Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense and Windows Network Location Awareness

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guitardood
      last edited by guitardood

      Hello,
      I'm having a huge head with a bunch of windows machines at two different locations behind a Qotom box running pfsense v2.4.4-RELEASE-p3 and the mysterious Network Location Awareness always picking Public network despite having set it to Work, multiple times, and naming the network. Not sure if it's a windows reboot or pfsense reboot which triggers this. Does anyone know what data windows uses do identify the network and is there any way to emulate that with pfsense? FWIW, the Qotom box has 4 nics, 1 connects to the internet gateway and the other 3 are running LACP to a netgear managed switch.

      Any help would be greatly appreciated.

      Best,
      Chuck

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        the default behavior of nla is to set any unidentified network to public,
        so if the NIC has neither a Default Gateway or associated SSID, then NLA will determine that the network is Unidentified
        profiles are saved here, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
        this happen when nla start before your nic is up
        there are 2 solution, set nls to start automatic (delayed) or Open Administrative Tools -> Local Security Policy.
        Highlight the "Network List Manager Policies" item, then double click the "Unidentified Networks" on the right panel.
        Set the "Location Type" to "Private". You could also set a script that restart nla if Automatic(delay) is not sufficient
        upgrading network driver could also help

        or you have a problem with your dhcp server and you should investigate why is slow on assigning ip

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          @guitardood said in PFSense and Windows Network Location Awareness:

          3 are running LACP to a netgear managed switch.

          Pretty sure NLA uses mac address of the gateway to determine if on the same network as before, etc.. So in theory if your using lacp could not different member back be used on reboot.

          So yeah if your client sees its gateway mac change, then it could think its on different network and then default back to public from your work setting.

          Just thinking off the top of my head here.

          Simple enough to test.. check what you show for the mac of your gateway (pfsense).. Do whatever it is your doing where it then changes back to work and look to see what mac is from the client.

          edit:
          Yeah look in the above reg entry listed by @kiokoman vs profiles look unter networklist/nla/cache you will see Intranet and domain name, under there you will see entries that have your gateway IPs mac address..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Yes, the most common cause of that is if you have the DHCP server running on a non-physical interface (usually a bridge) where the MAC address is generated at boot each time. The workaround for that is to set a MAC on the interface that it will use every time which prevents Windows seeing it as a new network every time you reboot pfSense.
            However a LAGG interface will inherit it's MAC from the first member interface so that would not apply if it's directly on lagg0.

            Steve

            G 1 Reply Last reply Reply Quote 1
            • G
              guitardood @stephenw10
              last edited by

              @stephenw10, that sounds like it may be the problem. I have the LAGG bridged with the WLAN. I'm going to try and set the bridge's MAC to whatever it happens to be right now and see if that resolves the issue. Thanks for the insight.

              Best,
              Chuck

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.