Windows uses wrong NIC in a dual NIC setup, Ignores metric at times.

Hi!


I have a question that I can't find the answer for, I've been searching like crazy but keep finding the same responses which have in my case proven useless.


The situation is this: I have one router and one computer, the computer has two network interface cards which are both connected to the router and given IP addresses. I have made the metrics in Windows such that normal traffic SHOULD always choose NIC 1 and I have in the application "Tixati" set it manually to use NIC 2. I have then set my firewall to only allow the application "Tixati" to use NIC 2 while blocking it from using NIC 1. So in theory everything on my computer should use NIC 1 except "Tixati" which should use NIC 2.


The problem: The issue is that for some reason Windows will sometimes think it's a good idea to just straight up switch over to using NIC 2 for ALL traffic, even though it has a waaaay higher metric (static permanent routes) and the firewall is blocking access for the applications on that interface, which results in the applications being straight up blocked. This is temporarily solved by disabling and enabling NIC 1... Until it happens again.


The cause: I just straight up don't know, I do however think it has something to do with Windows probably trying to use a different NIC at the slightest hint of an issue with the main NIC, it often happens during web browsing and I even found one specific website that seemingly caused this issue every time I reloaded the page! I think it may have something to do with it trying a different NIC when a response takes too long(?) or if it encounters an error of some sort?


The solution: I just don't know and I've tried everything I could find regarding this on the internet which was either the metric thing or deprecated settings relevant to earlier versions of Windows. Does anyone here know how to fix this? I'm guessing it's not possible though and that it's something hard-coded in Windows, but I hope there is some setting somewhere that I've missed. Some load balancing setting or something?
(I know of one setting where Windows would try to use the DNS of whichever NIC was best and sort of load balance(?) it, but I've already tried disabling it. Perhaps there's something similar for the normal traffic?)



Regards,
Sanya IV

bro67 said:

You have to specify which one is the one to use the connection. If both are hooked up at the same time. Windows 10 will try and Load Balance or Bridge the connection, depending on how it wants to behave at that moment.

You do not need both hooked up to the router. You only need one.

I have an OVPNbox router which supports different groups to be connected via OpenVPN to their VPN service. So NIC 1 is in one group and NIC 2 is in another group, these two groups are separately connected via VPN which means they have different IP-adresses and tunnels. This is why I have two NICs and connections to the router, in order to get all normal traffic on my computer over VPN link 1 and all Tixati traffic over VPN link 2 and never have them use the other's connection.

How do I specify which one to use when I want to use them both at the same time but for different applications? If Windows 10 is trying to load balance or bridge the connection, how can I stop this and just tell Windows to use NIC 1 for all traffic but still keep NIC 2 available for Tixati? (The application Tixati has a built in option to use another NIC and I've specified NIC 2 in the application so it will always use NIC 2)

bro67 said:

Regardless how you have it set up on the Router. Windows will naturally Load Balance, bridge or do a fall over.

Well can I manually force it to not do this or force it to a specific mode? I mean it works fine 90% of the time but then seemingly randomly Windows will just push all traffic that previously went on NIC 1 to NIC 2. So I can use NIC 1 and NIC 2 simultaneously for hours and then suddenly Windows will stop using NIC 1 for all normal traffic and try to use NIC 2 instead, even though my firewall blocks all applications from using NIC 2 (which I think it should realize and start sending the traffic via NIC 1 again)

bro67 said:

Having both NIC's hooked up to two different VLAN's, makes the computer the host for handling all connections from one VLAN to the other.

It's not actually two different VLANs, it's the same LAN, same subnet. Just that all applications should take NIC 1 to reach it and Tixati NIC 2 to reach it. The routes reflect this by NIC 1 and NIC 2 having the same settings just that NIC 1 has a much lower metric which should mean that Windows should use NIC 1 instead of NIC 2.

bro67 said:

I would suggest only using one NIC at a time, and if you need the other, then enable it when you need it.

Trying to reinvent the wheel and do something that is not done with a VPN, is just going to keep causing you headaches.

Normally the setup you have is done for Labs or Domains, not every day use.

Nothing like that is done with the VPN, the VPN part is working great. The VPN is running on the router and has two connections connections and the router routes traffic from NIC 1 to VPN 1 and NIC 2 to VPN 2, so everything there is working great. The thing that isn't working is the dual connections between router and computer, I don't want Windows to load balance or bridge or fallback, I want Windows to treat them as two different networks of which only one should be used by it which is NIC 1 (But NIC 2 should be enabled and available so that Tixati can force itself to use it)

Although it sounds like Windows just won't let me set this up? Sounds like it forces what it thinks is best for my system even if it isn't? I guess I'll just have to disable/enable NIC 1 every time it happens then.

Thanks for answering. =)

I think the issue may have been caused by both connections being connected to the same gateway MAC address which caused Windows to put the two network cards in the same network profile. I, unsurprisingly, found no way to force the network cards to use a "fabricated" profile (to divide them) and they would still use the same one.

What I did find however was that I in the registry could add the DWORD "*NdisDeviceType" = Value "1" for the network card I don't want the system to use (NIC 2) which will cause Windows not to automatically check it for stuffs (Didn't read into it too much) and the effect is that the network card no longer is assigned a network profile and it no logner shows up in "View your active connections" under "Connections" (Where it would before show NIC 1 and NIC 2, it now only shows NIC 1) Which I think means Windows no longer recognizes NIC 2 as an active connection and hence won't try to use it even if NIC 1 messes up (so no load balance or bridge or fallover) ... Or at least I hope so.

I haven't yet been able to determine if this works or not, but I'll keep testing it. Cautiously hopeful. =)

Edit: And just a few seconds later I learned that it didn't work... Sigh.

Is there anyway I can make Windows THINK NIC 2 is LocalNetwork only? I know you can use Set-NetConnectionProfile to query -IPv4Connectivity but you can't input a new value. Is there any way to manually change that, or an equivalent value, for a specific NIC? (Not for a network profile, although I wonder about that as well)