--- name: howard-home-lan-shadow description: Howard-Home LAN is now 10.137.42.0/24 (renumbered 2026-06-16 off 192.168.0.0/24) — Cascades .0.x VPN shadow RESOLVED metadata: type: project --- Howard-Home LAN = **10.137.42.0/24**, gateway+DNS **10.137.42.1** (a **UniFi OS gateway**, cert CN=unifi.local — NOT pfSense). Howard renumbered it on **2026-06-16** (was 192.168.0.0/24). **Why it was changed:** the old 192.168.0.0/24 **shadowed Cascades' 192.168.0.0/24** (Cascades pfSense .0.1, NAS .0.120). With both on the same subnet, the OS preferred the directly-connected local /24, so Cascades-VPN traffic to 192.168.0.x went to Howard's home UniFi instead of across the tunnel (Cascades APs on 192.168.2.x/3.x worked; .0.x did not). A /32 route couldn't fix it because .0.1 was Howard's own home gateway. Renumbering home to 10.137.42.0/24 frees 192.168.0.0/24 to route over the VPN. **Status: RESOLVED.** From Howard-Home, 192.168.0.x (Cascades pfSense/NAS) should now route via the Cascades VPN (confirm the .ovpn still pushes route 192.168.0.0/22). This removes the home-side blocker on the pfSense compat-layer live validation — though that work is ALSO separately ON HOLD on the Cascades pfSense being too old to install the RESTAPI package (see ROADMAP §E / [[MEMORY]]). **How to apply:** Howard-Home is 10.137.42.x now — don't assume 192.168.0.x for this machine. If the Cascades VPN still can't reach .0.x, check the ovpn route + that no other local interface re-collides.