diff --git a/roles/nextcloud/templates/nextcloud.conf.j2 b/roles/nextcloud/templates/nextcloud.conf.j2
index f3f717a63..ef80b4b59 100644
--- a/roles/nextcloud/templates/nextcloud.conf.j2
+++ b/roles/nextcloud/templates/nextcloud.conf.j2
@@ -12,14 +12,15 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
     # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
     Require all granted
     # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
-    #Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+    #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
 {% else %}
     # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
     #Require all granted
     # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
-    Require ip 127.0.0.1 172.18.96.1/255.255.224.0 192.168 10
+    Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
 {% endif %}
-    # AVOID THIS LINE WHICH CAUSES PROBLEMS IN SCHOOLS WITH 192.168.1.x etc:
+{# Reminder that {{ lan_ip }}/{{ lan_netmask }} is 172.18.96.1/255.255.224.0 #}
+    # AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z:
     #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
     </IfModule>
     <IfModule !mod_authz_core.c>