Results 1 to 3 of 3
  1. 05-20-2020, 09:29 AM #1
    Jim.Alles
    Jim.Alles is offline
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Lightbulb Avoid Routing Conflicts

    Some advice "For these Uncertain Times"™, and WFH

    A list of common RFC-1918 addresses to avoid configuring OpenVPN with, from: https://community.openvpn.net/openvpn/wiki/AvoidRoutingConflicts

    Code:
    10.0.0
10.0.1
10.1.1
10.1.10
10.2.0
10.8.0
10.10.1
10.90.90
10.100.1
10.255.255

169.254 # APIPA #

172.16.0
172.16.16
172.16.42
172.16.68

172.19.3

172.20.10 # IPhone built-in hotspot #

192.168.0
192.168.1
192.168.2
192.168.3
192.168.4
192.168.5
192.168.6
192.168.7
192.168.8
192.168.9
192.168.10
192.168.11
192.168.13
192.168.15
192.168.16
192.168.18
192.168.20
192.168.29
192.168.30
192.168.31
192.168.33
192.168.39
192.168.40
192.168.42 # Android USB tethering #
192.168.43 # Android built-in hotspot #
192.168.50
192.168.55
192.168.61
192.168.62
192.168.65
192.168.77
192.168.80
192.168.85
192.168.88
192.168.98
192.168.99
192.168.100
192.168.101
192.168.102
192.168.111
192.168.123
192.168.126
192.168.129
192.168.137 # Windows Phone built-in hotspot #
192.168.168
192.168.178
192.168.190
192.168.199
192.168.200
192.168.220
192.168.223
192.168.229
192.168.240
192.168.245
192.168.251
192.168.252
192.168.254

200.200.200
    donhwyo and jcoehoorn like this.
  2. 05-20-2020, 11:53 AM #2
    jcoehoorn
    jcoehoorn is offline
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,799

    Default

    There really ought to be a formal RFC for this.

    It would publish in five parts:

    1) First, define two options from each of non-routable ranges (10/8, 172.16/16, and 192.168/24) and tell consumer vendors you SHALL pick from one of those reserved options. This is not a demand to update old equipment, but would push new items into a smaller set of ranges over time.

    2) Then, looking at equipment already out there, reserve two of the remaining options in each of the non-routable ranges for VPN service, and tell consumer vendors you MUST NOT/SHALL NOT use those addresses as the default IPs for devices. Ideally, the WiFi Alliance would take this to heart when certifying new consumer routers.

    3) Tell private network managers they SHOULD NOT (not SHALL/MUST) use the ranges from (2) for things other than VPN. They can if they really need to, but otherwise avoid.

    4) Tell VPN providers and managers they SHOULD (not SHALL or MUST) use the ranges reserved in (2) for VPN service. No mandate to update existing VPN configuration, or move things around if you've already allocated these for something else. Just strong guidance to help avoid problems or conflicts over time.

    5) Tell larger private network managers they SHOULD NOT (not SHALL or MUST) use the ranges defined in (1) for devices/vlans. They can if they really need/want the space, but avoid when possible.
    Last edited by jcoehoorn; 05-20-2020 at 12:05 PM.
    Jim.Alles likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty
  3. 05-20-2020, 11:56 AM #3
    Jim.Alles
    Jim.Alles is offline
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,606

    Default

    Agreed. This is a jungle!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2