Correct Network IP addressing if your users have ability to VPN in
Techspot has A List of Common Default Router IP Addresses that helps with this. Usually home routers uses /24
subnets. Nowadays mobile phones are often used for sharing network connection, so we must take these ranges into account, too.
According to the list we can deduce we should avoid:
-
192.168.0.0/19
- most of the routers seems to use some of these, above192.168.31.255
. -
10.0.0.0/24
is also widely used, and Apple uses10.0.1.0/24
. -
192.168.100.0/24
is used by Motorola, ZTE, Huawei and Thomson. - Motorola uses (in addition)
192.168.62.0/24
and192.168.102.0/24
. -
192.168.123.0/24
is used by LevelOne, Repotec, Sitecom and U.S. Robotics (less common) - Some D-Links have
10.1.1.0/24
and10.90.90.0/24
.
We have three ranges reserved for private networks; we still have plenty of space to avoid these in:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
Some random upper range from 10.0.0.0/8
could be the safest choice for avoiding collisions. You may also want to avoid number 42
in any part of the IP address range: it might be the most common "random" number, as it's the Answer to the Ultimate Question of Life, The Universe, and Everything.
The best you can do is to use a range for the network that you give vpn access to, that you expect none of your users use. There's a good chance a lot of your users won't have changed that their routers use 192.168.0.0/24 or 192.168.1.0/24 (the two ranges I have seen the most in consumer gear), if you have an idea of some who might have chosen to use a different range, ask them what they use, but users who have done so will also know how to change the setup of their own router to avoid the conflict.
You can never be 100% sure but you can minimise the risk by avoiding using the same subnets everyone else does.
I would avoid using the subnets at the bottom of blocks as many people start numbering their networks from the beggining of a block.
IMO your safest bet for avoiding conflicts is to use a subnet from somewhere in the middle of the 172.16.0.0/12 block. I have never seen a home router come preconfigured with a subnet from that block.
A random subnet from 10.0.0.0/8 is also relatively safe but I did once use a home router that allocated the whole of 10.0.0.0/8 to the lan by default and would only allow masks that matched the classful default.
192.168 is the most vulnerable to conflicts because it is a relatively small block and is widely used on home routers.