Blame Manuals/Tcpi-ug/Configurations/Ppp/intro.docbook

06c8df
<sect1 id="configurations-ppp-intro">
24901b
06c8df
    <title>Introduction</title>
24901b
24901b
    <para>
06c8df
        This chapter describes how to configure &TC;; to provide some
06c8df
        Internet services through the telephone line. In this chapter,
06c8df
        the computer holding the Internet services is named the
06c8df
        <quote>server</quote> and the computer that want to make use
06c8df
        of such services is named the <quote>client</quote>. We assume
06c8df
        that both server and client computers have been installed with
06c8df
        &TC;; (release 5.5).
06c8df
    </para>
06c8df
06c8df
    <para>
2df839
        In this configuration, both client and server computers use
2df839
        modems to transmit data in form of sound through the telephone
2df839
        lines system. The dial-up connection described in this chapter
2df839
        could be a choise when the only communication medium you have
2df839
        access to is the telephone lines system.
24901b
    </para>
24901b
64e7ca
    <para>
64e7ca
        This configuration emerged from the need of sharing
64e7ca
        information with my friends in a country where Internet access
64e7ca
        is limitted to statal organizations and controlled there with
64e7ca
        an increasing crazy obsession. However, in this environment,
64e7ca
        the telephone lines system provides an alternative platform to
64e7ca
        interchange information in a point-to-point fashion. It can be
64e7ca
        used to create small social groups and organize ideas safetly
64e7ca
        (e.g., by using TLS to encrypt connections). To be more
64e7ca
        specific, the goal would be to provide public access to an
64e7ca
        Internet Service Provider (ISP) where people can express
64e7ca
        themselves freely (e.g., through a mailing list with open
64e7ca
        subscriptions).
64e7ca
    </para>
64e7ca
64e7ca
    <para>
64e7ca
        Even this configuration tries to reduce the lack of
64e7ca
        communication, there are limitations around it that we cannot
64e7ca
        take away, yet. The following list shows what these
64e7ca
        limitations are:
64e7ca
    </para>
64e7ca
64e7ca
    <itemizedlist>
64e7ca
    <listitem>
64e7ca
    <para>
64e7ca
        Only one connection (of 15 minutes) is possible at a time.
64e7ca
    </para>
64e7ca
    </listitem>
64e7ca
    <listitem>
64e7ca
    <para>
64e7ca
        More than 3 consecutive connections from the same phone number
64e7ca
        in a time range of 60 minutes means that that number is
64e7ca
        attacking the ISP to provoke a <quote>Denying of Service
64e7ca
        (DoS)</quote> attach. In such cases the phone number
64e7ca
        originating the call will be permantly banished from
64e7ca
        realizing further calls to the ISP.  Fourtunly, such controls
64e7ca
        can be automated so I hope they achieve an acceptable degree
64e7ca
        of efficiency.
64e7ca
    </para>
64e7ca
    </listitem>
64e7ca
    <listitem>
64e7ca
    <para>
64e7ca
        The ISP is isolated from Internet, so it is not possible to
64e7ca
        provide Internet access through the ISP.
64e7ca
    </para>
64e7ca
    </listitem>
64e7ca
    <listitem>
64e7ca
    <para>
64e7ca
        The information generated inside the ISP is jailed to it. This
64e7ca
        way, it will be available to people registered inside the ISP
64e7ca
        only (e.g., through the web internface).
64e7ca
    </para>
64e7ca
    </listitem>
64e7ca
    <listitem>
64e7ca
    <para>
64e7ca
        The implementation of services that required persistent
64e7ca
        connections (e.g., <application>chats</application>) will not
64e7ca
        be considered as a practical offer.  Instead, only
64e7ca
        asynchronous services (e.g.,
64e7ca
        <application>e-mail</application>) will be supported. This
64e7ca
        restriction is required to reduce the connection effective
64e7ca
        times. For example, consider an environment where you connect
64e7ca
        the ISP to send/receive e-mails only and then disconnect.  In
64e7ca
        fact, to force this behaivour the ISP will be configured to
64e7ca
        close connections after 15 minutes passed the connection
64e7ca
        establishment.  
64e7ca
    </para>
64e7ca
    </listitem>
64e7ca
    <listitem>
64e7ca
    <para>
64e7ca
        Your user profile will be removed from ISP when no effective
64e7ca
        point-to-point connection is established by you in a period of
64e7ca
        7 days since the last effective point-to-point connection you
64e7ca
        established to the ISP. When your user profile is removed, you
64e7ca
        will need to register yourself again inside the ISP, to access
64e7ca
        its services.
64e7ca
    </para>
64e7ca
    </listitem>
64e7ca
    </itemizedlist>
64e7ca
        
64e7ca
    <para>
64e7ca
        I'm very sorry about these limitations, but this is the best I
64e7ca
        can offer with one PC, one modem, and one single telephone
64e7ca
        line. If you think this configuration can be improved somehow,
64e7ca
        please send me an e-mail to <email>al@example.com</email>.
64e7ca
        Notice that, for any mail to reach me, you should be
64e7ca
        registered inside the ISP first; I don't answer phone calls
64e7ca
        personally, the phone is very busy answering point-to-point
64e7ca
        connections ;).
64e7ca
    </para>
64e7ca
64e7ca
    <para>
64e7ca
        In order for you to share information with others, it is
64e7ca
        required that both you and the person you want to share
64e7ca
        information with, have an e-mail address registered inside
64e7ca
        ISP. This registration process is realized through a secured
64e7ca
        web interface accessable through an encrypted connection as
64e7ca
        the following url illustrates:
64e7ca
    </para>
64e7ca
    
64e7ca
    <itemizedlist>
64e7ca
    <listitem>
64e7ca
    <para>
64e7ca
        <ulink url="https://example.com/users?action=register" />
64e7ca
    </para>
64e7ca
    </listitem>
64e7ca
    </itemizedlist>
64e7ca
64e7ca
    <para>
64e7ca
        The web interface should permit everyone to update or delete
64e7ca
        their personal profiles without compromising personal
64e7ca
        information. Notice that all actions realized through this web
64e7ca
        interface must be simple enough to be achieved in less than 15
64e7ca
        minutes (the time the point-to-point connection reamins active
64e7ca
        from its first establishment on).
64e7ca
    </para>
64e7ca
64e7ca
    <para>
64e7ca
        User information is stored inside an LDAP server. The web
64e7ca
        application manipulates LDAP records and all related files
64e7ca
        inside the operating system that make possible a user to
64e7ca
        establish a poit-to-point connection to the ISP, as well as
64e7ca
        register, update or delate its profile inside the ISP. Care
64e7ca
        should be taken to prevent one user to modify/delete profiles
64e7ca
        from other users. The user's profile administration is
64e7ca
        individual to each user based on its identity. Notice that,
64e7ca
        all related subsystems (e.g., Postix, Cyrus-Imapd and
64e7ca
        Saslauthd) must use the user information from LDAP server.
64e7ca
        Likewise, the mailbox administration must be automated based
64e7ca
        on the users in the LDAP server. The web application must be
64e7ca
        able to be aware of all files related inside the
64e7ca
        infrastructure in a way that administration tasks can be
64e7ca
        automated and presented friendly to end users (this will
64e7ca
        required the web application to run some program that needs
64e7ca
        root privileges =:-|). The whole proces would be, establish a
64e7ca
        point-to-point connection to the ISP, register a new user
64e7ca
        through the web application and start using the e-mail client
64e7ca
        with your new address. The LDAP server will be available for
64e7ca
        everyone to consult from their mail clients. Inside the web
64e7ca
        application, verifications must be included to avoid
64e7ca
        duplicated values, invalid characters and similar stuff.
64e7ca
    </para>
64e7ca
64e7ca
    <para>
64e7ca
        In case some kind of force intend to confiscate me the
64e7ca
        computer where the ISP is installed in, I am plaing to encrypt
64e7ca
        the whole filesystem in a way that it would be very difficult
64e7ca
        to get any valid data from it. The encryption feature is
64e7ca
        applied before the operating system starts. In this
64e7ca
        configuration a password is required to decrypt the operating
64e7ca
        system filesystem in order to be able of booting up the
64e7ca
        operating system as expected. If the password is not provided,
64e7ca
        the only thing you get is a prompt to enter a password :).
64e7ca
    </para>
64e7ca
64e7ca
    <para>
64e7ca
        Another important matter to be aware of is about the ISP's
64e7ca
        policy.  In order to keep freedom, it is required to define
64e7ca
        the boundaries of that freedom so you can determine and judge
64e7ca
        it.  Absolute freedom (anarchism) will not be permitted (it
64e7ca
        would end up in total destruction) and communism will be
64e7ca
        avoided (it would suppress the natural freedom of human
64e7ca
        beings). So a middle point will be used. For example, if you
64e7ca
        think you have the freedom to abuse the ISP I provide (e.g.,
64e7ca
        by spamming it, or by provoking denying of service attaks) you
64e7ca
        probably have it, but consider that I am free to banish you
64e7ca
        immediatly for trying to destroy my work. On the other hand,
64e7ca
        if you show yourself to be an educated person with solid ideas
64e7ca
        and reasons to share, you'll be totaly welcome to stay. The
64e7ca
        general idea behind this work is improving Cuban communication
64e7ca
        to make ourselves better persons, understand our nature and
64e7ca
        environment either social, economical or polital. 
64e7ca
    </para>
64e7ca
24901b
</sect1>