I know Unifi is setup as 192.168.1.* out of the gate.
And configuration is easier if that is your IP range.
Have no Unifi anymore.
Would like to flash to OpenWRT as AP.
I also have a combination.
192.168..
10...*
And my Docker is default to 172.16..
When I started playing with networks in the 1990’s (and the internet in ~1994) I started with 192.168.nnn.nnn and it just stuck. No other rhyme or reason.
I did actually setup the router for an Association locality on 172.16.16.1 just to be a bit obscure. Did not really think it would help against anything, but still.
I tried to tick all 3 so my “vote” for 192 is false. This way my major sub-nets are instantly recognisable from the first number block, with the third block distinguishing wired from wifi. I have more than one router.
My mistake in building the poll. I tried changing it to allow for multiple options but it won’t take it, should have been done within 5 minutes of creating it.
I just assumed your main private network had one ip range, but as someone already posted, items like Docker creates their own little network and one might have more than one network for several reasons.
If I can, I tend to use 172.20-31.x.0/24 as subnet. Might never happen, however… change of subnet mask can be done expading to more than 300 devices. Wonderful for “public wifi” setups.
I have not converted to IPFire yet, but I use 172.17.2.0/24 and have OpenVPN adjacent to it on 172.17.3.0/24 as I used to cover them with an extended ipsec tunnel routing 172.17.2.0/23. Then I extended the subnet usage again to have OpenVPN fixed IP’s on 172.17.1.0/24 so it has become a split mess. At some point I will bring OpenVPN dynamic IP’s to 172.17.0.0./24 from 172.17.3.0/24.
I chose 172.17.2.0/24 initially as an easy one to remember but it is irrelevant, I would have remembered anything. IIRC there may also be a problem clashing with docker in the distro I was using.
Reasons for different networks… some separate Wlan and LAN or what I do for example, Green is WLAN+LAN and a part of the address range in the DHCP, the part of the addresses which is outside the IP range of the dynamic DHCP, which is intended for the mobile devices, the static IPs are driven by immobile fixed devices and the blue WLAN network for a few loT devices which only have access to WAN.
So now DMZ was added, which I have set up with one network card and two VLANs on it, so a new network had to be created and the OpenVPN server also provides one net, which consists exactly of only one network address, because I convince myself that an attack has no possibility to get an IP because it is reserved
To err is human
I mean, sure, I chose 172.16.16.1 as mentioned, but the “obfuscation” effect is not really “real”. Anyone wanting to check for private networks will scan all those ranges anyway… 192.168.. , 10...* , etc…
I think that it is more to prevent getting clashes in network subnets if you connect via vpn from a connection that is using the same subnet as you are on your IPFire server.
Agreed about VPNs. Keep clear of any common router subnets. I’d add 192.168.2.x which I once saw as a guest LAN or something like that on a VM router.
Personally I use 172.17.2.x as I’d thought it would be easy to remember but, in reality, I’d remember anything. I then used 172.17.3.x for OpenVPN so it made a /23 network (great for routing everything via IPsec). Then I got into a mess as I wanted to add a fixed subnet in OpenVPN ccd folder so that became 172.17.1.x which bracketed the LAN which is no longer extendible. If I did it again I’d do:
172.17.0.x - LAN
172.17.1.x - spare
172.17.2.x - OpenVPN
172.17.3.x - OpenVPN with CCD
Or I’d do the first two subnets with OpenVPN and the 2.x and 3.x for LAN.
