Results 1 to 3 of 3
  1. #1
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Lightbulb Avoid Routing Conflicts

    Some advice "For these Uncertain Times", and WFH

    A list of common RFC-1918 addresses to avoid configuring OpenVPN with, from: https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts

    Code:
    10.0.0
    10.0.1
    10.1.1
    10.1.10
    10.2.0
    10.8.0
    10.10.1
    10.90.90
    10.100.1
    10.255.255
    
    169.254 # APIPA #
    
    172.16.0
    172.16.16
    172.16.42
    172.16.68
    
    172.19.3
    
    172.20.10 # IPhone built-in hotspot #
    
    192.168.0
    192.168.1
    192.168.2
    192.168.3
    192.168.4
    192.168.5
    192.168.6
    192.168.7
    192.168.8
    192.168.9
    192.168.10
    192.168.11
    192.168.13
    192.168.15
    192.168.16
    192.168.18
    192.168.20
    192.168.29
    192.168.30
    192.168.31
    192.168.33
    192.168.39
    192.168.40
    192.168.42 # Android USB tethering #
    192.168.43 # Android built-in hotspot #
    192.168.50
    192.168.55
    192.168.61
    192.168.62
    192.168.65
    192.168.77
    192.168.80
    192.168.85
    192.168.88
    192.168.98
    192.168.99
    192.168.100
    192.168.101
    192.168.102
    192.168.111
    192.168.123
    192.168.126
    192.168.129
    192.168.137 # Windows Phone built-in hotspot #
    192.168.168
    192.168.178
    192.168.190
    192.168.199
    192.168.200
    192.168.220
    192.168.223
    192.168.229
    192.168.240
    192.168.245
    192.168.251
    192.168.252
    192.168.254
    
    200.200.200
    donhwyo and jcoehoorn like this.

  2. #2
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,787

    Default

    There really ought to be a formal RFC for this.

    It would publish in five parts:

    1) First, define two options from each of non-routable ranges (10/8, 172.16/16, and 192.168/24) and tell consumer vendors you SHALL pick from one of those reserved options. This is not a demand to update old equipment, but would push new items into a smaller set of ranges over time.

    2) Then, looking at equipment already out there, reserve two of the remaining options in each of the non-routable ranges for VPN service, and tell consumer vendors you MUST NOT/SHALL NOT use those addresses as the default IPs for devices. Ideally, the WiFi Alliance would take this to heart when certifying new consumer routers.

    3) Tell private network managers they SHOULD NOT (not SHALL/MUST) use the ranges from (2) for things other than VPN. They can if they really need to, but otherwise avoid.

    4) Tell VPN providers and managers they SHOULD (not SHALL or MUST) use the ranges reserved in (2) for VPN service. No mandate to update existing VPN configuration, or move things around if you've already allocated these for something else. Just strong guidance to help avoid problems or conflicts over time.

    5) Tell larger private network managers they SHOULD NOT (not SHALL or MUST) use the ranges defined in (1) for devices/vlans. They can if they really need/want the space, but avoid when possible.
    Last edited by jcoehoorn; 05-20-2020 at 12:05 PM.
    Jim.Alles likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  3. #3
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    Agreed. This is a jungle!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2