Overclock.net banner

VPN Question regarding IP adressing.

636 views 19 replies 7 participants last post by  lacrossewacker 
#1 ·
Hi,

I've set up a VPN server at home so i can acces this from School. This way i can acces my NAS to have all my files available to me wherever i go. So far so good.

Now i was wondering about something that i couldn't get a google hit on.
If i were to connect to a network where my router would be 192.168.0.1
And i connected to a VPN as well, where the router is also 192.168.0.1
Will this cause issues? Or is this somehow differentiated?
Very curious about this one.
 
#2 ·
It will causes issues, the local routes to the 192.168 network take presidance over the VPN routes, we have this problem all the time at work
 
#3 ·
Quote:
Originally Posted by Ulquiorra View Post

It will causes issues, the local routes to the 192.168 network take presidance over the VPN routes, we have this problem all the time at work
So how do people deal with this problem? Set your own router to a different static IP?\
But then you'd also have to change the DHCP range if they also collide, right?
 
#4 ·
Chose a network range at random, the 10 range is good, 100.64 is also great as NO ONE uses it
biggrin.gif


Only way to fix it while on site is to mannuly add the routing tables
smile.gif
dunno how to do it on windows though
 
#5 ·
Quote:
Originally Posted by unseen0 View Post

So how do people deal with this problem? Set your own router to a different static IP?\
But then you'd also have to change the DHCP range if they also collide, right?
You'd have to change the DHCP pool anyway once you change the Interface/SVI on your router as you'd no longer have those hosts on the same subnet as the gateway.
 
#7 ·
I can tell you in my experience it's best to avoid this. I've set up VPNs for a small office where they use the 192.x.x.x range for their LAN and then wanted some employees to remote in by remote access VPN. Of course those employees also used the 192.x.x.x range in their home network.

Sometimes it would work, but more often than not it did not work. Forensically, I'd love to know why for some it did work and for others it didn't, but I didn't care to spend the time chasing down an academic problem.

Avoid it if at all possible. Use different subnets and you'll never have to worry about it.
 
#8 ·
Thank you all kindly for all the reactions. This is of great help
smile.gif

Quote:
Originally Posted by sjulia View Post

I can tell you in my experience it's best to avoid this. I've set up VPNs for a small office where they use the 192.x.x.x range for their LAN and then wanted some employees to remote in by remote access VPN. Of course those employees also used the 192.x.x.x range in their home network.

Sometimes it would work, but more often than not it did not work. Forensically, I'd love to know why for some it did work and for others it didn't, but I didn't care to spend the time chasing down an academic problem.

Avoid it if at all possible. Use different subnets and you'll never have to worry about it.
As for using a different subnet, u mean adjusting the home network to say; 192.168.2.xxx, where the other location would use 192.168.1.xxx
Then the subnetmask on the home network would become 255.255.254.0, correct?
 
#11 ·
Quote:
Originally Posted by beers View Post

Still 255.255.255.0 for the subnet mask. That makes your network boundary 192.168.2.0-255.
You and many others seem to know your stuff,
I may be mixing things up here.

It's my understanding, after reading your posts that the subnetmask will "limit" your network range.
For example, if i were to set a subnetmask of 255.255.255.0 on a 192.168.0.xxx Ip adress, wouldn't that mean that the defined network is 192.168.0. and the followup numbers would be systems connected to that network, correct?

If the subnetmask would become 255.255.254.0, wouldn't that mean that the network would be 192.168.0.1 and 192.168.0.2?
Sorry if it's a bit unclear. I'm really trying to hammer this subnetmask thing down.

Quote:
Originally Posted by coachmark2 View Post

Just wondering, what are you using for your VPN?
I use VPN because my work location has certain websites filtered that i could really use.
But mainly i like to be able to acces my NAS from any location to acces files everywhere.
This is when the questions popped up on the duplicate ip adresses.
 
#12 ·
Coach means what not why
smile.gif
as in OpenVPN PPTP L2TP (i think)

And your half there with subnet masks, they are applied in a bitwise operation (so converted to binary then XOR'd (i think?) ), rather than using the subnet notation of 255 its much easier to use the CIDR notation of /24 (255.255.255.0). Then the smaller the /X the larger the subnet, so the 255.255.254.0 is a /23 which is 2X the size of /24.

http://wiki.xtronics.com/index.php/IP_Subnet_Masks explains it a bit better then me
 
  • Rep+
Reactions: unseen0
#13 ·
Quote:
Originally Posted by unseen0 View Post

You and many others seem to know your stuff,
I may be mixing things up here.

It's my understanding, after reading your posts that the subnetmask will "limit" your network range.
For example, if i were to set a subnetmask of 255.255.255.0 on a 192.168.0.xxx Ip adress, wouldn't that mean that the defined network is 192.168.0. and the followup numbers would be systems connected to that network, correct?

If the subnetmask would become 255.255.254.0, wouldn't that mean that the network would be 192.168.0.1 and 192.168.0.2?
Sorry if it's a bit unclear. I'm really trying to hammer this subnetmask thing down.
The 255.255.255.0 mask is 11111111.11111111.11111111.00000000 in binary. The 255.255.254.0 is 11111111.11111111.11111110.00000000.

255.255.255.0 -> 11111111.11111111.11111111.00000000
255.255.254.0 -> 11111111.11111111.11111110.00000000

Do you see that extra zero? A subnet with a mask like that has 512 addresses in it instead of just 256. This will mean the addresses in the subnet go from 192.168.0.0 to 192.168.1.255. The next subnet would start with 192.168.2.0 and go to 192.168.3.255 (EDIT: I originally made a mistake here about where the next subnet starts).

You can also have masks like this: 255.255.255.240. That's FF.FF.FF.F0 in hex, and the 240 is 11110000 in binary. This means you could use that mask to get tiny subnets with only 16 addresses in them.

There are other private IP address ranges you can use for your private networks. If you use the 10.0.0.0 to 10.255.255.255 range, you have a lot more room to set up a subnet that won't overlap with what you have at work/school.
 
#14 ·
Quote:
Originally Posted by Ulquiorra View Post

Coach means what not why
smile.gif
as in OpenVPN PPTP L2TP (i think)

And your half there with subnet masks, they are applied in a bitwise operation (so converted to binary then XOR'd (i think?) ), rather than using the subnet notation of 255 its much easier to use the CIDR notation of /24 (255.255.255.0). Then the smaller the /X the larger the subnet, so the 255.255.254.0 is a /23 which is 2X the size of /24.

http://wiki.xtronics.com/index.php/IP_Subnet_Masks explains it a bit better then me
Quote:
Originally Posted by deepor View Post

The 255.255.255.0 mask is 11111111.11111111.11111111.00000000 in binary. The 255.255.254.0 is 11111111.11111111.11111110.00000000.

255.255.255.0 -> 11111111.11111111.11111111.00000000
255.255.254.0 -> 11111111.11111111.11111110.00000000

Do you see that extra zero? A subnet with a mask like that has 512 addresses in it instead of just 256. This will mean the addresses in the subnet go from 192.168.0.0 to 192.168.1.255. The next subnet would start with 192.168.3.0 and go to 192.168.4.255.

You can also have masks like this: 255.255.255.240. That's FF.FF.FF.F0 in hex, and the 240 is 11110000 in binary. This means you could use that mask to get tiny subnets with only 16 addresses in them.

There are other private IP address ranges you can use for your private networks. If you use the 10.0.0.0 to 10.255.255.255 range, you have a lot more room to set up a subnet that won't overlap with what you have at work/school.
Thank you very much, i have a better understanding of how things work now.
However, it leads to my next question.

I can imagine why people would use 255.255.240.0 for example. to expand the range of available IP's on one subnet, correct?
But why would people choose to use 255.255.255.240 for example. It's my understanding that this will create a subnet with only 15 available ip adresses. What benefit is it to narrow down system's like that instead of just throwing them on a huge system?
 
#15 ·
Usualy a mix of manageability, security and scalability, in a larger network you may want to segregate by IP address, also routing you may have a VPN where you only want 8 PC's going over it etc
smile.gif
 
  • Rep+
Reactions: unseen0
#16 ·
Quote:
Originally Posted by unseen0 View Post

Thank you very much, i have a better understanding of how things work now.
However, it leads to my next question.

I can imagine why people would use 255.255.240.0 for example. to expand the range of available IP's on one subnet, correct?
But why would people choose to use 255.255.255.240 for example. It's my understanding that this will create a subnet with only 15 available ip adresses. What benefit is it to narrow down system's like that instead of just throwing them on a huge system?
Basically, you wouldn't ever use 255.255.255.240 except in some really specific circumstances. That's a stupidly small range. In CIDR notation, we call that a /28. Just to be explicit, if you refer to a network as "192.168.1.0/28", then that is exactly the same as "192.168.1.0 with a subnet mask of 255.255.255.240". The CIDR notation is shorter and easier to say.

It should be noted that, while 192.168.1.0/28 is indeed 192.168.1.0 through 192.168.1.15, you do NOT get 16 usable addresses. Two are reserved, but usually three. You need a reserved address in every subnet for:
  • Network Address (in this case, 192.168.1.0. It's the address that "defines" the network and cannot be used)
  • Broadcast Address (in this case, 192168.1.15. It's at the top of the range)
  • Default Gateway (whatever you want it to be. Basically, where do things on your subnet send traffic when the destination isn't on the subnet with them?)
Quote:
Originally Posted by Ulquiorra View Post

Coach means what not why
smile.gif
as in OpenVPN PPTP L2TP (i think)

And your half there with subnet masks, they are applied in a bitwise operation (so converted to binary then XOR'd (i think?) ), rather than using the subnet notation of 255 its much easier to use the CIDR notation of /24 (255.255.255.0). Then the smaller the /X the larger the subnet, so the 255.255.254.0 is a /23 which is 2X the size of /24.

http://wiki.xtronics.com/index.php/IP_Subnet_Masks explains it a bit better then me
Yup. Was wondering what type? PPTP? L2TP w/ IPSec? OpenVPN?
Quote:
Originally Posted by Ulquiorra View Post

Usualy a mix of manageability, security and scalability, in a larger network you may want to segregate by IP address, also routing you may have a VPN where you only want 8 PC's going over it etc
smile.gif
Yeah... I guess. It could sort of make sense when used for VPN. Anything smaller than a /24 is just.... why?
 
#17 ·
Quote:
Originally Posted by unseen0 View Post

What benefit is it to narrow down system's like that instead of just throwing them on a huge system?
A lot of times you will see things like point to point connections being assigned a /30 since you will only ever just have those two interfaces on a subnet. If you ever get a business connection or something the provider generally allocates a /30 on that interface. You could also use it internally for interface IP addressing between subnets if you were making a complex network.
smile.gif
 
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top