What's new

Explain IP pools to me like i'm seven years old

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

gdgross

Occasional Visitor
Hi all. I'm trying to set up a VPN server using PPTP protocol on my TPLink ER605 router to access things on my local network remotely, a mac mini in particular. I need to choose an allowable set of IP addresses that the VPN clients can use.

What do I choose for these? Anything I want? Are these local IP addresses, as in, on my LAN only? Or do they need to include the pulbic IP addresses of computers that I'll want to use as clients?

The videos I've found on YT are remarkably unhelpful; they just walk you through the steps on how to set it up, but don't explain the meaning or application of what they are demonstrating. (like my question above) If there's some white paper or VPN setup for dummies video I could review, that might be helpful too. 🙃

Thanks
Geoff
 
Don't use the PPTP protocol. It is obsolete and insecure.
 
An IP pool is a range of internet addresses, public or private. See: https://en.wikipedia.org/wiki/IP_address
For your use, an address pool is assigned by your router's DHCP (Dynamic Host Configuration Protocol). Usually like 192.168.x.x which is a non route-able address range or private address. You can also use addresses in the 10.x.x.x range as private. Normally your VPN server will use a range different from the router. For example: if the router address is 192.168.50.1 and its address pool is 192.168.50.2 to 254 with a subnet mask of 255.255.255.0 the VPN could use an address pool of 10.6.x.x. Usually your router will assign an address pool when setting up a VPN. If it dosen't I would look for a better router.
 
If you try to explain IP pools to a seven-year-old, you get jello up the walls, and end up sleeping in the garage when the other half finds out!
 
Hmm... Looking at the users guide for the ER605 it seems like you will need to be a networking wizard to use it. The VPN's offered are pretty old school. If you must use the ER605 you might try OpenWRT on it as it may ne easier to configure and offer better VPN like OpenVPN and Wireguard.
 
PPTP protocol on my TPLink ER605 router to access things on my local network, a mac mini in particular, remotely. I need to choose an allowable set of IP addresses that the clients can use.

What do I choose for these? Anything I want? Are these local IP addresses, as in, on my LAN only? Or do they need to include the pulbic IP addresses of computers that I'll want to use as clients?

Don't use the PPTP protocol. It is obsolete and insecure.
ok, no prob - any one of these a better option? I'm trying to stick with something that's built into windows on the client side:

1713297308134.png
 
Why? Download OpenVPN and use that instead.
 
Looking at the users guide for the ER605 it seems like you will need to be a networking wizard to use it.

You need to know what do you want first. May look more complicated because it's a business router (although entry-level) with VLAN, multi-WAN, Policy Routing, User Management, etc. and they all are in respective sections of the UI. With no VLANs defined, single WAN and everything routed back through the VPN it can be as simple as this:

1713307054158.png


Similar to Asus default settings on the example above. This router (v2.6 at least) also has WireGuard available. Stand-alone UI has somewhat limited configuration settings, Omada SDN Controller opens additional options. This model is part of Omada integrated solutions. I don't have one in my hands, using the UI emulator.
 
If you try to explain IP pools to a seven-year-old, you get jello up the walls, and end up sleeping in the garage when the other half finds out!

Let's say at your house, you have two mailboxes - one for the owner, and one for the guests.

All sorts of mail coming in has to go into one of those boxes, and only into one of those mailboxes.

Those mailboxes, owner and guest, define the IP pools - the size of the mailbox is defined by the start and end range of the IP address pool.

Let's say we only want 50 letters in the owner mailbox - we can define this as a range of addresses as 192.168.1.1 thru 192.168.1.49, and the guest mailbox can hold 20 letters at most, so we can define that range from 192.168.2.1 thru 192.168.2.19

So if the postman has a letter addressed to 192.168.1.25, it goes into the owner's mailbox, and the letter addressed to 192.168.2.12 goes into the guest mailbox.

Does that help?
 
IP address pools are a set of IP addresses usually a network that would be a scope in a large IP address space defined by a DHCP server. They do not need to be private. We had around 15,000 public IPs we used at my old work.
So, a DHCP server has multiple scopes, it can be 1 scope, which are IP address pools defined to it.

I would think L2TP\IPsec with certificate would be safe. I have been out of the VPN game for a long time.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top