17 Jun
2015
17 Jun
'15
2:46 p.m.
On Tue, Jun 16, 2015 at 11:01 PM, Brian Kantor <Brian(a)ucsd.edu> wrote:
There were, in fact, several of case (3) which of course did NOT work.
If in fact the HAMWAN entry is needed, I can ask Chris to undo the
restriction and then we'll just have to be extra vigilent about checking
new gateway entries. Mistakes will happen and have to be corrected.
The difference is that 44 addresses can be valid gateway destinations as
long as that IP doesn't exist in any of the subnets that have IPIP tunnels
configured.
There's a good chance that the mistakes others made were specifying a
44-based gateway address that existed within the same subnet they're trying
to tunnel. Assuming Chris already has an easy way to do IP math in the
portal, then he should still be able to restrict that mistake. If you
wanted to be thorough, you could also reject any gateway IP that happens to
match the subnet of any tunnel.