Results 1 to 3 of 3
  1. #1
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default L2TP Default Address Pool Sanity Check

    Why is the default 192.18.0.0/16?

    That's a public IP range that belongs largely to Sun Microsystems. The UI then goes further to instruct the administrator: This is the address pool to be used for L2TP connections. The server will use the first IP address in the pool, with the rest being assigned dynamically to clients when they connect. You should not change this from the default of 192.18.0.0/16 unless you have a specific reason to do so. DO NOT set this to the same address block as your internal network.

    Which is great, because every Untangle admin on the planet has a VERY GOOD reason to change it. That IP range isn't within the Private RFC address ranges, and therefore will cause problems if used.

    I suggest a change to 10.18.0.0/16, or a 172.16.something or other that doesn't conflict with the defaults in the OpenVPN module.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #2
    Untangler mahotz's Avatar
    Join Date
    Jun 2010
    Posts
    35

    Default

    According to RFC2544, 192.18.0.0/15 is a block of addresses reserved for network test equipment. Other docs I found say they are treated just like address in the more common RFC1918 space (192.168, 172.16, 10.0.0.0/8) in that they shouldn't be routed across the internet. I was trying to pick a block of address that weren't likely to conflict with any other private space that customers might already be using, so I went with that.

    However, I just discovered an errata for RFC2544 that didn't come up when I did the original research:

    http://www.rfc-editor.org/errata_search.php?rfc=2544

    According to that, the actual block reservation is 198.18.0.0/15, so I'll fix it to use a chunk from the correct block.
    Last edited by mahotz; 06-09-2014 at 04:48 AM.

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    http://whois.domaintools.com/192.18.0.0

    192.18.0.0 - 192.18.194.255 -> Sun Microsystems.
    192.18.195.0 - 192.18.195.255 -> Medical Research Council - Cognition and Brain Sciences Unit
    192.18.196.0 - 192.18.255.255 -> Sun Microsystems.

    RFC 5735 : http://tools.ietf.org/html/rfc5735#page-3

    "198.18.0.0/15 - This block has been allocated for use in benchmark tests of network interconnect devices. [RFC2544] explains that this range was assigned to minimize the chance of conflict in case a testing device were to be accidentally connected to part of the Internet. Packets with source addresses from this range are not meant to be forwarded across the Internet."

    And a lookup against 198.18.0.0/15 does reflect:

    NetRange: 198.18.0.0 - 198.19.255.255
    CIDR: 198.18.0.0/15
    OriginAS:
    NetName: SPECIAL-IPV4-BENCHMARK-TESTING-IANA-RESERVED

    So, I'm guessing terminal fat finger strikes again?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2