[lug] Address for LAN on VPN?

[Ted Logan]

On 2/18/06, Siegfried Heintze <siegfried at heintze.com> wrote:
> Perhaps my openvpn was not working from Cafe Sole because my internal lan is
> 192.168.1.2/16. Someone suggested I move to 172.?.?.? but they use that at
> my work. Someone said that Cafe Sole uses 192.*.*.* but I noticed Thursday
> night at Cafe Sole the net mask was 255.255.255.0 with an address of
> 192.168.89.?. What should I use for my internal lan?

If your internal lan only uses 16 address bits, it will overlap with
Caffe Sole's internal network, and your kernel will likely end up with
two conflicting routes. (In my experience with openvpn, though,
that'll make it difficult or impossible to send out any packets
anywhere.)

You'll likely find that 192.168.1.0/24 is the most popular private
network on the planet -- which is likely why Caffe Sole uses a
different network.

RFC 1918 gives the following private network blocks:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

By convention, these networks have the following netmasks:

10.0.0.0/8
172.16.0.0/16
192.168.0.0/24

(If you don't set up a netmask, it will typically default to the mask
given above.)

(I've also noticed some odd behavior at Caffe Sole with my openvpn
connection: My DHCP client (Debian's dhcp-client package, version
2.0pl5-19.4) will create an apparently-invalid /etc/resolv.conf, since
Caffe Sole's DHCP server doesn't give any search domains. About half
of my applications work fine (Mozilla and ssh), but dig and openvpn
can't resolve any addresses. When I manually edit /etc/resolv.conf to
add a search domain, openvpn and dig work fine. I keep meaning to
figure out who's at fault and file a bug report (or fix it myself),
but so far I've been lazy.)

--
Ted Logan
Finally-employed Engineer
ted.logan at gmail.com
http://jaeger.festing.org/