[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPN - Can connect but can't ping or see the server

Subject: Re: VPN - Can connect but can't ping or see the server
From: Dan Shoop <email@hidden>
Date: Fri, 6 Nov 2009 19:56:07 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden


On Nov 4, 2009, at 7:07 PM, Scott Haneda wrote:

On Nov 2, 2009, at 8:30 AM, Dan Shoop wrote:
And it also is good timing for kicking the network admin who assigned 192.168.1.0/24 to the network you're servers are on in the first place. Any netadmin with half a brain should realize that this subnet is too commonly used and would cause a collision with something one day. It's like that knight in Indiana Jones would say as the guy picked the wrong chalice and died, "he chose poorly."
Dan, I have been reading this thread with interest. I do no really do not understand what is so bad about the 192 range?

It's not the whole 192.0.0.0/8 CIDR block. It's 192.168.1.0/24 that's the bad idea. Why? Because it's used by just about everything as a default.

Taking this out of the "Server" field and into the home networking category, I would say the large majority of home routers all default to factory set router address of 192.169.1.1.


Which presents a problem.

So you have a /24 in the 192 range, which is a fair amount of Ip's to start with.


Not really, and it's NATed so who cares.

It is indeed common, but I keep coming back to "what's in a name" on this one.

Ummm... if everyone uses the same local NAPT CIDR block then everyone will be unable to use VPN, etc.

Maybe I move to private class B, and maybe a trend happens that everyone else does as well, while there are a few more IP's in a class B, doesn't that then become the same problem, of "too common" all over again?

It would be just as bad if your "class B" (not that there are class B blocks any more) included 192.168.1.0-255 in the block.

Not debating what you are stating, but I also have not run into any issues with this myself. If I know the client is going to need more than a /24 at some point, I set then up a /16, not usually in the 192 range, but even if I did, I am still missing the future ails I may be getting myself into.

Maybe you have some real world collision stories that would help me understand why the 192 /16 is a bad idea.

Thanks for any help understanding this issue.

Again, read what I wrote. And increase your understanding of the issue we're talking about.

-d

------------------------------------------------------------------------
Dan Shoop
Computer Scientist
email@hidden

GoogleVoice: 1-646-402-5293

aim: iWiring
twitter: @colonelmode

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

References:
	>Re: VPN - Can connect but can't ping or see the server (From: Dan Shoop <email@hidden>)
	>Re: VPN - Can connect but can't ping or see the server (From: Scott Haneda <email@hidden>)

Prev by Date: Re: Mac Mini Server
Next by Date: Re: Open Directory and Network Interfaces
Previous by thread: Re: VPN - Can connect but can't ping or see the server
Next by thread: Re: VPN - Can connect but can't ping or see the server
Index(es):
- Date
- Thread

Home