Custom IPv4 and IPv6 address pool in the future

Hi guys,

from .env file I can read:

# The ability to change the IPv4 and IPv6 address pool will be removed
# in a future Firezone release in order to reduce the possible combinations
# of network configurations we need to handle.

Could you confirm that? Our local network reside on CIDR and I suspect that this will overlap…


@jamil any news about that?


@g.vecchi Yes, we plan to use for ipv4 and fd00:2021:1111::/48 for ipv6 in 1.0.

We used to allow custom pools, but it was an absolute nightmare for debugging and support.

Could you elaborate why your local network resides on the CGNAT space? Typically we see RFC1918 space used for local networks.

We plan to use /32s for devices and resources in Firezone for 1.0, so the likelihood of a collision that can’t be worked around should be very low.

We deploy our custom network probe on local network of our customers: using CGNAT space and vpn allows them to contact our services backend without exposing them to internet (because the tun interface address will not overlap with customer local block); then, keeping the rest of our local network on the same space, allow us to keep internal visibility simpler (because of no NAT).
Please consider keep the possibility of using a custom IPv4 pool at least for self-hosterdscenario.


@jamil being able to configure a subnet of may be fine though (ex: