VPN Director IP Range

TonyK132

Senior Member
In trying to set IP ranges in VPN Director, I found that xx.xx.xx.xx/27 works but xx.xx.xx.xx/26 and anything greater does not. So if I want to do a range of /26 or /25, I need to divide up the ranges into 2 or 4 sub-ranges of /27 (if that's what they are called) in order to get the coverage I want. Is this a bug or a limitation by design?
 

eibgrad

Part of the Furniture
I'm not quite sure what you're asking. But if you're expecting *all* IP ranges to be expressable w/ a single IP network in CIDR notation, that's NOT possible. That's only possible w/ certain IP ranges.

That's why to typically have to change your IP range to accommodate your rule making if you want to limit it to a single rule, rather than the other way around.
 

TonyK132

Senior Member
I'm not quite sure what you're asking. But if you're expecting *all* IP ranges to be expressable w/ a single IP network in CIDR notation, that's NOT possible. That's only possible w/ certain IP ranges.

That's why to typically have to change your IP range to accommodate your rule making if you want to limit it to a single rule, rather than the other way around.
I'm asking if this is a bug or not. "xx.xx.xx.xx/27 works but xx.xx.xx.xx/26 and anything greater does not."
 

octopus

Part of the Furniture
I'm asking if this is a bug or not. "xx.xx.xx.xx/27 works but xx.xx.xx.xx/26 and anything greater does not."
Have you tried:
Code:
192.168.1.1/25 192.168.1.1 - 192.168.1.127
192.168.1.129/25 192.168.1.129 - 192.168.1.254
 

eibgrad

Part of the Furniture
NOT all CIDR notation is valid. For example, 192.168.1.1/24 is NOT a valid CIDR range. It has to be 192.168.1.0/24, or else any attempt to create a route w/ the former will be rejected. So you need to be specific as to the CIDR you're attempting to create.

IOW, it seems you're under the impression that part you're masking (xx.xx.xx.xx) doesn't matter when it comes to the /xx. It does!
 

TonyK132

Senior Member
Have you tried:
I'll try that, thanks for the suggestion. But per this screen capture that shows a suggestion of using /24, I suspected /26, etc, should work but it does not.

192.168.1.1/24 is NOT a valid CIDR range
I know. See the screen shot for my ranges. I tried /25 and /26 and they did not work, so I'm using multiple /27 ranges to cover the IPs that I want. I also attached the screen shot of the entry screen that shows the /24 example, so presumably that would work, but I have not tried /24.
 

Attachments

  • CIDR Ranges.PNG
    CIDR Ranges.PNG
    18.6 KB · Views: 43
  • CIDR Bug.PNG
    CIDR Bug.PNG
    14.5 KB · Views: 44

eibgrad

Part of the Furniture
The rules you've created do NOT represent the IP ranges you think based on the description. For example, 192.168.2.101/27 is NOT .101 thru .132. It's actually .96 thru .127. Same for the other rules.

For the IP range of 192.168.2.101 thru 192.168.2.228, you need rules based on the following CIDR notation.

Code:
192.168.2.101/32
192.168.2.102/31
192.168.2.104/29
192.168.2.112/28
192.168.2.128/26
192.168.2.192/27
192.168.2.224/30
192.168.2.228/32

This is why it's usually better to base your IP range on one that requires the fewest number of rules.

Code:
192.168.2.64/26 # 192.168.2.64 - 192.168.2.127
192.167.2.128/26 # 192.168.2.128 - 192.168.2.191

The above gives you 128 hosts, but you have to start w/ 192.168.2.64 and end w/ 192.168.2.191. If you insist on *your* IP range, then as I said, you have to use that long list above instead.
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top