If you have an Internet router, users who also have Internet routers can’t access your VPN service if their intranet addresses begin with the same three numbers as yours.
For example, if your server’s IP address is 192.168.1.101, users can’t access your VPN service from other intranets with addresses that begin with 192.168.1.
Private networks can use addresses beginning with 192.168.0 through 192.168.254, 10.0.0 through 10.254.254, and 172.16.0 through 172.31.254. In all cases, use subnet mask 255.255.255.0.
You can ask VPN users to change the IP addresses on their home networks so the first three numbers of their IP address are different from the ones on your intranet.
For example, if your intranet IP addresses begin with 192.168.1, ask VPN users to use IP addresses beginning with 192.168.2 on their home networks.
To avoid conflicts with VPN users’ IP addresses, you can use an uncommon IP address range on your intranet.
Change the IP addresses of your server and all other devices on your intranet so they don’t use the most common defaults on Internet routers, which are 10.0.1, 192.168.0, and 192.168.1.
You can simply pick a different number between 2 and 254 for the third number of your intranet IP addresses. For example, if your intranet IP addresses begin with 192.168.1, change them to begin with 192.168.58 or 192.168.177. If your intranet IP addresses begin with 10.0.1, change them to begin with 10.0.29 or 10.0.103. You can also use 172.16.0 through 172.31.255. In all cases, use subnet mask 255.255.255.0.
Change the IP addresses that your Internet router or other DHCP server assigns to computers on your intranet.
If you have an AirPort Extreme Base Station (802.11n) or a Time Capsule, use AirPort Utility. For instructions, see AirPort Utility Help. For information about a different Internet router, see its documentation.