Windows 7, network connection with no default gateway: any way to change the "Unknown network" status?

I have a computer running Windows 7 Pro RTM. This computer has two network connections:

  • A Wi-fi connection to the Internet (through a home router) which works just fine.
  • An OpenVPN virtual network connection. More precisely, this is a virtual Ethernet connection which behaves exactly like a physical Ethernet wired connection.

My problem is that the "Network and sharing center" shows "Unknown network" for the OpenVPN connection. After some research I found that logical networks (outside a domain) are identified by the MAC address of the default gateway of the connection. Problem is, the OpenVPN connection has no default gateway: it is a private network, so I don't need one...

Consequently, the "Unknown network" is always considered public, so the firewall is always in "public mode", which I don't want. Plus, I can't rename "Unknown connection" or anything (which makes sense), so it is kinda ugly.

My goal is to define a proper logical network for the OpenVPN connection with the private profile. I know of some workarounds (disable the firewall, modify security policy to make all unknown networks "private") but they're still workarounds. I just want my clients to connect to the VPN without having to disable their firewall settings, without changing global configuration with potential side-effects (the "security policy" solution) and without having to look at an ugly "Unknown connection" in the Network and sharing center.

Is there any way I can do this? I tried to check what was going on in the registry (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList is interesting), but I still didn't find a way to "force" the OpenVPN connection to be assigned to a logical network.

Any help would be very appreciated.

A related question showed up at Superuser: https://superuser.com/questions/37355/windows-7-cant-identify-network/37422


There is a Powershell script here that looks like it does what you want.


I just want my clients to connect to the VPN without having to disable their firewall settings, without changing global configuration with potential side-effects (the "security policy" solution) and without having to look at an ugly "Unknown connection" in the Network and sharing center.

Is there any way I can do this?

The workaround we use is to push a default route to the client via the OpenVPN config file, e.g. like so:

# Dummy default gateway to work around Windows 'unidentified network'/'unknown network'
route-metric 512
route 0.0.0.0 0.0.0.0

You most definitely want to make sure the supplied metric is higher than your Internet default route, else all traffic would be routed through the VPN (which might be desirable in specific cases, but this is another topic).

Please note that fiddling with the network configuration in general and routing in particular can have all sorts of undesired side effects, if done improperly, but as long as you know what you do you should be able to judge the impact:

  • Specifically the provided workaround of having two default gateways like so is considered semantically wrong by some at least and Windows does warn you accordingly, if you configure this via the UI indeed.
  • See How to make a private Unidentified Network identifiable and private? for a discussion of this topic, specifically the question itself and the posters (Jason R. Coombs) reasonable criticism regarding Steve Hathaways short summary of the default gateway method down the page.

That said we have used this workaround successfully for quite some time without any issues at all.


For OpenVPN AS (Access Server) you may want to add this to the Advanced VPN Settings in the Server Config Directives box:

push "route-metric 512"
push "route 0.0.0.0 0.0.0.0"

Then update the server and, et voilet, Win7 will get the default gw on the TAP device and let you change Network type from Unknown to others.

Thanks @Steffen-Opel for the tip! :)