|
 |
06c8df |
<sect1 id="configurations-ppp-intro">
|
|
|
24901b |
|
|
|
06c8df |
<title>Introduction</title>
|
|
|
24901b |
|
|
|
24901b |
<para>
|
|
|
06c8df |
This chapter describes how to configure &TC;; to provide some
|
|
|
06c8df |
Internet services through the telephone line. In this chapter,
|
|
|
06c8df |
the computer holding the Internet services is named the
|
|
|
06c8df |
<quote>server</quote> and the computer that want to make use
|
|
|
06c8df |
of such services is named the <quote>client</quote>. We assume
|
|
|
06c8df |
that both server and client computers have been installed with
|
|
|
06c8df |
&TC;; (release 5.5).
|
|
|
06c8df |
</para>
|
|
|
06c8df |
|
|
|
06c8df |
<para>
|
|
|
2df839 |
In this configuration, both client and server computers use
|
|
|
2df839 |
modems to transmit data in form of sound through the telephone
|
|
|
2df839 |
lines system. The dial-up connection described in this chapter
|
|
|
2df839 |
could be a choise when the only communication medium you have
|
|
|
2df839 |
access to is the telephone lines system.
|
|
|
24901b |
</para>
|
|
|
24901b |
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
This configuration emerged from the need of sharing
|
|
|
64e7ca |
information with my friends in a country where Internet access
|
|
|
64e7ca |
is limitted to statal organizations and controlled there with
|
|
|
64e7ca |
an increasing crazy obsession. However, in this environment,
|
|
|
64e7ca |
the telephone lines system provides an alternative platform to
|
|
|
64e7ca |
interchange information in a point-to-point fashion. It can be
|
|
|
64e7ca |
used to create small social groups and organize ideas safetly
|
|
|
64e7ca |
(e.g., by using TLS to encrypt connections). To be more
|
|
|
64e7ca |
specific, the goal would be to provide public access to an
|
|
|
64e7ca |
Internet Service Provider (ISP) where people can express
|
|
|
64e7ca |
themselves freely (e.g., through a mailing list with open
|
|
|
64e7ca |
subscriptions).
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
Even this configuration tries to reduce the lack of
|
|
|
64e7ca |
communication, there are limitations around it that we cannot
|
|
|
64e7ca |
take away, yet. The following list shows what these
|
|
|
64e7ca |
limitations are:
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
|
|
|
64e7ca |
<itemizedlist>
|
|
|
64e7ca |
<listitem>
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
Only one connection (of 15 minutes) is possible at a time.
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
</listitem>
|
|
|
64e7ca |
<listitem>
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
More than 3 consecutive connections from the same phone number
|
|
|
64e7ca |
in a time range of 60 minutes means that that number is
|
|
|
64e7ca |
attacking the ISP to provoke a <quote>Denying of Service
|
|
|
64e7ca |
(DoS)</quote> attach. In such cases the phone number
|
|
|
64e7ca |
originating the call will be permantly banished from
|
|
|
64e7ca |
realizing further calls to the ISP. Fourtunly, such controls
|
|
|
64e7ca |
can be automated so I hope they achieve an acceptable degree
|
|
|
64e7ca |
of efficiency.
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
</listitem>
|
|
|
64e7ca |
<listitem>
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
The ISP is isolated from Internet, so it is not possible to
|
|
|
64e7ca |
provide Internet access through the ISP.
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
</listitem>
|
|
|
64e7ca |
<listitem>
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
The information generated inside the ISP is jailed to it. This
|
|
|
64e7ca |
way, it will be available to people registered inside the ISP
|
|
|
64e7ca |
only (e.g., through the web internface).
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
</listitem>
|
|
|
64e7ca |
<listitem>
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
The implementation of services that required persistent
|
|
|
64e7ca |
connections (e.g., <application>chats</application>) will not
|
|
|
64e7ca |
be considered as a practical offer. Instead, only
|
|
|
64e7ca |
asynchronous services (e.g.,
|
|
|
64e7ca |
<application>e-mail</application>) will be supported. This
|
|
|
64e7ca |
restriction is required to reduce the connection effective
|
|
|
64e7ca |
times. For example, consider an environment where you connect
|
|
|
64e7ca |
the ISP to send/receive e-mails only and then disconnect. In
|
|
|
64e7ca |
fact, to force this behaivour the ISP will be configured to
|
|
|
64e7ca |
close connections after 15 minutes passed the connection
|
|
|
64e7ca |
establishment.
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
</listitem>
|
|
|
64e7ca |
<listitem>
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
Your user profile will be removed from ISP when no effective
|
|
|
64e7ca |
point-to-point connection is established by you in a period of
|
|
|
64e7ca |
7 days since the last effective point-to-point connection you
|
|
|
64e7ca |
established to the ISP. When your user profile is removed, you
|
|
|
64e7ca |
will need to register yourself again inside the ISP, to access
|
|
|
64e7ca |
its services.
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
</listitem>
|
|
|
64e7ca |
</itemizedlist>
|
|
|
64e7ca |
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
I'm very sorry about these limitations, but this is the best I
|
|
|
64e7ca |
can offer with one PC, one modem, and one single telephone
|
|
|
64e7ca |
line. If you think this configuration can be improved somehow,
|
|
|
64e7ca |
please send me an e-mail to <email>al@example.com</email>.
|
|
|
64e7ca |
Notice that, for any mail to reach me, you should be
|
|
|
64e7ca |
registered inside the ISP first; I don't answer phone calls
|
|
|
64e7ca |
personally, the phone is very busy answering point-to-point
|
|
|
64e7ca |
connections ;).
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
In order for you to share information with others, it is
|
|
|
64e7ca |
required that both you and the person you want to share
|
|
|
64e7ca |
information with, have an e-mail address registered inside
|
|
|
64e7ca |
ISP. This registration process is realized through a secured
|
|
|
64e7ca |
web interface accessable through an encrypted connection as
|
|
|
64e7ca |
the following url illustrates:
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
|
|
|
64e7ca |
<itemizedlist>
|
|
|
64e7ca |
<listitem>
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
<ulink url="https://example.com/users?action=register" />
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
</listitem>
|
|
|
64e7ca |
</itemizedlist>
|
|
|
64e7ca |
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
The web interface should permit everyone to update or delete
|
|
|
64e7ca |
their personal profiles without compromising personal
|
|
|
64e7ca |
information. Notice that all actions realized through this web
|
|
|
64e7ca |
interface must be simple enough to be achieved in less than 15
|
|
|
64e7ca |
minutes (the time the point-to-point connection reamins active
|
|
|
64e7ca |
from its first establishment on).
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
User information is stored inside an LDAP server. The web
|
|
|
64e7ca |
application manipulates LDAP records and all related files
|
|
|
64e7ca |
inside the operating system that make possible a user to
|
|
|
64e7ca |
establish a poit-to-point connection to the ISP, as well as
|
|
|
64e7ca |
register, update or delate its profile inside the ISP. Care
|
|
|
64e7ca |
should be taken to prevent one user to modify/delete profiles
|
|
|
64e7ca |
from other users. The user's profile administration is
|
|
|
64e7ca |
individual to each user based on its identity. Notice that,
|
|
|
64e7ca |
all related subsystems (e.g., Postix, Cyrus-Imapd and
|
|
|
64e7ca |
Saslauthd) must use the user information from LDAP server.
|
|
|
64e7ca |
Likewise, the mailbox administration must be automated based
|
|
|
64e7ca |
on the users in the LDAP server. The web application must be
|
|
|
64e7ca |
able to be aware of all files related inside the
|
|
|
64e7ca |
infrastructure in a way that administration tasks can be
|
|
|
64e7ca |
automated and presented friendly to end users (this will
|
|
|
64e7ca |
required the web application to run some program that needs
|
|
|
64e7ca |
root privileges =:-|). The whole proces would be, establish a
|
|
|
64e7ca |
point-to-point connection to the ISP, register a new user
|
|
|
64e7ca |
through the web application and start using the e-mail client
|
|
|
64e7ca |
with your new address. The LDAP server will be available for
|
|
|
64e7ca |
everyone to consult from their mail clients. Inside the web
|
|
|
64e7ca |
application, verifications must be included to avoid
|
|
|
64e7ca |
duplicated values, invalid characters and similar stuff.
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
In case some kind of force intend to confiscate me the
|
|
|
64e7ca |
computer where the ISP is installed in, I am plaing to encrypt
|
|
|
64e7ca |
the whole filesystem in a way that it would be very difficult
|
|
|
64e7ca |
to get any valid data from it. The encryption feature is
|
|
|
64e7ca |
applied before the operating system starts. In this
|
|
|
64e7ca |
configuration a password is required to decrypt the operating
|
|
|
64e7ca |
system filesystem in order to be able of booting up the
|
|
|
64e7ca |
operating system as expected. If the password is not provided,
|
|
|
64e7ca |
the only thing you get is a prompt to enter a password :).
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
|
|
|
64e7ca |
<para>
|
|
|
64e7ca |
Another important matter to be aware of is about the ISP's
|
|
|
64e7ca |
policy. In order to keep freedom, it is required to define
|
|
|
64e7ca |
the boundaries of that freedom so you can determine and judge
|
|
|
64e7ca |
it. Absolute freedom (anarchism) will not be permitted (it
|
|
|
64e7ca |
would end up in total destruction) and communism will be
|
|
|
64e7ca |
avoided (it would suppress the natural freedom of human
|
|
|
64e7ca |
beings). So a middle point will be used. For example, if you
|
|
|
64e7ca |
think you have the freedom to abuse the ISP I provide (e.g.,
|
|
|
64e7ca |
by spamming it, or by provoking denying of service attaks) you
|
|
|
64e7ca |
probably have it, but consider that I am free to banish you
|
|
|
64e7ca |
immediatly for trying to destroy my work. On the other hand,
|
|
|
64e7ca |
if you show yourself to be an educated person with solid ideas
|
|
|
64e7ca |
and reasons to share, you'll be totaly welcome to stay. The
|
|
|
64e7ca |
general idea behind this work is improving Cuban communication
|
|
|
64e7ca |
to make ourselves better persons, understand our nature and
|
|
|
64e7ca |
environment either social, economical or polital.
|
|
|
64e7ca |
</para>
|
|
|
64e7ca |
|
|
|
24901b |
</sect1>
|