7 Apr
2019
7 Apr
'19
4:56 a.m.
Rob et al;
This user is flagged RADIO only in his config and
should not be a listed
"gateway" at all:
...
If this is causing an issue, let me know and I'll
send him a note asking
him what he's looking to do and point him to a few things that may help
him out.
Well, the recurring issue is that users do not really understand the whole
system and still are expected to manage it themselves via the portal.
This does not work well. They experiment with entering some data, see it
appear listed under their account, but do not understand what it is for.
They leave it there and move on to another experiment.
I do not blame them, it is a complicated matter and there are many options
of connecting to the network. On my own pages I strongly advise against
using the portal and instead mail me with the request they have, usually
they do not want to use IPIP anyway and registering on the portal does more
harm than good.
Of course it could be improved in the portal user interface, but it has been
claimed before that restricting people to making valid entries (i.e. the
external gateway address is NOT in net-44 and the advertised subnets are
owned by the gateway operator) causes issues in some niche situations.
Hence those checks have been removed, and users are no longer guided towards
what they should and should not (and probably don't want to) do.
Users get an address from me, and register a gateway in the portal with that
address as external address (this is what caused the mishap this week!).
Moreover, they have to add advertised networks and they do not understand
that they first have to request a network to be assigned to them, and they
pick a random network from the pulldown list (this happened with the same user).
So I am all for a change towards a system where people like coordinators or
other experienced users have to validate the entered gateway configuration
before it becomes active.
But recognizing that this would require more programming work in the portal
(and thus in practice will not happen), I am for a reduction of the complexity
and vulnerability of the system by removing dangerous capabilities that
almost nobody uses, such as having the gateway address within net-44 and the
advertisement of networks not owned by the user. They could still be allowed
for existing users and could still be modified by administrators of the portal,
but not by end-users.
Rob