VPN and LAN network question

[JNDATHP]

Our home in Nevada is 192.168.0.x

Can our home in Florida be the same and be able to VPN into Nevada?

 

[biggen]

Our home in Nevada is 192.168.0.x

Can our home in Florida be the same and be able to VPN into Nevada?

No. Each location needs to be on a different subnet.

 

[SpacemanSpiff]

+1 to what @biggen has shared.

Since delving into BI and VPN access, I quickly realized I need to slightly modify the default IP address for all residential routers that have BI set-up behind them (on the local LAN). I've found the easiest thing is to modify the 3rd octet (listed as "0" in your IP example). So far, I've found that up to the first three digits of the house number works well (no greater than 254), and is a good way to remember the scheme when I do not have my notes handy.

 

[The Automation Guy]

Our home in Nevada is 192.168.0.x

Can our home in Florida be the same and be able to VPN into Nevada?

Florida cannot be 192.168.0.X and work with a VPN to Nevada.

It can be 192.168.1.X or anything else.......

You'll also need a third unique IP range for the actual VPN connection/tunnel. You'll set this up as part of the VPN, but won't ever have to refer to it - the system will assign the addresses automatically. I generally use a different scheme completely from my actual network IP ranges. For example, if I'm using 192.168.X.X on my networks, I'll use 10.X.X.X for my VPN tunnels or vice versa. This makes it very easy to quickly identify any devices coming through the VPN.

 

[Holbs]

what devices are you connecting via VPN? Point to point (NV router <> Florida router)? or VPN server in NV while using VPN application on a PC in Florida?
And what...you expecting to flee this weekend from NV to FL cause of the little bitty freeze coming tomorrow? If so, take me with you!

 

[The Automation Guy]

+1 to what @biggen has shared.

Since delving into BI and VPN access, I quickly realized I need to slightly modify the default IP address for all residential routers that have BI set-up behind them (on the local LAN). I've found the easiest thing is to modify the 3rd octet (listed as "0" in your IP example). So far, I've found that up to the first three digits of the house number works well (no greater than 254), and is a good way to remember the scheme when I do not have my notes handy.

That works until you want to start adding VLANs at a location (since each VLAN gets a unique IP range as well).

There is no right or wrong way to handle this, but I think about each location as a 192.168.X0.X set of ip address. So Nevada might be 192.168.10.X and Florida might be 192.168.20.X. Then I can add up to 9 VLANs at each location by just moving up a number - so VLAN 1 at Nevada is 192.168.11.X, and VLAN 3 at Florida is 192.168.23.X, etc. Of course this only works if you use 9 or less VLANs. Otherwise you need to spread your "location" IP addresses out by more than 10. That being said, 9 VLANs is likely more than enough however for most residential uses. I feel like I use a lot, and I wouldn't use more than 9. (1- Admin network/network equipment, 2-Household servers, 3-IOT with internet access - includes personal phones & computers, 4- IOT without internet access, 5-gaming systems (like Xbox, etc), 6-network printers, 7-CCTV camera system, 8-Asterisk Phone system, 9-guest network)

Alternatively you can use the 10.X.X.X address scheme and use the second octet as your location identifier and the third octet as your VLAN identifier. That is probably the best use case, but non-IT people tend to gravitate to the 192.168.X.X scheme by default (myself included).

The hard part for non-IT people is that you really need to think about these things from the beginning (because it is a real pain in the ass to change your IP scheme after you have a working network and everything is connected), but you don't have enough knowledge to realize you need to be thinking about these things from the beginning!

 

[SpacemanSpiff]

That works until you want to start adding VLANs at a location (since each VLAN gets a unique IP range as well).

There is no right or wrong way to handle this, but I think about each location as a 192.168.X0.X set of ip address. So Nevada might be 192.168.10.X and Florida might be 192.168.20.X. Then I can add up to 9 VLANs at each location by just moving up a number - so VLAN 1 at Nevada is 192.168.11.X, and VLAN 3 at Florida is 192.168.23.X, etc. Of course this only works if you use 9 or less VLANs. Otherwise you need to spread your "location" IP addresses out by more than 10. That being said, 9 VLANs is likely more than enough however for most residential uses. I feel like I use a lot, and I wouldn't use more than 9. (1- Admin network/network equipment, 2-Household servers, 3-IOT with internet access - includes personal phones & computers, 4- IOT without internet access, 5-gaming systems (like Xbox, etc), 6-network printers, 7-CCTV camera system, 8-Asterisk Phone system, 9-guest network)

Alternatively you can use the 10.X.X.X address scheme and use the second octet as your location identifier and the third octet as your VLAN identifier. That is probably the best use case, but non-IT people tend to gravitate to the 192.168.X.X scheme by default (myself included).

The hard part for non-IT people is that you really need to think about these things from the beginning (because it is a real pain in the ass to change your IP scheme after you have a working network and everything is connected), but you don't have enough knowledge to realize you need to be thinking about these things from the beginning!

AGREED! At this point the residential clientele I encounter have flat networks, and the need to build out VLANs is non-existant (so far). Following the KISS principle for them, I simply use separate PoE switches for the cam network and a 2nd NIC in the BI server.