Re: [Astlinux-users] Wireguard Mobile Client
Great ... be sure to test the /23 . Lonnie > On Sep 5, 2021, at 6:30 PM, Michael Knill > wrote: > > Thanks Lonnie > > No that cannot happen as the softswitch only connects to a single Astlinux > peer IP address e.g. Peer 1 - 10.4.1.1/32, Peer 2 - 10.4.1.2/32 > All the Astlinux peers would have the same locally significant range > 10.4.0.1-254. All calls to the softswitch from a remote peer are terminated > by Asterisk with no direct media. > > Looks like this is what I will do then. Nice! Thanks again. > > Regards > Michael Knill > > On 6/9/21, 8:11 am, "Lonnie Abelbeck" wrote: > >That should work, be a CIDR ninja. :-) > >Though if you want your "softswitch" to route to a remote Mobile Client, > /23's all around might be needed. > >Lonnie > > > >> On Sep 5, 2021, at 4:47 PM, Michael Knill >> wrote: >> >> Thanks Lonnie >> >> So what I am thinking is that I will use a /23 on the remote system but >> continue to use /24 for my softswitch on the higher subnet. This will give a >> total of 250 VPN connections to the Softswitch. >> Each remote system will then have the lower subnet for local connectivity >> only for mobile peers and remote peers. >> >> So for your example below, the softswitch will be on 10.4.1.254/24 for >> instance and the remote peer will be on 10.4.1.1-250 but will be configured >> as a /23 so it has all 10.4.0.x for local connections. >> >> What do you think? >> >> Regards >> Michael Knill >> >> On 4/9/21, 12:35 pm, "Lonnie Abelbeck" wrote: >> >> Hi Michael, >> >> As per the docs, the range of .101 to .199 is reserved for mobile clients. >> -- >> Note -> Mobile Clients are automatically assigned a unique IP address in >> the range of .101 to .199 for the last octet (example here: 10.4.0.101 to >> 10.4.0.199). Best practice is to refrain from using IP's in this range for >> both this tunnel's “IPv4 Address” (above) and Remote Peer's IP address so >> both configuration types can coexist. Similarly for IPv6 the Mobile Client >> reserved range is …:0101 to …:0199. >> -- >> When a new Mobile Client is added, it will only check other mobile clients >> for uniqueness, not manually added remote peers. >> >> >> Alternatively, if you need more than ~150 manually added remote peers, it >> should be possible to use a /23 (255.255.254.0) IPv4 NetMask. >> >> Using: netcalc 10.4.0.1/23 >> -- >> HostMin : 10.4.0.1 1010.0100.000 0.0001 >> HostMax : 10.4.1.254 1010.0100.000 1.1110 >> -- >> Here the reserved mobile client range is still 10.4.0.101 to 10.4.0.199 >> >> You have the previous ~150 manually added remote peer range plus a ~250 >> 10.4.1.x range. >> >> This /23 subnet should work for the WireGuard -> Tunnel Options: -> IPv4 >> NetMask: 255.255.254.0 >> >> but I have not tested it much. Would that work for you? >> >> Lonnie >> >> >> >>> On Sep 3, 2021, at 7:46 PM, Michael Knill >>> wrote: >>> >>> Hi Group >>> >>> Is there any reason that I could not use the .101 to .199 subnet addresses >>> for Remote Peers? If I do add a mobile peer will it check Remote Peers when >>> allocating an IP addresses or would I need to manually check there are no >>> duplicates? >>> As I am moving to cloud hosting most of my systems now with direct mobile >>> connectivity, I don't need to use mobile peers but I do need the address >>> space. >>> >>> Regards >>> >>> Michael Knill >>> Managing Director >>> >>> D: +61 2 6189 1360 >>> P: +61 2 6140 4656 >>> E: michael.kn...@ipcsolutions.com.au >>> W: ipcsolutions.com.au >>> >>> >>> Smarter Business Communications >>> >>> ___ >>> Astlinux-users mailing list >>> Astlinux-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users >>> >>> Donations to support AstLinux are graciously accepted via PayPal to >>> pay...@krisk.org. >> >> >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. >> >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > >___ >Astlinux-users mailing list >Astlinux-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/astlinux-users > >Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net
Re: [Astlinux-users] Wireguard Mobile Client
Thanks Lonnie No that cannot happen as the softswitch only connects to a single Astlinux peer IP address e.g. Peer 1 - 10.4.1.1/32, Peer 2 - 10.4.1.2/32 All the Astlinux peers would have the same locally significant range 10.4.0.1-254. All calls to the softswitch from a remote peer are terminated by Asterisk with no direct media. Looks like this is what I will do then. Nice! Thanks again. Regards Michael Knill On 6/9/21, 8:11 am, "Lonnie Abelbeck" wrote: That should work, be a CIDR ninja. :-) Though if you want your "softswitch" to route to a remote Mobile Client, /23's all around might be needed. Lonnie > On Sep 5, 2021, at 4:47 PM, Michael Knill wrote: > > Thanks Lonnie > > So what I am thinking is that I will use a /23 on the remote system but continue to use /24 for my softswitch on the higher subnet. This will give a total of 250 VPN connections to the Softswitch. > Each remote system will then have the lower subnet for local connectivity only for mobile peers and remote peers. > > So for your example below, the softswitch will be on 10.4.1.254/24 for instance and the remote peer will be on 10.4.1.1-250 but will be configured as a /23 so it has all 10.4.0.x for local connections. > > What do you think? > > Regards > Michael Knill > > On 4/9/21, 12:35 pm, "Lonnie Abelbeck" wrote: > >Hi Michael, > >As per the docs, the range of .101 to .199 is reserved for mobile clients. >-- >Note -> Mobile Clients are automatically assigned a unique IP address in the range of .101 to .199 for the last octet (example here: 10.4.0.101 to 10.4.0.199). Best practice is to refrain from using IP's in this range for both this tunnel's “IPv4 Address” (above) and Remote Peer's IP address so both configuration types can coexist. Similarly for IPv6 the Mobile Client reserved range is …:0101 to …:0199. >-- >When a new Mobile Client is added, it will only check other mobile clients for uniqueness, not manually added remote peers. > > >Alternatively, if you need more than ~150 manually added remote peers, it should be possible to use a /23 (255.255.254.0) IPv4 NetMask. > >Using: netcalc 10.4.0.1/23 >-- >HostMin : 10.4.0.1 1010.0100.000 0.0001 >HostMax : 10.4.1.254 1010.0100.000 1.1110 >-- >Here the reserved mobile client range is still 10.4.0.101 to 10.4.0.199 > >You have the previous ~150 manually added remote peer range plus a ~250 10.4.1.x range. > >This /23 subnet should work for the WireGuard -> Tunnel Options: -> IPv4 NetMask: 255.255.254.0 > >but I have not tested it much. Would that work for you? > >Lonnie > > > >> On Sep 3, 2021, at 7:46 PM, Michael Knill wrote: >> >> Hi Group >> >> Is there any reason that I could not use the .101 to .199 subnet addresses for Remote Peers? If I do add a mobile peer will it check Remote Peers when allocating an IP addresses or would I need to manually check there are no duplicates? >> As I am moving to cloud hosting most of my systems now with direct mobile connectivity, I don't need to use mobile peers but I do need the address space. >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: michael.kn...@ipcsolutions.com.au >> W: ipcsolutions.com.au >> >> >> Smarter Business Communications >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. > > > >___ >Astlinux-users mailing list >Astlinux-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/astlinux-users > >Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ___ Astlinux-users mailing list Astli
Re: [Astlinux-users] Wireguard Mobile Client
That should work, be a CIDR ninja. :-) Though if you want your "softswitch" to route to a remote Mobile Client, /23's all around might be needed. Lonnie > On Sep 5, 2021, at 4:47 PM, Michael Knill > wrote: > > Thanks Lonnie > > So what I am thinking is that I will use a /23 on the remote system but > continue to use /24 for my softswitch on the higher subnet. This will give a > total of 250 VPN connections to the Softswitch. > Each remote system will then have the lower subnet for local connectivity > only for mobile peers and remote peers. > > So for your example below, the softswitch will be on 10.4.1.254/24 for > instance and the remote peer will be on 10.4.1.1-250 but will be configured > as a /23 so it has all 10.4.0.x for local connections. > > What do you think? > > Regards > Michael Knill > > On 4/9/21, 12:35 pm, "Lonnie Abelbeck" wrote: > >Hi Michael, > >As per the docs, the range of .101 to .199 is reserved for mobile clients. >-- >Note -> Mobile Clients are automatically assigned a unique IP address in > the range of .101 to .199 for the last octet (example here: 10.4.0.101 to > 10.4.0.199). Best practice is to refrain from using IP's in this range for > both this tunnel's “IPv4 Address” (above) and Remote Peer's IP address so > both configuration types can coexist. Similarly for IPv6 the Mobile Client > reserved range is …:0101 to …:0199. >-- >When a new Mobile Client is added, it will only check other mobile clients > for uniqueness, not manually added remote peers. > > >Alternatively, if you need more than ~150 manually added remote peers, it > should be possible to use a /23 (255.255.254.0) IPv4 NetMask. > >Using: netcalc 10.4.0.1/23 >-- >HostMin : 10.4.0.1 1010.0100.000 0.0001 >HostMax : 10.4.1.254 1010.0100.000 1.1110 >-- >Here the reserved mobile client range is still 10.4.0.101 to 10.4.0.199 > >You have the previous ~150 manually added remote peer range plus a ~250 > 10.4.1.x range. > >This /23 subnet should work for the WireGuard -> Tunnel Options: -> IPv4 > NetMask: 255.255.254.0 > >but I have not tested it much. Would that work for you? > >Lonnie > > > >> On Sep 3, 2021, at 7:46 PM, Michael Knill >> wrote: >> >> Hi Group >> >> Is there any reason that I could not use the .101 to .199 subnet addresses >> for Remote Peers? If I do add a mobile peer will it check Remote Peers when >> allocating an IP addresses or would I need to manually check there are no >> duplicates? >> As I am moving to cloud hosting most of my systems now with direct mobile >> connectivity, I don't need to use mobile peers but I do need the address >> space. >> >> Regards >> >> Michael Knill >> Managing Director >> >> D: +61 2 6189 1360 >> P: +61 2 6140 4656 >> E: michael.kn...@ipcsolutions.com.au >> W: ipcsolutions.com.au >> >> >> Smarter Business Communications >> >> ___ >> Astlinux-users mailing list >> Astlinux-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pay...@krisk.org. > > > >___ >Astlinux-users mailing list >Astlinux-users@lists.sourceforge.net >https://lists.sourceforge.net/lists/listinfo/astlinux-users > >Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Wireguard Mobile Client
Thanks Lonnie So what I am thinking is that I will use a /23 on the remote system but continue to use /24 for my softswitch on the higher subnet. This will give a total of 250 VPN connections to the Softswitch. Each remote system will then have the lower subnet for local connectivity only for mobile peers and remote peers. So for your example below, the softswitch will be on 10.4.1.254/24 for instance and the remote peer will be on 10.4.1.1-250 but will be configured as a /23 so it has all 10.4.0.x for local connections. What do you think? Regards Michael Knill On 4/9/21, 12:35 pm, "Lonnie Abelbeck" wrote: Hi Michael, As per the docs, the range of .101 to .199 is reserved for mobile clients. -- Note -> Mobile Clients are automatically assigned a unique IP address in the range of .101 to .199 for the last octet (example here: 10.4.0.101 to 10.4.0.199). Best practice is to refrain from using IP's in this range for both this tunnel's “IPv4 Address” (above) and Remote Peer's IP address so both configuration types can coexist. Similarly for IPv6 the Mobile Client reserved range is …:0101 to …:0199. -- When a new Mobile Client is added, it will only check other mobile clients for uniqueness, not manually added remote peers. Alternatively, if you need more than ~150 manually added remote peers, it should be possible to use a /23 (255.255.254.0) IPv4 NetMask. Using: netcalc 10.4.0.1/23 -- HostMin : 10.4.0.1 1010.0100.000 0.0001 HostMax : 10.4.1.254 1010.0100.000 1.1110 -- Here the reserved mobile client range is still 10.4.0.101 to 10.4.0.199 You have the previous ~150 manually added remote peer range plus a ~250 10.4.1.x range. This /23 subnet should work for the WireGuard -> Tunnel Options: -> IPv4 NetMask: 255.255.254.0 but I have not tested it much. Would that work for you? Lonnie > On Sep 3, 2021, at 7:46 PM, Michael Knill wrote: > > Hi Group > > Is there any reason that I could not use the .101 to .199 subnet addresses for Remote Peers? If I do add a mobile peer will it check Remote Peers when allocating an IP addresses or would I need to manually check there are no duplicates? > As I am moving to cloud hosting most of my systems now with direct mobile connectivity, I don't need to use mobile peers but I do need the address space. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
Re: [Astlinux-users] Wireguard Mobile Client
Hi Michael, As per the docs, the range of .101 to .199 is reserved for mobile clients. -- Note -> Mobile Clients are automatically assigned a unique IP address in the range of .101 to .199 for the last octet (example here: 10.4.0.101 to 10.4.0.199). Best practice is to refrain from using IP's in this range for both this tunnel's “IPv4 Address” (above) and Remote Peer's IP address so both configuration types can coexist. Similarly for IPv6 the Mobile Client reserved range is …:0101 to …:0199. -- When a new Mobile Client is added, it will only check other mobile clients for uniqueness, not manually added remote peers. Alternatively, if you need more than ~150 manually added remote peers, it should be possible to use a /23 (255.255.254.0) IPv4 NetMask. Using: netcalc 10.4.0.1/23 -- HostMin : 10.4.0.1 1010.0100.000 0.0001 HostMax : 10.4.1.254 1010.0100.000 1.1110 -- Here the reserved mobile client range is still 10.4.0.101 to 10.4.0.199 You have the previous ~150 manually added remote peer range plus a ~250 10.4.1.x range. This /23 subnet should work for the WireGuard -> Tunnel Options: -> IPv4 NetMask: 255.255.254.0 but I have not tested it much. Would that work for you? Lonnie > On Sep 3, 2021, at 7:46 PM, Michael Knill > wrote: > > Hi Group > > Is there any reason that I could not use the .101 to .199 subnet addresses > for Remote Peers? If I do add a mobile peer will it check Remote Peers when > allocating an IP addresses or would I need to manually check there are no > duplicates? > As I am moving to cloud hosting most of my systems now with direct mobile > connectivity, I don't need to use mobile peers but I do need the address > space. > > Regards > > Michael Knill > Managing Director > > D: +61 2 6189 1360 > P: +61 2 6140 4656 > E: michael.kn...@ipcsolutions.com.au > W: ipcsolutions.com.au > > > Smarter Business Communications > > ___ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. ___ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
