ipv4-network gateway IP does not seem to exist?

tefeng tefeng.em at gmail.com
Fri Feb 27 00:35:17 PST 2015 

Thanks for your quick reply.

The network of 192.168.100.0/24 belongs to ocserv while my network on 
the server is still 192.168.1.0/24.  They communicate each other by 
route settings.

I've enabled an input rule in firewall settings on the server side, like 
the following one:
     iptables -I INPUT -i vpns+ -s 192.168.100.0/24 -j ACCEPT

After the vpn connection established, the client got an IP like 
192.168.100.x from the DHCP server.  As far as my understanding goes, 
both 192.168.100.1 and 192.168.1.1 are bound to the server interface.  
But "ping 192.168.100.1" on the client side failed while "ping 
192.168.1.1" succeeded.  There doesn't seem to exist 192.168.100.1 
before I manually run "ip addr add 192.168.100.1/24 dev eth0.2".

For some reasons I must set the vpn server where a DNS server resides as 
the only DNS one.  So I have to set 192.168.100.1 instead of 192.168.1.1 
as the DNS server for ocserv's vpn network.  That should avoid network 
conflict sometimes when I initiate the connection from a vpn client 
which is also in a network like 192.168.1.0/24.

Another question: is there any difference between 192.168.100.0 and 
192.168.100.1 when setting up the parameter "ipv4-network"?

regards,
tefeng



On 2015/2/27 15:26, Nikos Mavrogiannopoulos wrote:
> On Fri, 2015-02-27 at 13:18 +0800, tefeng wrote:
>> Hi, All,
>>
>> I've installed ocserv 0.8.9 and it worked well except that the gateway
>> ip address of ipv4-network does not seem to exist.
> What is the gateway address of the ipv4-network? Do you mean the ocserv
> address, or the address of the gateway of your network? If you mean
> the ocserv address that can be seen in the vpns device in the server. If
> however you mean the gateway of your network, then your settings:
>
>> It contains the following lines in ocserv.conf:
>>       ipv4-network = 192.168.100.0
>>       ipv4-netmask = 255.255.255.0
>>       dns = 192.168.100.1
> are wrong. There you should specify the network to be used by ocserv,
> not your LAN network addresses. These two networks will communicate by
> setting the appropriate routes.
>
> regards,
> Nikos
>
>

More information about the openconnect-devel mailing list