diff --git a/modules/aws-vpc/main.tf b/modules/aws-vpc/main.tf
index 54787cb..bb35e30 100644
--- a/modules/aws-vpc/main.tf
+++ b/modules/aws-vpc/main.tf
@@ -1,6 +1,6 @@
 /* The VPN allows us to limit certain traffic to just local network */
 resource "aws_vpc" "main" {
-  cidr_block       = "10.0.0.0/16"
+  cidr_block       = var.vpc_cidr_block
   instance_tenancy = "default"
 
   enable_dns_support   = true
@@ -14,7 +14,7 @@ resource "aws_vpc" "main" {
 /* A VPN can't exist by itself, a subnet is necessary to add instances */
 resource "aws_subnet" "main" {
   vpc_id     = aws_vpc.main.id
-  cidr_block = "10.0.1.0/24"
+  cidr_block = var.subnet_cidr_block
 
   /* Needs to be the same as the instances zone */
   availability_zone = var.zone
diff --git a/modules/aws-vpc/variables.tf b/modules/aws-vpc/variables.tf
index f0e483a..363333f 100644
--- a/modules/aws-vpc/variables.tf
+++ b/modules/aws-vpc/variables.tf
@@ -6,6 +6,20 @@ variable "zone" {
   default     = "eu-central-1a"
 }
 
+variable "vpc_cidr_block" {
+  description = "IPv4 address space from Classless Inter-Domain Routing for VPC."
+  type        = string
+  default     = "172.20.0.0/16"
+  # WARNING: We can't use 10.0.0.0/8 here because Tinc VPN already does.
+  # Details: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html
+}
+
+variable "subnet_cidr_block" {
+  description = "Subnet of the VPC CIDR block address space."
+  type        = string
+  default     = "172.20.1.0/24"
+}
+
 /* FIREWALL--------------------------------------*/
 
 variable "open_tcp_ports" {