Isn't 5.5.0.0 a public IP range?!
Default Network Address 5.5.0.0
-
RedRaider
- OpenVpn Newbie
- Posts: 2
- Joined: Mon Aug 16, 2010 5:38 pm
Default Network Address 5.5.0.0
Why is 5.5.0.0 the default Network Address in a fresh AS install?
Isn't 5.5.0.0 a public IP range?!
Isn't 5.5.0.0 a public IP range?!
-
JWSmythe
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Apr 22, 2013 3:36 pm
Re: Default Network Address 5.5.0.0
First, sorry for resurrecting a dead thread. This is the first result on Google searching for OpenVPN 5.5.0.0. I'm sure more people will see this.
OpenVPN AS 1.5.0 release notes say:
I don't work for OpenVPN, so I can't guess why they picked that. I would assume that anyone installing OpenVPN would have a grasp of what network ranges are safe to use, and most people would say "why would I need 4094 IPs?".
If you happen to use anything in the 5.5.0.0/20 network, *and* you keep this default setting, you'll run into problems.
I suspect any of the normal private IP addresses would run into potential conflicts at install time, especially in the 10.0.0.0/8 and 192.168.0.0/16 networks.
OpenVPN AS 1.5.0 release notes say:
The block does indeed belong to someone else.The default VPN IP address subnet has been changed to 5.5.0.0/20
(from 10.8.0.0/24) to reduce the chances of subnet conflicts.
Code: Select all
route: 5.4.0.0/14
descr: E-Plus Mobilfunk GmbH & Co KG
origin: AS12638
mnt-by: AS12638-MNTIf you happen to use anything in the 5.5.0.0/20 network, *and* you keep this default setting, you'll run into problems.
I suspect any of the normal private IP addresses would run into potential conflicts at install time, especially in the 10.0.0.0/8 and 192.168.0.0/16 networks.
-
novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: Default Network Address 5.5.0.0
Regarding the resurrection of the dead, Doctor Frankenstein, that's okay. But I'll provide the answer and then lock the topic so no necromancy can be performed on it again.
The reason we chose 5.5.0.0/20 was that at the time it was not in use at all, it was a bogon range. Due to the shortage in IP addressing space it has now been assigned but at the time of writing this range doesn't appear to be in use much, if at all. Still, in order to prevent possible issues in the future, we recommend people to switch to an RFC 1918 range that does not conflict with their current setup.
Before, we had many issues with the 10.8.0.0/24 range because a lot of people were already using that range. It seemed that no matter what RFC 1918 range we picked, there would always be a conflict somewhere. And asking first-time users for a subnet during installation didn't look to be a solution that would work because if people got it wrong they'd have a non-working server. So it was decided then to switch to 5.5.0.0/20 since it was unassigned at the time. Nowadays we advise people, after installation, to switch to an RFC 1918 range that makes sense in their situation. Since 'VPN Settings' is where this setting is found and should be one of the first things an admin sees upon installing and configuring the Access Server, I assume this will sort itself out.
Please note that some network management solutions, like for example the ones used in the Amazon routing system, do not allow non-RFC1918 ranges at all. So for that reason alone it makes sense to switch to an RFC 1918 range.
Putting this topic to rest now. Locked.
The reason we chose 5.5.0.0/20 was that at the time it was not in use at all, it was a bogon range. Due to the shortage in IP addressing space it has now been assigned but at the time of writing this range doesn't appear to be in use much, if at all. Still, in order to prevent possible issues in the future, we recommend people to switch to an RFC 1918 range that does not conflict with their current setup.
Before, we had many issues with the 10.8.0.0/24 range because a lot of people were already using that range. It seemed that no matter what RFC 1918 range we picked, there would always be a conflict somewhere. And asking first-time users for a subnet during installation didn't look to be a solution that would work because if people got it wrong they'd have a non-working server. So it was decided then to switch to 5.5.0.0/20 since it was unassigned at the time. Nowadays we advise people, after installation, to switch to an RFC 1918 range that makes sense in their situation. Since 'VPN Settings' is where this setting is found and should be one of the first things an admin sees upon installing and configuring the Access Server, I assume this will sort itself out.
Please note that some network management solutions, like for example the ones used in the Amazon routing system, do not allow non-RFC1918 ranges at all. So for that reason alone it makes sense to switch to an RFC 1918 range.
Putting this topic to rest now. Locked.
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.