection which is identified as "unidentified network" and I do not want to apply certain rules to all unidentified networks in the firewall.

How does one conquer this?

Improve this question

12 Answers 12

Reset to default
8

Look at "TAP driver / identified vs unidentified networks" or "Vista and Windows Server 2008 - Unidentified network"

Improve this answer
1
  • 1
    This did not allow me to set the location. It simply says Enabled instead of Unidentified Network. If you want to set a location type, see this answer.
    – jnm2
    Commented Jan 6, 2012 at 1:07
20

You have to add default gateway for OpenVPN network interface.

The way I found is adding route to target address 0.0.0.0 via network interface used OpenVPN.

In this example I have a computer with the physical interface with IP addres 10.20.20.20 in network 10.20.20.0/24 and the OpenVPN TAP interface with IP address 10.1.1.10/24 in network 10.1.1.0/24 (IP address of server on VPN network is 10.1.1.1).

1) Find out your network interfaces and information about current route to 0.0.0.0:

C:\>route print -4
===========================================================================
Interface List
 15...00 ff 6c 3f 5b 0c ......TAP-Win32 Adapter V9
 11...00 0e 0c d9 b5 c8 ......Intel(R) PRO/1000 GT Desktop Adapter
===========================================================================

IPv4 Route table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway        Interface Metric
          0.0.0.0          0.0.0.0       10.20.20.1      10.20.20.20     10
       10.20.20.0    255.255.255.0         On-link       10.20.20.20    266
...

At now we know that your OpenVPN network interface number is 15. Another important information is the metric of current route to 0.0.0.0. New route to 0.0.0.0 for OpenVPN network should have higher metric value than current to avoid redirecting whole network traffic to your OpenVPN connection instead of physical network (in case of two routes with the same routes, the route with lower metric will be chosen).

2) Add route to 0.0.0.0 via OpenVPN interface:

route -p add 0.0.0.0 mask 0.0.0.0 10.1.1.1 metric 50 if 15

This command adds route to 0.0.0.0 via interface 15 with metric at least 50 and gateway 10.1.1.1. Replace the gateway with your own (IP address of server on VPN network). And of course, replace the interface number with your own.

The -p argument adds route as permanent so it will be preserved after system reboot.

3) (Re)connect to VPN server and look into route table again:

C:\>route print -4
...
Active Routes:
Network Destination        Netmask          Gateway        Interface Metric
          0.0.0.0          0.0.0.0       10.20.20.1      10.20.20.20     10
          0.0.0.0          0.0.0.0         10.1.1.1        10.1.1.10     80
...

And network is now identified in Network and Sharing Center so the 'Set a location...' window should appear ;-)

Improve this answer
2
  • This is the correct answer.
    – jnm2
    Commented Jan 6, 2012 at 1:05
  • 3
    Be careful, keep your metric greater than your normal interface metrics! Otherwise you'll knock your host offline like I just did.
    – Linef4ult
    Commented Jun 29, 2015 at 0:01
12

I dont' know why the above solutions are so complicated, e.g. using 

route add -p commands

or even adding to the OpenVPN server.conf file

route 0.0.0.0 vpn_subnet_mask default_gateway

The error could simply be solved by going to: 

Control Panel\Network and Internet\Network Connections

(1)Right-click OpenVPN tun/tap interface and select Status > select Details > take note of the IPv4 DHCP Server entry. you would need to fill this in as the default gateway in (2).

(2)Right-click OpenVPN tun/tap interface and select Properties > open TCP/IPv4 properties > click Advanced. under default gateways, click add and type in exact same entry as used as DHCP server, metric 'automatic'. Now wait for the adapter to magically appear as private.

What you just did the exact same thing as the above two solutions - adding persistent routes - but this is even better - it survives restarts since it's configured in Windows. You can actually check in cmd by typing 'route print' and you'll see 1 entry added in the routing table, as well as 1 entry under persistent routes. If the metric of the new route is smaller than that of your physical adapter, redo (2) and change the metric from 'automatic' to a value higher than the physical adapter.

If your gateway (openvpn server IP) is static, adding it (2) does the job.

Improve this answer
8

I think the absolutely simplest and best way to solve this is to do this:

  1. Open your OpenVPN configuration file.
  2. Add this line: route 0.0.0.0 0.0.0.0 vpn_gateway 50 (don't change vpn_gateway, it's an environment variable) and save.
  3. Connect VPN
  4. If needed continue to step 5 and 6.
  5. Open run (Win+R) and type secpol.msc go to 'Network List Manager Policies'
  6. Right click on on your VPN network, and properties->Network location. Select Private Network.

This way you won't have to care about your VPN gateway IP, and also works with dynamic VPN gateways.

Improve this answer
1
  • 1
    You can also set the metric (50) higher on a split-tunnel VPN to fix this without breaking the split. 500 worked for me
    – computergeek125
    Commented May 21, 2018 at 7:02
5

This works nicely with some VPN connections, but lets say the default gateway for your VPN constantly changes. That means, every time you reset the computer, you have to use the 'route add' command over and over again. That is unacceptable.

While researching an issue with VMware in windows 7, I came across a registry dword called *NdisDeviceType. What this does is, it tells windows not to try to identify a specific virtual network adapter. All you have to do is go in the registry and navigate to HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}.

Once there, look in the keys for a string called DriverDesc with a value of 'Tap-win'. This is the key that deals with the virtual adapter that OpenVPN uses. Next create a dword called *NdisDeviceType and assign it a value of 1.

Finally restart your computer. Now you shouldn't see an unidentified network. Please remember to backup your registry before you attempt this modification. If you are using OpenVPN, and you don't feel comfortable doing this, you can download a script that will do this for you.

Improve this answer
2

This works, but it is better if you take it one step further by changing the IP settings for the TAP adapter manually. Use ipconfig to figure out the proper settings and use the gateway for the DNS server.

Update: Ignore this step - if you do it your IP address won't be masked. I don't know why that is but I have done everything I can think of to reverse it, but the only way is to undo what I did in this step and reboot the computer.

Update: A problem I have with this is that I configured Windows 7 to start the connection when I boot Windows. Sometimes when I reboot or shutdown the computer, the network would go back to unknown. The route would still be in the table. A workaround to this was to modify my configuration file for the VPN client I connect to. The command I added was:

#Dummy default gateway to work around Windows 'unidentified network'/'unknown network' (put a "#" in front of this)
route-metric 30
route 0.0.0.0 0.0.0.0 10.0.0.1.

Metric is retrieved by reading the route table that is displayed with:

route print -4

10.0.0.1 is the gateway that the VPN connects to. For example when I'm connected to the VPN, my route table looks something like this:

-------------------------------------------------------------------------
IPv4 Route Table
-------------------------------------------------------------------------
Active Routes:
Network Destination      Netmask        Gateway      Interface    Metric
          0.0.0.0        0.0.0.0    192.168.0.1  192.168.0.100        25
          0.0.0.0      128.0.0.0       10.0.0.1     10.0.7.102        30

The first entry is the route to my router. The second one is the VPN Connection. Now when I modify the VPN connection file (vpn.ovpn in my case) I use the network destination and make the netmask 0.0.0.0, and use 10.0.0.1 as my gateway. I then note that the metric is set to 30 and set it to 30 in the config file.

Improve this answer
2

If you have completed the addition of the default gateway (through commands or the Windows GUI), you may still need a way to indicate to Windows that you want apply the designation of Private or Domain to the network. Perhaps you accidentally labelled the network as Public already or for whatever reason never had the chance to choose with the "Set a location..." prompt. I ran into this scenario on Windows 10.

To set this via the Registry, navigate to the Network Profiles key, at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles. The Profiles key From here, the Profiles key contains a list of keys with GUIDs which correspond to all of the networks your computer has saved. You can look through these GUID keys and find your network by matching the ProfileName value in the key. The Profile ID key and ProfileName value Once you find the correct network in the Profiles key, you want to alter the Category value for the network key. The Category value in the Profile ID key

A value in the Category value of 0 indicates a Public network. You can change this value to 1 to label the network as Private or 2 to designate the network as a Domain network. To apply this change, you may need to reinitialize the network connection.

Improve this answer
1
  • If we need to delete the images because of the "TenForums.com" watermark, feel free to edit my question or let me know.
    – palswim
    Commented Jun 13, 2016 at 20:15
0

All the solutions mentioned above are actually just workarounds but, every commodity / product has its own buyers as the say.

The simplest is to delete the unknown 0.0.0.0 route created and then everything should get back in place. Just run cmd.exe (as admin) from your command line and then type route delete 0.0.0.0 That's it.

I don't think that registering junk routes and other garbage or just doing it vice versa and making an elephant out of the fly is the one of the greatest ideas... Good luck!

Improve this answer
0

On my Windows 7 machine, the "Unidentified Network" was the symptom of the OpenVPN problem, not the cause. In my case, the fix is to start the OpenVPN client GUI using Administrator Privileges.

Improve this answer
0

one thing that worked for me after trying some of the methods above with mixed success was going into the adapter settings for the TAP NordVPN Windows adapter V9 > Properties > Configure > Advanced > Non Admin Access > Not Allowed. Adapter disconnected as public and reconnected as private. I think this worked in conjunction with droidgren's solution.

Improve this answer
0

The simplest way I have recently found is to change it through the elevated powershell. Run "Get-NetConnectionProfile" to list all the network connections, and then run "Set-NetConnectionProfile -InterfaceIndex -NetworkCategory Private"

Improve this answer
0

There is so many answers, but using secpol.msc only trick like suggested by @droidgren is the best and safest way. Adding broken routes with high metrics as a workaround is really sick, even if it works

I tested on Windows 10 and latest OpenVPN Connect client. The dynamically assigned TAP network can properly be set to private and the setting is remembered later

Also, this far better than other threads suggesting to keep the VPN network as public and set the Open Wifi adapter to private to setup firewall rules blocking all non VPN internet traffic. Clearly, VPN adapter must be set to private and any open Wifi or unsecure adapter to public

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .