That should work, be a CIDR ninja. :-) Though if you want your "softswitch" to route to a remote Mobile Client, /23's all around might be needed.
Lonnie > On Sep 5, 2021, at 4:47 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> > wrote: > > Thanks Lonnie > > So what I am thinking is that I will use a /23 on the remote system but > continue to use /24 for my softswitch on the higher subnet. This will give a > total of 250 VPN connections to the Softswitch. > Each remote system will then have the lower subnet for local connectivity > only for mobile peers and remote peers. > > So for your example below, the softswitch will be on 10.4.1.254/24 for > instance and the remote peer will be on 10.4.1.1-250 but will be configured > as a /23 so it has all 10.4.0.x for local connections. > > What do you think? > > Regards > Michael Knill > > On 4/9/21, 12:35 pm, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> wrote: > > Hi Michael, > > As per the docs, the range of .101 to .199 is reserved for mobile clients. > -- > Note -> Mobile Clients are automatically assigned a unique IP address in > the range of .101 to .199 for the last octet (example here: 10.4.0.101 to > 10.4.0.199). Best practice is to refrain from using IP's in this range for > both this tunnel's “IPv4 Address” (above) and Remote Peer's IP address so > both configuration types can coexist. Similarly for IPv6 the Mobile Client > reserved range is …:0101 to …:0199. > -- > When a new Mobile Client is added, it will only check other mobile clients > for uniqueness, not manually added remote peers. > > > Alternatively, if you need more than ~150 manually added remote peers, it > should be possible to use a /23 (255.255.254.0) IPv4 NetMask. > > Using: netcalc 10.4.0.1/23 > -- > HostMin : 10.4.0.1 00001010.00000100.0000000 0.00000001 > HostMax : 10.4.1.254 00001010.00000100.0000000 1.11111110 > -- > Here the reserved mobile client range is still 10.4.0.101 to 10.4.0.199 > > You have the previous ~150 manually added remote peer range plus a ~250 > 10.4.1.x range. > > This /23 subnet should work for the WireGuard -> Tunnel Options: -> IPv4 > NetMask: 255.255.254.0 > > but I have not tested it much. Would that work for you? > > Lonnie > > > >> On Sep 3, 2021, at 7:46 PM, Michael Knill >> <michael.kn...@ipcsolutions.com.au> wrote: >> >> Hi Group >> >> Is there any reason that I could not use the .101 to .199 subnet addresses >> for Remote Peers? If I do add a mobile peer will it check Remote Peers when >> allocating an IP addresses or would I need to manually check there are no >> duplicates? >> As I am moving to cloud hosting most of my systems now with direct mobile >> connectivity, I don't need to use mobile peers but I do need the address >> space. >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: michael.kn...@ipcsolutions.com.au >> W: ipcsolutions.com.au >> >> <image001.png> >> Smarter Business Communications >> >> _______________________________________________ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
