[strongSwan] virtual IP ranges overlapping with ISP or Wifi ranges

Martin Willi martin at strongswan.org
Thu Jun 27 14:09:18 CEST 2013


Hi Daniel,

> If the virtual IPs are from the 192.168.1.0/24 range, it would appear
> there is a high risk that when a roadwarrior is on a home wifi with the
> same subnet 192.168.1.0/24 there will be confusion

This risk exists. However, for example the Windows 7 IKEv2 client can
handle such conflicts surprisingly well, usually a user won't notice it.
Of course this might not be true for other clients.

> Can anyone make any practical comments on how to choose virtual IPs?

I don't think there is a real solution for that problem. Probably it is
a good idea to choose an address range not commonly used. If you think
anything in 10.0.0.0/8 or 192.168.0.0/16 is not really an option, you
might go for a subset of the third private range, 172.16.0.0/12, which
might be less commonly used.

Regards
Martin





More information about the Users mailing list