Why can't I use a /8 ?
-
This post is deleted! -
@ipguy said in Why can't I use a /8 ?:
Why not /8 ?
A /8 would allow 16M addresses (and is an entire class A block back in the classfull address days). Do you have that many devices? Also, you won't be able to have 8000 devices on a /24. I suspect you need to understand a bit about network size and what you actually use the VPN for. For example, if you had 8000 devices, then the smallest network would have whatever power of two is sufficient to hold them all. For 8000, that would be 2^13 (8192) or a /19 subnet mask. What's on the remote end of the VPN? If only a single device, you could get by with a /31 (or /30 if running Windows).
-
This post is deleted! -
A /28 has 14 usable addresses. Where do you get a /8 from? Perhaps you could provide a bit better info. It would take a million of those remote networks to require a /8. Do you have that many?
-
@ipguy said in Why can't I use a /8 ?:
Or am I wrong?
I would say so. You have to provide enough info for us to understand what you're doing. Do you have multiple /28 networks you want to connect to with a VPN? If so, you want to create a VPN to each, with each VPN being a /31, since all it's doing is creating a connection or transit network between two sites.
-
This post is deleted! -
@ipguy said in Why can't I use a /8 ?:
the next remote network, 10.3.0.0/28
the next remote network, 10.4.0.0/28Do you realize you're allowing 65536 addresses for each /28? Even if you did something link 10.0.3.0 /24, you could have 65536 of them in a /8. Since you have /28s, you could do something like:
10.0.0.0 /28
10.0.0.4 /28
10.0.0.8 /28
etc. -
@ipguy said in Why can't I use a /8 ?:
the next remote network, 10.3.0.0/28
the next remote network, 10.4.0.0/28I am with @JKnott here - this doesn't make a lot of sense..
So you have a remote device.. And it has a /28 or even multiple /28s on the other end of it.. Ok what does that have to do with your tunnel network?
How many devices are going to connect to the openvpn server? 8000? So your tunnel network would only need to support 8000 IPs.. So a /19 would allow for 8190 address - so if using subnet vs net 30, each modem would only being getting 1 IP for the tunnel.. So 8190 modems. What networks are on the other end of the tunnel has nothing to do with the tunnel network.. The tunnel network allows for how many clients can connect to that server.. Using a /16 tunnel would allow for 65k devices to connect.. Even using net30 addressing you would still have way more than enough for 8000 connections.
Also with
the next remote network, 10.3.0.0/28
the next remote network, 10.4.0.0/28Your wasting a lot of space between those networks as mentioned.. Your using a whole /16 just to assign a /28... Think we are missing some info here.
But you could route multiple network across your 1 IP used to connect for the tunnel..
I think a better understanding of what your doing or wanting to do exactly.. How are these modems connecting to you now?
