Thanks for your answer. Actually I use ocserv on my OpenWrt router where only v0.8.9 is available in its stable release (Barrier Breaker 14.07). Then I may try v0.9.2 in its trunk release. THX again. regards, tefeng On 2015/2/27 16:57, Nikos Mavrogiannopoulos wrote: > On Fri, Feb 27, 2015 at 9:35 AM, tefeng <tefeng.em at gmail.com> wrote: >> Thanks for your quick reply. >> The network of 192.168.100.0/24 belongs to ocserv while my network on the >> server is still 192.168.1.0/24. They communicate each other by route >> settings. > nice. > >> I've enabled an input rule in firewall settings on the server side, like the >> following one: >> iptables -I INPUT -i vpns+ -s 192.168.100.0/24 -j ACCEPT > You'll most probably need to enable forwarding as well. > >> After the vpn connection established, the client got an IP like >> 192.168.100.x from the DHCP server. > You got that from ocserv. > >> As far as my understanding goes, both >> 192.168.100.1 and 192.168.1.1 are bound to the server interface. But "ping >> 192.168.100.1" on the client side failed while "ping 192.168.1.1" > If you use ocserv-0.9.2 then it will claim the first address of the > provided network, i.e., 192.168.100.1 in your case and will reply to > that address. However in 0.8.9 that you use it shows a different > address on each client. If you client got 192.168.100.15, you should > see the server on 192.168.100.14 or 16 (don't remember). > >> Another question: is there any difference between 192.168.100.0 and >> 192.168.100.1 when setting up the parameter "ipv4-network"? > 192.168.100.1 is not a network address, but ocserv will convert it to > one anyway by masking it with your netmask. > > regards, > Nikos
