Thanks Lonnie
So what I am thinking is that I will use a /23 on the remote system but
continue to use /24 for my softswitch on the higher subnet. This will give a
total of 250 VPN connections to the Softswitch.
Each remote system will then have the lower subnet for local connectivity only
for mobile peers and remote peers.
So for your example below, the softswitch will be on 10.4.1.254/24 for instance
and the remote peer will be on 10.4.1.1-250 but will be configured as a /23 so
it has all 10.4.0.x for local connections.
What do you think?
Regards
Michael Knill
On 4/9/21, 12:35 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote:
Hi Michael,
As per the docs, the range of .101 to .199 is reserved for mobile clients.
--
Note -> Mobile Clients are automatically assigned a unique IP address in
the range of .101 to .199 for the last octet (example here: 10.4.0.101 to
10.4.0.199). Best practice is to refrain from using IP's in this range for both
this tunnel's “IPv4 Address” (above) and Remote Peer's IP address so both
configuration types can coexist. Similarly for IPv6 the Mobile Client reserved
range is …:0101 to …:0199.
--
When a new Mobile Client is added, it will only check other mobile clients
for uniqueness, not manually added remote peers.
Alternatively, if you need more than ~150 manually added remote peers, it
should be possible to use a /23 (255.255.254.0) IPv4 NetMask.
Using: netcalc 10.4.0.1/23
--
HostMin : 10.4.0.1 00001010.00000100.0000000 0.00000001
HostMax : 10.4.1.254 00001010.00000100.0000000 1.11111110
--
Here the reserved mobile client range is still 10.4.0.101 to 10.4.0.199
You have the previous ~150 manually added remote peer range plus a ~250
10.4.1.x range.
This /23 subnet should work for the WireGuard -> Tunnel Options: -> IPv4
NetMask: 255.255.254.0
but I have not tested it much. Would that work for you?
Lonnie
> On Sep 3, 2021, at 7:46 PM, Michael Knill
<michael.kn...@ipcsolutions.com.au> wrote:
>
> Hi Group
>
> Is there any reason that I could not use the .101 to .199 subnet
addresses for Remote Peers? If I do add a mobile peer will it check Remote
Peers when allocating an IP addresses or would I need to manually check there
are no duplicates?
> As I am moving to cloud hosting most of my systems now with direct mobile
connectivity, I don't need to use mobile peers but I do need the address space.
>
> Regards
>
> Michael Knill
> Managing Director
>
> D: +61 2 6189 1360
> P: +61 2 6140 4656
> E: michael.kn...@ipcsolutions.com.au
> W: ipcsolutions.com.au
>
> <image001.png>
> Smarter Business Communications
>
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
