PFSense and Windows Network Location Awareness
-
Hello,
I'm having a huge head with a bunch of windows machines at two different locations behind a Qotom box running pfsense v2.4.4-RELEASE-p3 and the mysterious Network Location Awareness always picking Public network despite having set it to Work, multiple times, and naming the network. Not sure if it's a windows reboot or pfsense reboot which triggers this. Does anyone know what data windows uses do identify the network and is there any way to emulate that with pfsense? FWIW, the Qotom box has 4 nics, 1 connects to the internet gateway and the other 3 are running LACP to a netgear managed switch.Any help would be greatly appreciated.
Best,
Chuck -
the default behavior of nla is to set any unidentified network to public,
so if the NIC has neither a Default Gateway or associated SSID, then NLA will determine that the network is Unidentified
profiles are saved here, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
this happen when nla start before your nic is up
there are 2 solution, set nls to start automatic (delayed) or Open Administrative Tools -> Local Security Policy.
Highlight the "Network List Manager Policies" item, then double click the "Unidentified Networks" on the right panel.
Set the "Location Type" to "Private". You could also set a script that restart nla if Automatic(delay) is not sufficient
upgrading network driver could also helpor you have a problem with your dhcp server and you should investigate why is slow on assigning ip
-
@guitardood said in PFSense and Windows Network Location Awareness:
3 are running LACP to a netgear managed switch.
Pretty sure NLA uses mac address of the gateway to determine if on the same network as before, etc.. So in theory if your using lacp could not different member back be used on reboot.
So yeah if your client sees its gateway mac change, then it could think its on different network and then default back to public from your work setting.
Just thinking off the top of my head here.
Simple enough to test.. check what you show for the mac of your gateway (pfsense).. Do whatever it is your doing where it then changes back to work and look to see what mac is from the client.
edit:
Yeah look in the above reg entry listed by @kiokoman vs profiles look unter networklist/nla/cache you will see Intranet and domain name, under there you will see entries that have your gateway IPs mac address.. -
Yes, the most common cause of that is if you have the DHCP server running on a non-physical interface (usually a bridge) where the MAC address is generated at boot each time. The workaround for that is to set a MAC on the interface that it will use every time which prevents Windows seeing it as a new network every time you reboot pfSense.
However a LAGG interface will inherit it's MAC from the first member interface so that would not apply if it's directly on lagg0.Steve
-
@stephenw10, that sounds like it may be the problem. I have the LAGG bridged with the WLAN. I'm going to try and set the bridge's MAC to whatever it happens to be right now and see if that resolves the issue. Thanks for the insight.
Best,
Chuck
