OK, thank you very much. Your opinions have been very usefull and clarify me a lot of things.
Well, really I never understood why the classes were design at all, as the important thing is what are the range of available IPs you have at your disposal (public or private) and the you use the masks to organize hat range of addresses in subnets to optimize traffic or isolate lans.
But there has been Class A, B or C for long time.
If you search for 192.168.0.0 you find it is a /16 wide range of contiguos addresses marked as private and thus routers will disregard them at their wan interface.
But almost everywhere they are designated as /24 class C addresses (255 calss C or /24 nets).
As you say at least in theory yo can subdivide that range in other sunets like 64 /22 subnets.
But most of IPv4 calculators will only let you use /24 subnets or narrower (/26 for example).
That made me think that there may be some "eastern egg" hidden in that approach, and I should steer away of trying to use that addresses wider than the commented /24 networ.
So I will decide between a 192.168.XXX.XXX/22 network and a 10.XXX.XXX.XXX/22 one just taking into account how easy it is for me to remember the address (trying to elude the most common ones) and how ofter people uses taht networks.
I think 192.168.xxx.xxx is quite more common than 10.xxx.xxx.xxx (at least in home or non professional environments) and they are even easier to remember, and there are plenty of /22 networks to choose from (32767 versus 127) so I think I will choose a 10.xxx.xxx.xxx/22 network for my home lan and iot networks.
Thank you very much.
I will try these days to configure wireguard in my main router, and after that, a VLAN got get two separate (lan and iot) network, and the secondary router just as a wireless AP and switch for the connected devices in that area.
Yes. This was called "classful networking" and was used from 1981-1993. In '93, CIDR was introduced, and the concept of classful networking was deprecated. So it was the norm for 12 years and then began to be phased out... it has been almost 30 years since the introduction of classless inter-domain routing.
All of this is part of RFC1918. However, routers do not necessarily disregard these addresses on the WAN interface. It very much depends on the configuration of the router. Typically, consumer routers will actually forward RFC1918 addresses upstream (it from the LAN to the WAN) and will operate normally if there is an RFC1918 address on the WAN (provided that it doesn't overlap the LAN address range). This depends on a number of factors with respect to the configuration of the router and the specifics of the upstream network.'
What is more important is that the ISPs drop all RFC1918 traffic that might ingress to their part of the network from a customer's network.
I don't know what IPv4 subnet calculators you are using, but I've never seen one that will not allow you to calculate a larger subnet. Try finding other calculators (i.e. apps or websites) -- clearly the one you're using is poorly designed.
After all this infor, I think I will use a 10.xxx.xxx.0/22 network for my home lan network and another separate 10.yyy.yyy.0/22 network for my iot devices
If I create a guest network for guests with connection only to internet I will assign a classic 192.168.1.xxx/24 network with .1 being the gateway.
And for the VPN a 172.20.xxx.0/24 with server in .1 will do the trick (and easily to differentiate local addresses from vpn tunnel).
While there are some 'wrong' ways to do things, most of what you're planning is really an issue of preference or opinion -- there are countless ways of implementing things the right way when it comes to your network definitions and such.
Yes of course at the end is a matter of just mental organization and easy remembering of the important IP addresses (the router, server and the likes).
But if I can reduce the exposition to problems when connecting throught VPN, much better.
And as you said, using a narrower IP network will reduce the probability of colitions, while having more than 255 address space lets me organize the networ in kind of devices with easy to remember address (that was what I mean before when I used the term "organize devices by class" as it is not a network class, or anything to do with that: they are all in the same 10 bit length network and directly addressable within that net without routing).
Thanks again.
Will see now if I get wireGuard workgin in the new device acting as main router.
If I have problems I will post a new thread with the firewall and network files and the remote config of the peer.