In Which CGNAT Is Good For Something

And that something is their address space.

I’ve been having a few minor… annoyances recently, with certain applications who feel that if they grab one of the less used chunks of private address space, it’s most likely that nothing will be using that.

(Yes, Windows Subsystem for Linux, that is a shot. Just because I’m not using 172.19.0.0/16 on any of the interfaces on the machine you’re running on doesn’t mean that I’m not using them, and my VPN server does not thank you for grabbing it. Or rather, did not.)

So I happened to be playing around with an intriguing VPN/virtual-WAN product called Tailscale (hat tip: Scott Hanselman), which while it doesn’t entirely fit my use case here, did give me an idea, via this note in its FAQ.

Because as it happens, my remote-device VPN (based on WireGuard) also could use some addresses that don’t conflict with commonly used private addresses, and technically is also carrying intermediate NATed traffic that is neither on my LAN or the public Internet. Okay, so it’s hard to argue even in the philosophical sense that it’s a service provider, but enh. Two out of three ain’t bad, like the song says.

And renumbering it to use 100.0.0.0/8 surely does clean up all those annoying collisions.