Making things clearer - writing for dummies

Dear Michael, dear IPFire comunity,
I am a Dummie. I am (unfortunately) Windows based user, who however were able to install Hackintosh to several Laptops without posting dummie questions in Hackintosh comunities. The only post there was “Thank you” to author who provided step by step install proceedure.

Now my second chalange is to built from my 10y old i5 quad core pc a router with Samba, VPN client paid service and download manager.

Im almost there unfortunately not with IPFire, which was for me the most “intuitive” firewall software from all 4 (IPFire, PfSense, OpenWRT, DDWRT) I considered. The problem was to configure VPN Client paid service, for which I didnt find clear Dummie step by step tutorial…

That said I think your wiki is great help for people.

The problem I faced was a VPN Client paid service (I think its called net-net).
I wish I have the same menu on IPFire like on ASUS router:

Step1 Upload *.ovpn file
Step2 Fill Username and Password.

and voila VPN works

To make User firendly intuitive VPNClient tab woud be great.
Samba was understandable however I couldnt get it work the way I needed.

Every from my 4 Firewall software a VPN Client require a lot of configurtion steps which varies from forum to forum from user to user and I didnt find proper guide on IPFire Wiki.
I have found it at the end on IPFire forum, but it does not work well for me and I really needed to get it to work so I looked elsewhere and now Im using something which was much mooooore comlplicated than IPFire but the pages has Great user manual and Guides and with them I was able to get it work (without asking)

From my 20y experience in various forum Communities I learned that Admin reaktions varied. Some of them didnt respond the questions which were already answered and deleted the dummie posts, Some of them patiently answered evrery questons, some of them posted 1 warning, that if comes another dummie question they will be banned… :slight_smile:

The way how you will treat Dummies is completly up to you.

I know how bothering dummies are. I hope I didnt bother you much with my post.
Just my 2cents

With all my respect to your work
C.

On the topic of VPN providers: There is a reason why this is not implemented and why people should not use it. IPFire provides plenty of tools that make it possible to use it (e.g. we have an OpenVPN implementation), but we have plenty of reasons why this is not implemented in the GUI.

I find it confusing that it is assumed that we “lack” this feature, when we very often deliberately do not implement things.

Should there be pages that explain how to still do it? Maybe, but not on the official wiki. I think it is too dangerous for too many people.

Heck, even if there was ONE link in the Web UI to the Table of Contents of the Wiki, that would be better than nothing, and much easier to implement.

Hello Michael,

Well I think You have a right to decide what will be implemented in gui and what wont be. And Im pretty sure that You and the whole non-dummie community have good reasons for that. I dont know what you meant by “Too dangerous for too many people”? VPN providers or OpenVPN protocol?

And even if whatever is dangerous, isnt it for everyone to decide?
You have no responsibility for how is ipFire used, right?
So still I dont see a reason why shouldnt be something implemented

Having said that I think ipFire is a great piece of Firewall software with great potencial. And im really sorry that I do not use it because of the reasons I already mentioned.

Have a great day
C.

2 posts were split to a new topic: Redesigning the configuration pages

Dear Michael,

thanks for your post. Here are some thoughts about what you told us.

As a first point, you said, you feel that nobody reads the wiki. Where does this feeling come from. From the experience and the frustration with the support of users? How did you measure how many people are reading the wiki?

For me, the wiki was my first place to go, when I started with ipfire and it is a good first place to go. You did a good job!

Second, you said, that the questions people ask do show, that they are not well trained in running a firewall. If you mean a person like me, you are right, but what do you say to me with your statement? Do you say: “Go away here! I will not give you my golden software because you are unable to understand it?” That will not be your goal. It should be the opposite.

People like me have no other chance to get trained by doing there first steps by using an free of charge open source firewall. So in your wiki and forum there will always be people, that are not well trained. All you have to do is making clear, at the first page of your wiki, what your supposed audience for the wiki is (people who know the basics about firewall) and where the others could find the basics about running a firewall.

Or you decide, that your wiki also should train people, and you then tell them the basic secrets about running a firewall. With this you would also have done some job in securing the internet.

It is your decision.

I have more thoughts about the wiki, but not enough time to write them down here.

A web or personal meeting would be better. I have seen that the ipfire team had made some meetings in the ruhr area. I life in the ruhr area and a personal meeting would be a good idea, if you life in the ruhr area as well.

Regards

Frank

1 Like

Good. So it does work!

No, you are not mistaken. It is absolutely right where this is not acceptable that people are running a computer network if there is no, or limited knowledge about the basics. We make people have a drivers licence and that is a good concept. Nobody is allowed to cut people’s hair unless they have done training. There are too many things to get wrong.

This all depends on what the risk is. Large companies are run like this and data breaches have become a daily scandal now. It is very often presented as “well, the hacker must have been really good” when in reality they don’t need to be that. Guessing “12345” as a password is not difficult.

In a home network things are different. This forum is mainly frequented by this type of user. I guess that is why we have a lot of simple questions here.

I am just getting frustrated when people don’t search for their answer first. It simply is the easiest option for everyone.

1 Like

Hello Michael,

your hairdresser example is a good one, because tomorrow i have an appointment with him.

To get you calm, I am not so bad trained as you might expect, but to me it is unclear, what exactly, from your point of view, is a well or enough trained employee. Does the knowledge about what a web proxy is belong to that? Or does knowing the difference between DNS over TLS and DNS over HTTPS also belong to that? What about IPS?

Your idea, to have a driving license for administering a firewall, is an interesting idea. But if you dig deeper into it you will come to the point, that you’ll need an army of well trained professionals to block any kind of attack. I.e. today you also need someone who is an expert in artificial intelligence, because attacks are run by using AI today.

But I agree with you, that it is not good, when networks are managed by untrained people, no matter if it’s an big worldwide companies- or a small home network. Many “hackable” home networks are a good start for a world spanning attack.

But I have no idea how one could get out of this Problem. The only idea is to have well government-financed schools for the home sector that train IT basics free of charge, so that you have a wide fundament of trained people.

In the company sector your idea of a “driving license” seems to be a good idea, at a first glance.

Regards

Frank

It might be adequately covered already. The IPFire installer:

  • does not have a default address for GREEN
  • defaults to “static” for RED, but offers no default address
  • will require an address for “gateway”, with the above setting, in order to connect to the Internet
  • does not give default “start” & “end” addresses for DHCP
  • does not attempt to auto-assign RED & GREEN NIC

If the new user can pass the above “test” then they should have a working IPFire which, for most home users, will result in a more secure and flexible LAN

1 Like

This is a great example.

The IPFire setup process is not one of those were you click “Next”, “Next”, “Next” and finally “Finish”. IPFire simply supports too many things and there is no good default that works for everyone.

So, why should we suggest a certain default IP address for GREEN?

Probably most systems run on PPP. If anything that should be the default then. But that won’t work without any credentials. Setup is required.

And how can the system know which NIC you want to use for RED and GREEN?

These are basic steps that normally you won’t spend any time thinking about.

Lucky you :slight_smile:

I am calm. I am not stressing out over this. I am just frustrated.

That depends entirely on whether you use these things or not. But my point is that if you use them, you should think first before you click the on button.

Since everyone has at least some sort of router at home, I really wonder why it is not being taught how they work. That reason probably is the same than why we are not learning how to cook a basic meal or to do our taxes. School doesn’t teach the important stuff.

I normally approach things in the way where I read first and then do something. Sometimes I experiment first and see how things go. But the latter approach only works when the risks are low and that seems to be the important factor here: People not being aware of the risks.

I am not in favour of having bright red flashing words all over the wiki that say ATTENTION, because that is not how people are made aware. That is only scaring them.

1 Like

Would it be useful to have a ‘For beginners’ link from the front page of the wiki, which then goes to a page that says something about the amount of work involved in setting up a firewall correctly, and lists the topics which a user needs to have an understanding of before going any further?

I’ve also got some ‘Proof of Concept’ for adding a per page help link to the menus, based on a ‘help’ key in the menu file, although it only works on the ‘ipfire’ theme at the moment.

3 Likes

It used to be possible to download add-on firewall software for Windows. The IPFire Download page does not make it clear that IPFire requires dedicated hardware as well as additional skills.

This could be put on the Download page, with a link to https://wiki.ipfire.org/installation, urging people to be confident that they can do the installation, before downloading.

In my localion (AU), most people using Internet via land-line or fixed-wireless have a modem, supplied by the ISP, that is pre-configured with the subscriber’s login plus the network parameters. That gives little incentive to teach these requirements and “if it ain’t broke - don’t fix it” suits most parties.

Every customer with a custom network setup and a in-house firewall (correct port forwarding was setup during the install) was able to be VPN enabled in less than 1 hour without going on premises.
During the Lockdown this has been a enormous advantage of time and budget for enable remote access to business computer.

If that isn’t clear we should work on our website.

I like this.

I agree with your position and I will contribute where I can to improving documentation. Let me give you an illustrative example of where documentation fails.

From what I can tell you can run a VM On IPFire. All I know is that I can do it. I don’t know of any use cases. Why would I want to do this? It’s not clear what the security risks are? These are all well-known problems but it would be useful to give a paragraph or so referring users where to read up more. I’m not saying we give them the full discourse but more like “you need SSH on Windows, go get putty, here’s the link, read up, there not here”

But what is the conceptual framework of a VM running on IPFire? Here’s an example of what I want to try:

I want to experiment with wireguard and I’m not ready to make an IPFire plug-in yet. The idea is build small VM running wire guard, do some routing magic in the firewall and see if I can make it work and get some metrics on how it performs and ease of use.

However, I have no idea what are the working parameters for VM’s on IPFire. I don’t know the design parameters, restrictions, capabilities. It’s all a mystery and a wiki is not helping in clearing up some of these issues.

I’m going to play with it, I’ll document it as I go along so maybe I can help answer those questions for someone else.

Like that page.

When I needed them, I could not find them. When I don’t need them, I run it to them.
Now those help links just need to be added to the various menu tabs on the system => https://192.168.x.x:444/cgi-bin/index.cgi

I think this would be a great addition to IPFire. Those are good Wiki helps, just need to be able to find them from the IPFire system => https://10.0.x.x:444/cgi-bin/index.cgi

1 Like

Having a link to the wiki would be good.
I think it would be great if it would be for every little thing, but that is not practical.
One link to the wiki index should be good enough.
Perhaps in the system tab Help/wiki and a forum link.

1 Like