When Windows is connected to a WiFi hot-spot and there exist also a LAN interface (ethernet) the resulting routing table has two default gateways, one for each interface. One or the other is selected depending on the lowest automatic metric assigned to the interfaces.
If the metric of the wireless interface is lower, then all traffic goes through WiFi, except for destination ip addresses located in the local subnet (x.y.z.0/24) directly connected to the ethernet interface. Therefore any host located in a private subnet beyond a router connected to the local subnet can't be reached, because the ip packets destined for those hosts are routed through the wireless interface.
If on the contrary the ethernet interface has the lowest metric, all traffic goes through it, except perhaps for the /24 subnet associated to the wireless interface, where you are unlikely to find any useful resources. You can then reach those private subnets above, but you can't have a (direct) internet connection if it is not provided through the router, which is the usual case in an enterprise environment (filtered proxy anyone?).
By assigning to the wireless interface a fixed (not automatic) low metric value, less than the metric of the LAN interface, the interface and the corresponding default gateway will be prioritized by Windows. The corresponding nameserver (DNS) should be prioritized as well. This ensures that the public Internet can be reached via WiFi. You can set the metric as follows:
- Run
ncpa.cpl: the Network Connections window appears - Right click on the wanted interface and select Properties
- On the Networking tab select Internet Protocol Version 4 (TCP/IPv4) then click on [Properties]
- On the General tab click on [Advanced]
- On the IP Settings tab locate Automatic metric check-box and turn it off, then input the metric value in the Interface metric text box
- Confirm with OK and/or Close until the Network Connections window is in focus again
By adding a dedicated route via the ethernet interface for each private subnet that is to be contacted, the traffic destined for those subnets will be routed through it instead of the wireless interface (mask based routing has priority over metric based routing). Well, of course this interface does not need to be of ethernet type, it can be any kind of interface leading to private subnets. Unfortunately, Windows does not provide a way to add routes besides using the route command in an elevated console window: you are supposed to know some routing concepts and to be familiar with the command line.
- The file itself contains a section in the beginning listing the private subnets which are known to be reachable through the LAN. This list is modifiable of course. You probably want to leave the first three subnets unchanged: those are the standard private subnets sanctioned by IANA.
- You can identify the target interfaces by looking at the output of
netsh interface ipv4 show interfaceorwin_split_routing showand noting the index number in theIdxcolumn. Put the index of the wireless interface (or another kind of interface connected to the public Internet) where theINTERNET_IF_IDXvariable is assigned by the set command. Put the index of the ethernet interface (or another kind of interface connected to the LAN) where theLAN_IF_IDXvariable is assigned. - Run
win_split_routing on... - It finds the metric and name of the LAN interface and the name of the INTERNET interface.
- It finds the default gateway of the LAN interface.
- It sets the metric of the INTERNET interface to 5 less than that of the LAN interface.
- It adds a permanent route via the default gateway of the LAN interface for each subnet listed in the beginning of the file itself. Permanent routes survive rebooting.
- When you don't need split routing anymore, run
win_split_routing off. - When you don't remember the current status, run
win_split_routing show