Correct Network IP addressing if your users have ability to VPN in

networking vpn ip
5,060

Solution 1

Techspot has A List of Common Default Router IP Addresses that helps with this. Usually home routers uses /24 subnets. Nowadays mobile phones are often used for sharing network connection, so we must take these ranges into account, too. According to the list we can deduce we should avoid:

  • 192.168.0.0/19 - most of the routers seems to use some of these, above 192.168.31.255.
  • 10.0.0.0/24 is also widely used, and Apple uses 10.0.1.0/24.
  • 192.168.100.0/24 is used by Motorola, ZTE, Huawei and Thomson.
  • Motorola uses (in addition) 192.168.62.0/24 and 192.168.102.0/24.
  • 192.168.123.0/24 is used by LevelOne, Repotec, Sitecom and U.S. Robotics (less common)
  • Some D-Links have 10.1.1.0/24 and 10.90.90.0/24.

We have three ranges reserved for private networks; we still have plenty of space to avoid these in:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

Some random upper range from 10.0.0.0/8 could be the safest choice for avoiding collisions. You may also want to avoid number 42 in any part of the IP address range: it might be the most common "random" number, as it's the Answer to the Ultimate Question of Life, The Universe, and Everything.

Solution 2

You can never be 100% sure but you can minimise the risk by avoiding using the same subnets everyone else does.

I would avoid using the subnets at the bottom of blocks as many people start numbering their networks from the beggining of a block.

IMO your safest bet for avoiding conflicts is to use a subnet from somewhere in the middle of the 172.16.0.0/12 block. I have never seen a home router come preconfigured with a subnet from that block.

A random subnet from 10.0.0.0/8 is also relatively safe but I did once use a home router that allocated the whole of 10.0.0.0/8 to the lan by default and would only allow masks that matched the classful default.

192.168 is the most vulnerable to conflicts because it is a relatively small block and is widely used on home routers.

Solution 3

The best you can do is to use a range for the network that you give vpn access to, that you expect none of your users use. There's a good chance a lot of your users won't have changed that their routers use 192.168.0.0/24 or 192.168.1.0/24 (the two ranges I have seen the most in consumer gear), if you have an idea of some who might have chosen to use a different range, ask them what they use, but users who have done so will also know how to change the setup of their own router to avoid the conflict.

Share:
5,060

Related videos on Youtube

John
Author by

John

Updated on September 18, 2022

Comments

  • John
    John over 1 year

    My internal network is 192.168.0.x with a gateway of 192.168.0.1.

    I have users that VPN into our firewall which then essentially adds them to the network.

    However, if their home router has an IP address of 192.168.0.1 then of course we have all kinds of issues.

    So, what is the ideal networking address setup to avoid this? I have seen setups where the remote users have router addresses in the 10.x range also so not sure what i can do to prevent this.

    Any comments very welcome!

  • John
    John almost 7 years
    The problem i have is that some of my users are using an ISP supplied router that they cannot change the IP addressing system on. The second issue i have is that users have various addressing systems which i cannot predict nor control. So a few may be on 10.x or 192.x etc. I fear that if i change the office network to one thing, it may not be future proof for a user as yet to be.
  • Henrik supports the community
    Henrik supports the community almost 7 years
    The only reasonably futureproof solution is to use IPv6, but that might quickly cause other problems. You can only hope that you won't get users with ISP supplied routers that use the same addresses as you and can't be changed.
  • Henrik supports the community
    Henrik supports the community almost 7 years
    My experience is that 172.16.0.0/12 is the least common used, so I would select a /24 from that, but the upper end of 10.0.0.0/8 is also a good suggestion.
  • Criggie
    Criggie almost 7 years
    Pick some digits from your office main phone number or static IP address or street number, as long as they are under 255. So 10.246.x.y or 172.25.54.y would be a perfectly legitimate IP range to use. Another dirty hack is to use subnets that are larger or smaller than a /24, for more-specific routing. But this is not ideal and breaks in many ways.
  • Criggie
    Criggie almost 7 years
    172.16/12 is rarely used because its not a nice multiple of 8. So 172.16-through-31.x.y are valid private IP addresses.
  • Tero Kilkanen
    Tero Kilkanen almost 7 years
    I am glad that you mentioned 42, it is extremely important to remember.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

pptpd VPN: No internet access after connecting
Connect by VPN when local and remote networks use identical address ranges
Configuring always-on VPN on Android using a server domain name instead of a server IP address
How to use my static IP outside the network?
How to ensure Internet access is only via VPN
If I download torrents while using a VPN, how do trackers know my real IP?
Problem with persistent routes and VPN connection in Windows 7
Under what circumstances is TCP-over-TCP performing significantly worse than TCP alone (2014)?
How Does a VPN Manage Local IP Addresses
multiple default gateways for alias interfaces