Correct Network IP addressing if your users have ability to VPN in

networking ip vpn

Techspot has A List of Common Default Router IP Addresses that helps with this. Usually home routers uses /24 subnets. Nowadays mobile phones are often used for sharing network connection, so we must take these ranges into account, too. According to the list we can deduce we should avoid:

  • 192.168.0.0/19 - most of the routers seems to use some of these, above 192.168.31.255.
  • 10.0.0.0/24 is also widely used, and Apple uses 10.0.1.0/24.
  • 192.168.100.0/24 is used by Motorola, ZTE, Huawei and Thomson.
  • Motorola uses (in addition) 192.168.62.0/24 and 192.168.102.0/24.
  • 192.168.123.0/24 is used by LevelOne, Repotec, Sitecom and U.S. Robotics (less common)
  • Some D-Links have 10.1.1.0/24 and 10.90.90.0/24.

We have three ranges reserved for private networks; we still have plenty of space to avoid these in:

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16

Some random upper range from 10.0.0.0/8 could be the safest choice for avoiding collisions. You may also want to avoid number 42 in any part of the IP address range: it might be the most common "random" number, as it's the Answer to the Ultimate Question of Life, The Universe, and Everything.


The best you can do is to use a range for the network that you give vpn access to, that you expect none of your users use. There's a good chance a lot of your users won't have changed that their routers use 192.168.0.0/24 or 192.168.1.0/24 (the two ranges I have seen the most in consumer gear), if you have an idea of some who might have chosen to use a different range, ask them what they use, but users who have done so will also know how to change the setup of their own router to avoid the conflict.


You can never be 100% sure but you can minimise the risk by avoiding using the same subnets everyone else does.

I would avoid using the subnets at the bottom of blocks as many people start numbering their networks from the beggining of a block.

IMO your safest bet for avoiding conflicts is to use a subnet from somewhere in the middle of the 172.16.0.0/12 block. I have never seen a home router come preconfigured with a subnet from that block.

A random subnet from 10.0.0.0/8 is also relatively safe but I did once use a home router that allocated the whole of 10.0.0.0/8 to the lan by default and would only allow masks that matched the classful default.

192.168 is the most vulnerable to conflicts because it is a relatively small block and is widely used on home routers.

Related

LDAP authentication for SonicWALL VPN
Why is creating a new TCP connection regarded as expensive?
AWS CLI throws "Unable to locate credentials", the second time it's run
Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration
How do I convert a VMWare VMDK HDD file to a HyperV VHD file?
Why is iptables not blocking an ip address?
Install SSL on Amazon Elastic Load Balancer with GoDaddy Wildcard Certificate
MAILTO is not working for CRON. How can I fix this?
Shared Home folders on file server listed as "My Documents"
On a modern system, will using disk compression give me better overall performance?
The Network folder specified is currently mapped using a different user name and password
My linux server was hacked. How do I find out how and when it was done?