Plan to change LAN subnet

coffeecup25

I want to renumber my home subnet from 192.168.1.0/24 to something else in that class, such as 192.168.xxx.0/24. I occasionally run into the same subnet range at small hotels and this sometimes makes it difficult to connect back home using OpenVPN, particularly with android devices.

I know what steps to follow, but before I start I wonder if there are any gotchas to consider.

The only real hitch is that all of my home devices have static IP addresses. It's easier to keep track of what's attached to the network in this way. Will this cause any hiccups along the way?

My plan was to

1. set a new IP LAN range at the console
2. change the DHCP range for auto address assignments
3. Change the fixed IP addresses on the DHCP server.
4. Reboot devices as needed

It seems simple enough.

Or, I suppose it would be simpler if there was an OpenVPN setting that would reliably isolate the hotel subnet from my home subnet. Any ideas? If so, then I could leave well enough alone.

johnpoz

No its a good idea to get away from 192.168.0 and 192.168.1, since those are the most common networks at many hotspot sort of locations.

You mention a lot of static device - its prob best to set those up via reservations vs actual static on the device. This way you just have to change the reservation to new address range, and then reboot the device.. But easier than putting in or editing static - less likely for typo's - since many devices like printers and stuff have limited interfaces for putting in the address

NogBadTheBad

@coffeecup25 said in Plan to change LAN subnet:

I want to renumber my home subnet from 192.168.1.0/24 to something else in that class, such as 192.168.xxx.0/24. I occasionally run into the same subnet range at small hotels and this sometimes makes it difficult to connect back home using OpenVPN, particularly with android devices.

Tunnel everything over the VPN rather than a split tunnel.

johnpoz

that still not going to work.. Even if you set your default route to go down the tunnel.. Doesn't matter since the device still locally connected to network your trying to get to down the tunnel.. Doesn't need to use the default route - since its on that network.

coffeecup25

@johnpoz said in Plan to change LAN subnet:

that still not going to work.. Even if you set your default route to go down the tunnel.. Doesn't matter since the device still locally connected to network your trying to get to down the tunnel.. Doesn't need to use the default route - since its on that network.

Agree. Force all traffic through the tunnel is checked but android devices can not connect.

jahonix

This post is deleted!

NogBadTheBad

This post is deleted!

JKnott

@coffeecup25 said in Plan to change LAN subnet:

I want to renumber my home subnet from 192.168.1.0/24 to something else in that class, such as 192.168.xxx.0/24.

I had the same problem and moved my LAN to 172.16.0.0. I have only once seen anything in the 172.16.0.0 /12 range used elsewhere.

The only real hitch is that all of my home devices have static IP addresses. It's easier to keep track of what's attached to the network in this way.

You might want to use static maps, so that the DHCP server always assigns the same IP address to a MAC address. On my network, only my main desktop and pfSense router have static configs. Everything else uses mapped addresses.

coffeecup25

Thanks, all. I just finished. It was a minor pita, but not too bad overall.

The new range was researched using Google. It appears to be unused as a company standard default.

0. make sure at least 1 pc does not have a static mapping to old IP range
1. reset to new LAN ip on console
2. Yes to DHCP and assign reserved pool
3. reboot router (seemed important, didn't work first time)
4. log into pfSense. Renumber static mappings (I had 38. It took only a few minutes.)
5. Some devices came up without a reboot. Tivo was a little finicky. I had to reset the DVR manually and reboot all the minis. The NAS and all access points needed a reboot.

Edit: A couple of later issues that needed to be resolved

1. Nightly sync from home server to QNAP NAS failed. It was a weird user authority issue. Folders that previously coped new and changed items and deleted items on QNAP with no match had no authority to access QNAP folders. After numerous attempts to fix it easily, the only solution was to delete and rewrite the backup folders on QNAP. (This was only a nuisance because the QNAP backs up later at night to a couple of USB drives so no data was lost.)

2. Just to avoid problems, an automated Acronis backup to QNAP was rebuilt.

chpalmer

@coffeecup25 said in Plan to change LAN subnet:

The new range was researched using Google. It appears to be unused as a company standard default

Yep.. Nothing is ever wrong on the internet..

That is a scary comment.. You need to use private IP space if you don't want any gottchas down the road.

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

172.20.1.1/24 is one I use at a client site..

VOIP for one is easily broke by using a publicly route-able address as your LAN.

coffeecup25

@chpalmer Google know this. It's pretty smart.

stephenw10

What is the range you're using? If it's internal it's not like anyone can connect to it, there's no danger in telling us.

Steve

coffeecup25

@stephenw10 said in Plan to change LAN subnet:

What is the range you're using? If it's internal it's not like anyone can connect to it, there's no danger in telling us.

Steve

192.168.xxx.0/24

xxx took some research to find one that was not on Google as a default that some company uses or has ever used. I don't want to jinx it as it was a minor pita to change it. I stayed in the 192.168.xxx.0/24 range to make the changeover easy on myself. If I ever have to do it again, I'll figure out something obscure in the 10.0.0.0/8 range.

chpalmer

LOL Even the great Google is wrong sometimes.

coffeecup25

@chpalmer said in Plan to change LAN subnet:

LOL Even the great Google is wrong sometimes.

Sometimes you have to live dangerously.

chpalmer

But setting yourself up to drive over the edge when all you want is a shorter car..

172.31.125.0/24
172.19.1.0/25
192.168.25.0/24
10.10.10.0/28

Just some of my networks. Try and hack me! :)

coffeecup25

@chpalmer said in Plan to change LAN subnet:

But setting yourself up to drive over the edge when all you want is a shorter car..

172.31.125.0/24
172.19.1.0/25
192.168.25.0/24
10.10.10.0/28

Just some of my networks. Try and hack me! :)

I know what a non-routable IP address is. If you can't tell by what I wrote, you must need a refresher consulting class.

chpalmer

I simply find it funny when someone will not show their LAN addresses online.

Nope. I cannot see your knowledge or experience from here and can only assume by what you post.

Good Luck!

JKnott

@coffeecup25 said in Plan to change LAN subnet:

I know what a non-routable IP address is. If you can't tell by what I wrote, you must need a refresher consulting class.

Actually, they are routeable. They're just not allowed on the Internet. With your VPN, you are routing those private addresses.

johnpoz

@JKnott said in Plan to change LAN subnet:

Actually, they are routeable. They're just not allowed on the Internet

Hehehe couldn't help myself sorry... Good one @JKnott