Windows 10 [MikroTik]: Possible to fix "Unidentified network" on private LAN?

Networking
, ,
1

Hi everyone,

Straight off the bat, here is my issue: Is it possible to “tell” Windows 10 the following things:
1). The ethernet interface has no way out to the internet, and
2). This is OK and it shouldn’t freak out!

This is kind of entering “OCD” territory, but essentially I want the UI to stop telling me that its an “unidentified network”, as in this image:

unidentified
unidentified777×122 23.3 KB

Aside: I’m using a 100mbit “fast ethernet” realtek PCI card, let’s just say the onboard 1Gbit NIC quite literally died one day and hasn’t come back.

Network configuration:

blue: wireless signals, red: ethernet cable

map
map1096×766 41.9 KB

so from my PC, I’ve got two networks available:

  • Via WIFI (192.168.0.7/24): The internet
  • Via ethernet (192.168.88.254/24): The LAN. This IP is given by the (static) DHCP on the Mikrotik.

Note the RPI2 has essentially the same setup: An ethernet for the LAN, and wifi adapter for internet access.

The Mikrotik also has a static DNS server, serving names for my computers so i don’t have to type ip addresses all the time:

mikrotik-dhcp-dns
mikrotik-dhcp-dns1020×737 36.1 KB

Now, I should stress that I have no gateway defined:

no-gateway

I believe this makes logical sense, since this particular network has no way out to any other networks, and I don’t want clients adding this path to their routing tables (I had a problem with this on the Linux SBC’s.)

And for DNS, I put 8.8.8.8 and 4.4.4.4 as alternative DNS servers, so that if i typed ping google.com, it will fail to resolve on the Mikrotik DNS, and then go away to find where 4.4.4.4 lives, an everything should work.

dns-alternate

Testing on RPI2:

Now, after all that: The RPI2 is very happy. It does the “right thing”, even with its WiFi adapter:

pi@rpi2:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.88.1
nameserver 8.8.8.8
nameserver 4.4.4.4
nameserver 192.168.0.1

Great, first look at Mikrotik DNS to see if we typed in a local name (like rpi1, or aml), and then check the real DNS servers, and to find them we’ve got…

pi@rpi2:~ $ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    304    0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     304    0        0 wlan0
192.168.88.0    0.0.0.0         255.255.255.0   U     202    0        0 eth0

…the right set of routing tables: By omitting the gateway, no route was added to 192.168.88.1 for arbitrary destinations. so everything will get routed right (and it does.)

Now I just want to teach Windows that this isn’t an “Unidentified connection”.

I’ve done a bit of googling, and it seems like there are lots of solutions ranging from secpol.msc, regedit.exe hacks, and changing entire global policies on the local machine regarding “public” (or “untrusted”) connections.

None of these make me happy at all, because fundamentally I shouldn’t have to change anything locally on the machine - the network configuration should just work.

I’m running out of google search terms (and search results), so I’ve created this thread to see if anyone has any ideas as to why Windows insists its an “unidentified network”.

On Mikrotik forums, one user says that if there isn’t a gateway or SSID present, Windows will complain. I’ve seen some evidence that this is due to a missing WINS server, however Microsoft themselves say that WINS is deprecated in favour of DNS (which i have running on the Mikrotik).

Is it possible Windows is unhappy with the (perhaps incomplete) DNS implementation running on the routerboard itself?

Anyway I’m happy to hear any and all ideas, including that this is all ridiculous fuss over a tiny UI issue that is infact not consequential…

2

Hello world,

I think you issue might be the MSN connection. Windows uses some Microsoft Network service to ping their servers to determine the availability of internet connection.

Confirmed by Linus and Anthony in https://youtu.be/nwkiU6GG-YU

Alternatively you could setup a network script that is run when the computer connects to the network to ignore the re-routing of information.

3

When your hAP do router tasks or just switch tasks?
If it is a switch, set up the DHCP relay with Add Relay Info enabled.

4

Hi all,

So I’ve figured out a solution that I think I’m happy with. Admittedly this isn’t an answer to the original question i posed (private vs public networks), but I’m posting it anyway just for future reference…

The constrait space I was working with was:

1). SBCs should reach the internet, and my desktop.
2). Desktop should reach the SBCs.
3). SBCs and Desktop ethernet get DHCP addresses from the Mikrotik.
4). HOWEVER: Desktop should use its own internal PCIe WiFI card for all outgoing internet requests!

That last one is what tripped me up for a long time but i found some tricks to fix that.

So first, reset the Mikrotik to default configuration.
Then setup wlan1 as a WiFI repeater for the main WiFI on the Router:

1-repeater

So now the Wireless tables look like this (note I’ve disabled wlan2 because I don’t plan on using it.):

2-wifi-table
2-wifi-table873×204 10.5 KB

Then, setup a DHCP client on wlan1:

3-dhcp-client
3-dhcp-client859×335 12.2 KB

So now the network configuration looks like this:

4-map

Now, let’s introduce two SBCs: The RPI1 and RPI2:

5-map
5-map670×614 7.16 KB

They are connected to eth2 and eth3 of the Mikrotik. These interfaces are already bridged on a bridge called bridge, and we setup a DHCP Server running on this bridge.
These interfaces will have access to the internet, because the option Add Default Route was checked when we created the DHCP Client (as I understand it.)

The config:

6-dhcp-server
6-dhcp-server802×659 24.1 KB

Now the SBCs get an IP, a subnet mask, a gateway, and DNS servers:

7-map
7-map670×614 8.92 KB

Problem

I want to plug my desktop into this setup too - However, it has two interfaces:

  • Fast WiFI card
  • Ethernet

If I plug them in both, they’ll both provide Windows with an IP, a subnet mask, a gateway, and DNS servers - consequently, they both get added as default routes in the routing table, and worst of all - the ethernet one gets a lower metric (not an unreasonable default):

8-map
8-map670×614 11.7 KB

I want my Windows machine to not treat the ethernet port as having access to the internet - it should just be treated as a boring LAN network, with no DNS servers or anything. But I do want it to add a default route for the 192.168.88.0/24 network.

Solution

There are two DHCP options, index 3 (the gateway IP to use), and 6 (the DNS servers to use). Mikrotik allows them to be used on a per-lease level, and by setting them both to 0.0.0.0 causes Windows to:

  • Add a route table entry for packets destined for 192.168.88.0/24 for the ethernet interface, however…
  • …won’t add the eth interface for the default route, hence keeping the WiFi interface as the only default route.

Looks like this:

First, create the two options, and give them a name:

9-no-gw-no-dns
9-no-gw-no-dns772×220 5.08 KB

Next, we can create a static DHCP lease for the desktop, and attach the two options by name:

10-invoke
10-invoke768×685 24 KB

Furthermore, to fully prevent the Desktop from having any accidental access to the internet via the Mikrotik, we can add a routing table firewall entry:
11-route-table-rule
Now, even if we were to manually supply a gateway and DNS server, it will still drop.

Finally, the network looks like this:

12-map
12-map670×614 11.6 KB

From Windows’ point of view, it looks like theres no way out to the internet:
13-win10-status

But from the RPI2, it does:
14-rpi2-status

They can both reach eachother, the desktop uses the WiFI card for default routes, and most importantly, its all 100% automatic, no local configuration on any machine :slight_smile: