5,561
edits
Changes
→Use of the TrutzBox® (-> for users)
The login is done by entering the user name and password. Both were created by the administrator either at der [[Main Page#Erste TrutzMail Adresse anlegen|<u>Setup</u>]] or [[Main Page#Benutzer verwalten|<u>thereafter</u>]] .<br /><br />
[[File:TrutzMail Web-Mailer 020.png|700px|link=]]
At the beginning you will see the folder "Posteingang".
By clicking on the pen you can create a new e-mail.<br /><br />
[[File:TrutzMail Web-Mailer 030.png|700px|link=]]
Enter the addressee under "An". Since you are in TrutzMail and communicate in encrypted form, the addressee must also have a secure e-mail address (ending with "@comidio.email").
After completing the content (1.) to transfer click on "Nachricht jetzt senden" (2.).<br /><br />
[[File:TrutzMail Web-Mailer 040.png|700px|link=]]
<br /> The sent message then appears in the folder "Gesendet".
To exit the web mailer, click on "Abmelden".
[[#top|-> <u>Table of Contents </u> (of this manual)]]<br />
==== Using a Mail-Client ====
To use your TrutzBox<sup>®</sup> mail server, set it up in your e-mail client.
<table border="1" width="750">
<tr>
<td width="250">Name:</td>
<td width="250">Eva<nowiki> </nowiki> Mustermann</td>
<td width="250"> freely selectable,<nowiki> </nowiki> is displayed like this </td>
</tr>
<tr>
<td> email address:</td>
<td>eva.mustermann@comidio.email</td>
<td> Email address assigned by the administrator </td>
</tr>
<tr>
<td> password:</td>
<td><nowiki>*********</nowiki></td>
<td> password assigned by the administrator </td>
</tr>
<tr>
<td> account type:</td>
<td>IMAP</td>
<td></td>
</tr>
<tr>
<td> incoming mail server:</td>
<td>trutzbox, port: 143, TLS</td>
<td></td>
</tr>
<tr>
<td> outgoing email server (SMTP):</td>
<td>trutzbox, port: 587, TLS</td>
<td></td>
</tr>
</table>
===== Setting up a TrutzBox account on Microsoft PC =====
The following description shows how to create a TrutzBox account in an e-mail client using Microsoft Outlook as an example.
Start Outlook and click on "Datei" in the upper left corner.
<br />
[[File:TrutzMail Konto in Outlook 010.png|700px|link=]]
Click on " Informationen " and " Kontoeinstellungen " and click on the upper field " Kontoeinstellungen...".
<br /><br />
[[File:TrutzMail Konto in Outlook 020.png|700px|link=]]
Click on "New" to add a new email account.
<br/>[[#top|-> <u>Table of Contents </u> (of this manual)]]<br/>
[[File:TrutzMail Konto in Outlook 030.png|700px|link=]]<br />
Click on "E-Mail-Konto" and on: "Weiter".
<br />
[[File:TrutzMail Konto in Outlook 040.png|700px|link=]]<br />
Enter the relevant data (email address and password can be obtained from the administrator).
<br />
[[File:TrutzMail Konto in Outlook 200.png|700px|link=]]<br />
TrutzMail supports IMAP; please click on "POP or IMAP".
[[#top|-> <u>Table of Contents </u> (of this manual)]]<br /><br />
<br />
[[File:TrutzMail Konto in Outlook 203.png|700px|link=]]<br />
Enter the data accordingly (1.) and click on "Next" (2.).
[[#top|-> <u>Table of Contents </u> (of this manual)]]<br /><br />
[[File:TrutzMail Konto in Outlook 210.png|400px|link=]]<br />
Select "TLS" for the incoming mail server and "TLS" for the outgoing mail server. Then enter the respective port numbers.
<br />
[[File:TrutzMail Konto in Outlook 220.png|400px|link=]]<br />
Click on "Close" to confirm the successful tests.
<br />
[[File:TrutzMail Konto in Outlook 230.png|700px|link=]]<br />
Your newly created email account now appears under "Kontoeinstellungen".
<br />[[#top|-> <u>Table of Contents </u> (of this manual)]]
===== Set up a TrutzBox account on Apple PC =====
The following description shows how to create a TrutzBox account in an email client using Microsoft Outlook on Apple PC as an example.
<br />
[[File:4222 Account Apple PC 010.png|700px|link=]]
Please make the appropriate settings.
<br /><br />
[[File:4222 Account Apple PC 020.png|700px|link=]]
Please make the appropriate settings.
<br/>[[#top|-> <u>Table of Contents </u> (of this manual)]]<br/>
=== Protection of minors - TrutzContent ===
The TrutzBox<sup>®</sup> monitors web access and is thus able to prevent unwanted data traffic. The TrutzBox<sup>®</sup> distinguishes whether a device or a user calls up a web page directly or whether a web server - after the deliberately called up web page has been loaded - contacts further web pages and loads them without the user's knowledge and without his consent.
The TrutzBox<sup>®</sup> offers two different basic functions here:
'''1. TrutzContent:'''
A content filter that prevents a device or user from directly accessing a particular Web page. Examples of unwanted calls:
* A young person wants to load a website with content harmful to young people.
* An Internet device that unnoticedly calls up a web page in the background, without a user deliberately initiating it, calls up a web page in the background. These can be TVs, washing machines or game consoles (if they are connected to the Internet), or even the standard Internet browser of the user's PC, which in turn contacts Mozilla or Google or the server of a plug-in provider independently.
The TrutzBox<sup>®</sup> checks if the contact to such a server is allowed and blocks the forwarding if necessary.
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]<br/><br/>
=== Real time communication- TrutzRTC ===
As part of the updates, two real-time communication functions are implemented on the TrutzBox® (without the customer's active involvement and free of charge):
<br/>
# TrutzChat = XMPP Service for messaging and, depending on the client used, other functions such as audio, video communication, file transfer, screen sharing ...
# TrutzMeeting Audio and video conferencing service: Server on which you can connect to a browser that supports the WebRTC standard and which is capable of connecting several audio or video conference participants.<br/><br/>
TrutzRTC runs automatically, does not need to be configured and has no user interface on the TrutzBox.
<br/><br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/>
==== TrutzChat (XMPP Service) ====
It works similar to e-mail. The XMPP server on the TrutzBox manages users, their online status and their messages. If a message is to be sent to a subscriber who is not on the same server (i.e. on a different TrutzBox) as the sender, the target server is determined, contact is made with it and the message is delivered to this XMPP server. The same applies not only to messages but also to other functions, such as Presence status
<br/>
Comidio has extended the XMPP server on the TrutzBox so that it is able to use the same security functions as those used by TrutzMail. This means:
* Communication partners are addressed with the TrutzMail address.
* The connection establishment and the message transmission with users on another TrutzBox, take place via Tor hidden services.
* The same certificates and keys are used to encrypt messages and authenticate the TrutzBox of the communication partner as for TrutzMail.
<br/>
Once created, TrutzMail addresses can also be used directly for messaging.
<br/><br/>
[[File:TrutzRTC 010a.png|700x700px|link=]]
<br/>
Structure of the XMPP service between the TrutzBoxes
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]<br/><br/>
===== preconditions: =====
In order to use the TrutzChat service, a '''TrutzMail address''' and an '''XMPP-enabled program'' on the mobile device (PC or mobile) are required. Chat programs that support the XMPP protocol are available for all common operating systems with different features.
These links give a good overview of available XMPP clients:
* https://de.wikipedia.org/wiki/Liste_von_XMPP-Clients
* https://de.wikibooks.org/wiki/XMPP-Kompendium:_Einrichtung
* http://xmpp.org/software/clients.html
<br/>
The individual selection depends partly on requirements, partly on taste.<br/><br/>
Comidio uses the following clients:
<table border=1 width="700">
<tr>
<td width="160">Apple Macintosh</td>
<td width="540">Adium (https://adium.im)</td>
</tr>
<tr>
<td>Microsoft Windows</td>
<td>PSI (http://psi-im.org)</td>
</tr>
<tr>
<td>iOS</td>
<td>ChatSecure (https://chatsecure.org)</td>
</tr>
<tr>
<td>Android</td>
<td>Xabber (https://www.xabber.com/)</td>
</tr>
</table>
<br/><br/>
After installing such a messaging client, the XMPP server must be configured in the client. All you have to do is enter the corresponding TrutzMail address with password.
Since many XMPP clients determine the server name from the e-mail address, the incorrectly determined name "comidio.email" must still be changed to "trutzbox”.
<br/> The XMPP default port 5222 remains unchanged.
Several TrutzMail addresses can also be configured in one client.
<br/><br/>
Konfiguration des Chat-Programms '''Adium''':
<br/><br/>
[[File:TrutzRTC 020a.png|700x700px|link=]]
<br/><br/>
Afterwards any number of contacts can be added by entering the TrutzMail addresses.
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]<br/><br/>
<br/><br/>
Configuration of the chat program '''Psi''':
<br/><br/>
[[File:TrutzRTC 050a.png|700x700px|link=]]
<br/><br/><br/>
Configuration of the chat program '''ChatSecure''':
<br/><br/>
[[File:TrutzRTC 060a.png|400x400px|link=]]
<br/><br/>
Configuration of the chat program '''Xabber''':
<br/><br/>
[[File:TrutzRTC 070.png|700x700px|link=]]
<br/><br/>
===== TrutzChat XMPP Standard Functions =====
Depending on the functionality of the messaging client, the XMPP server on the TrutzBox supports the following XMPP standard functions:
* Instant-Messaging: Text messages incl. formatting and emoticons
* Create and manage communication groups, group chats (multi-user chat - MUC ), but currently only for communication participants who are logged on to the same TrutzBox.
* Audio/Video Communication: Telephone Calls
* File transfer: Send files to the communication partner(s)
* Screen Sharing: makes one's own screen visible to others
* Remote-Desktop: the communication partner can operate my PC
* OTR (Off-the-Record Messaging): unofficial, confidential, non-public communications
* Online-Status, Last-Seen: is the communication partner online, ready to talk... or when was the last time he was online
[[#top|-> <u>Table of Contents </u> (of this manual)]]<br/><br/>
===== External connections to TrutzRTC =====
As long as the TrutzBox with the host name "trutzbox" is available, the messaging client can connect directly to the XMPP server on the TrutzBox.
<br/>
However, this only works from the home network if the client is connected to the Internet router or the secure network of the TrutzBox (transparent mode).
<br/>
To connect to the XMPP server on the TrutzBox while travelling, the TrutzBox " Fernzugriff " should be used.
<br/>
To do this, set up the TrutzBox remote access as described in „Fernzugriff“ and authorise the TrutzRTC user for remote access under " Benutzer verwalten " on the TrutzBox.
<br/>
If „Fernzugriff“is then set up and started on the mobile device, the messaging program can access the TrutzRTC server as in the home network.
<br/>
There is no need to open additional ports on the Internet router at home.
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]<br/><br/>
==== TrutzMeeting: Audio- and Video-Conference Service ====
Using the XMPP server and the correct messaging client, it is possible to establish an audio/video connection, but only with one other participant, and it is necessary that all participants use a client that supports the same audio/video code. Therefore, standard XMPP clients are not an optimal solution for telephone or video conferences.<br>
To provide TrutzBox users with a secure solution for multiparty telephone or video conferencing, the TrutzBox offers a WebRTC-enabled conference server that allows audio/video conferencing directly from a standard Internet browser, without the need for additional software.<br>
Around the TrutzBox user also a secure solution for telephone or video WebRTC is a living standard defined in phases, which is gradually implemented by the browser manufacturers. This means that there are no uniform functionalities across all browsers and the WebRTC functions run differently stable.<br>
For example, the screensharing function is not yet implemented stably.We will update with appropriate browsers.
===== preconditions =====
During the later operating phase, the maximum number of video conference participants will correspond to the TrutzMail addresses booked.
'''There is no participant limit in the current beta test phase.'''
<br><br>
To start a video conference, simply access the TrutzBox on port 9082 using a WebRTC-enabled browser.
A room name is appended to the end of the link:<br>
z.B.: '''<nowiki>https://trutzbox:9082/raumname</nowiki>'''<br>
No special characters may be used for the selected room name!
===== procedure =====
Durch Aufruf der oben genannten URL verbindet sich der Browser mit dem Raum “raumname”. Dabei sind zwei Fälle zu unterscheiden:
* '''The room does not yet exist:'''
so you are now the first person who wants to create this room, and you are the "room administrator" for this room. Then it is necessary to log on to the conference server with his '''TrutzMail address''' and the '''TrutzMail Password'''. This means that only TrutzBox users who have a TrutzMail account on this TrutzBox can open a new room. After creating and connecting to the room, the room administrator can optionally define another password for this room.
* '''The room already exists:'''
then the browser connects to the room. If the room administrator has placed a password in the room, this must now be entered. If the room has already been created, anyone can connect to the room. He does not need to be registered as a TrutzBox user or have a TrutzMail address.
As soon as the browser is connected to the room, you should enter your "Anzeigenamen" by clicking on the connection window below.
Positioning the mouse at the top of the screen opens an operating menu.
This menu offers the following functions:
<br/>
[[File:TrutzRTC 030a.png|700x700px|link=]]
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
===== Screen-Sharing =====
With the function "Share your own screen with the participants" it is possible to share your own screen content with other conference participants.
Since all browsers have a built-in security setting that prevents software from reading the screen content, the browser must be informed that the TrutzBox may read the screen content.<br/><br/>
----
'''Chrome'''
----
With '''Chrome''' it is necessary that this feature is already activated when you call it up.
----
'''Chrome on Mac '''
----
For this purpose on the
*Mac: start chrome in the console with this command:
open -a 'Google Chrome' --args '--enable-usermedia-screen-capturing'
----
'''Chrome on Windows'''
----
* For more information, see: https://github.com/muaz-khan/WebRTC-Experiment/tree/master/Pluginfree-Screen-Sharing
<br/>
For a shortcut to Chrome, proceed as follows:
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 010.png|600px|link=]]
<br/>
* Right-click on the Desktop Interface (1),<br/>
* click on "Neu" (2),<br/>
* click on "Verknüpfung" (3).<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 020.png|600px|link=]]
<br/>
Then the file "chrome.exe" is searched for:<br/>
(The screenshots are exemplary, the folder names on your PC may be different; it is important that the path to "chrome.exe" is found.)<br/>
* click on "Durchsuchen ..." (1),<br/>
* Open the "Computer" folder (2) by clicking on the arrow in front of it,<br/>
* Open the "Local Disk (C:)" folder (3) by clicking on the arrow in front of it,<br/>
* Scroll down (4) until you see the "Programs" folder.
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 030.png|300px|link=]]
<br/>
* Open the "Programs" folder (1) by clicking on the arrow in front of it,<br/>
* Scroll down (2) until you see the "Google" folder.
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 040.png|300px|link=]]
<br/>
* Open the folder "Google" (1) by clicking on the arrow in front of it,<br/>
* Open the folder "Chrome" (2) by clicking on the arrow in front of it,<br/>
* Open the "Application" folder (3) by clicking on the arrow in front of it,<br/>
* click on "chrome.exe" (4),<br/>
* click on "OK" (5).<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 050.png|600px|link=]]
<br/>
click on "Weiter" (1).
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 060.png|600px|link=]]
<br/>
* Enter the name under which you want to find the link to call up the program. (1),
* click on "Fertig stellen" (2).<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 070.png|400px|link=]]
<br/>
Now open the new shortcut to add the parameters:
* Right-click on Desktop Interface (1),<br/>
* click on "Eigenschaften" (2).
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 080.png|500px|link=]]
<br/>
In the "Ziel" field after the closing quotation mark, enter:<br/>
[Leerzeichen]--enable-usermedia-screen-capturing<br/><br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 090.png|400px|link=]]
<br/>
* Check your input for spelling (1),<br/>
* click on "OK" (2).
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
[[File:4423 Chrome Screensharing Aufruf 100.png|400px|link=]]
<br/>
It is recommended to use the browser Chrome solely for TrutzRTC/Webmeeting.
* If no own screen pages (no screen sharing) are to be shown, the "normal" Chrome call can be made.
* If you want to show your own screen pages (screen sharing), you can use the newly created chrome shortcut.
<br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/><br/>
----
'''Firefox '''
----
For '''Firefox''' you have to change an internal configuration after starting Firefox by entering the command ''about:config'''. Search for '''allowed''' and add the domain '''trutzbox''' to the list of allowed domains by double clicking on the parameter '''"media.getusermedia.screensharing.allowed_domains"''''.
===== Performance limits of the conference server =====
The TrutzRTC conference server is based on the open source software Jitsi-Video-Bridge . Although this conference server is very powerful and the TrutzBox hardware is also very powerful, the number of participants is not unlimited. The number of participants depends on the speed of the Internet connection of each individual participant and the TrutzBox owner. Approx. 40KBit/s up- and down-load speed per subscriber is sufficient for voice transmission. For camera or screen sharing up to 800 KBit/s are required. Thus, with normal DSL/VDSL Internet connections, bottlenecks will probably occur before the TrutzBox hardware becomes a bottleneck. Such Internet bottlenecks can best be analyzed on the Internet router.
===== External connections to the TrutzRTC conference server =====
No TrutzBox is required to connect to the TrutzBox conference server externally, i.e. via the Internet. Who knows the link (and the possibly assigned password), can participate in the conference. This makes it easier to use webinars or spontaneous conferences.
To do this, however, these two ports must be opened on the Internet router and forwarded to the TrutzBox:
* TCP-9082
* UDP-9083
With the link "<nowiki>https://externe-ip-adresse:9082/raumname</nowiki>" the room can then be joined on the Internet.
Since the external IP address changes once a day for most home Internet connections, it is advisable to use a DynDNS service here as well.
Another way to determine the correct external link for participating in a conference has been integrated into the TrutzBox XMPP server. If you transmit the symbol "#" with a room name to a person in the XMPP chat, then this "command" is converted into the external link to the conference server. This means that:<br/>
'''#meinraum''' <br/>
converts into the address <br/>
'''<nowiki>https://188.107.13.86:9082/meinraum</nowiki>'''<br/>
which the chat participant can click directly.
<br/><br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/>
=== TrutzBox<sup>®</sup> shutdown (do not unplug!) ===
If a TrutzBox is to be switched off and/or restarted, please DO NOT disconnect the plug, but proceed as follows:
==== TrutzBox<sup>®</sup> shutdown, "switch off" via TrutzBox user interface ====
In the TrutzBox user interface:
*Click on „System“ -> „Ein-/Ausschalten“
** if you want TrutzBox to start up again: Click on the button „Neu starten“
** if TrutzBox is to be switched off: Click on the button „Ausschalten“
==== TrutzBox<sup>®</sup> shutdown, "switch off" via Webmin ====
If the administrator can no longer access the TrutzBox user interface, an attempt is made to access it directly via Webmin.
Call up in the browser: https://trutzbox:10000/ :
* Enter admin as user
* Enter the administrator password of the TrutzBox
* Click on „System“ -> „System-Start und -Stop“ and scroll all the way down
** if you want TrutzBox to start up again: Click on the button „System neu starten“
** if TrutzBox is to be switched off: Click on the button „System herunterfahren“
==== TrutzBox<sup>®</sup> shutdown, "switch off" Emergency ====
If the administrator
* neither via the user interface
* nor about Webmin
an access, in an emergency, the "connector must be disconnected".<br>
Please wait approx. 10 seconds and then reconnect the power supply.
<br><br>
If the TrutzBox does not start up (correctly) in approx. 15 minutes, please contact Comidio Support : Email to support@comidio.de .<br/><br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/>
=== TrutzServices ===
==== TrutzServices in active subscription ====
The quality of protection provided by TrutzBox<sup>®</sup> depends largely on how up-to-date the software is with regard to functions and data. This is only guaranteed if the TrutzBox<sup>®</sup> receives regular and automatic updates.
TrutzServices, the Comidio services for TrutzBox<sup>®</sup>, include the following update services:
* TrutzBrowse: Updates for header extensions, slider presets and blacklists,
* TrutzMail: Updates of Receiver Certificates,
* TrutzContent: Updates for filter lists,
* TrutzBase: Signatures and updates for virus scanners and
* TrutzBox<sup>®</sup> Software: Fault-fixes, security updates and minor functional extensions.
All these services are included in TrutzServices.
The updates were carried out partly regularly (e.g. virus scanner updates), partly on an occasion basis (e.g. security updates). Major updates run in the early morning hours (around 04:00) so that they do not disturb the user.
Therefore it is not only useful to leave the TrutzBox<sup>®</sup> constantly switched on for the e-mail exchange, but also necessary for the execution of the updates.
==== What happens if TrutzBox services are not being extended? ====
In this case, the TrutzMail certificates expire, i.e. services that are bound to these TrutzMail addresses can no longer be used.
Currently these are:
* the exchange of TrutzMails,
* TrutzRTC (Video Conferences and Chat),
* Comidio-Software-Updates.
The Debian updates can still be imported. All other services, such as TrutzBrowse and TrutzContent can still be used, but without updating the filter lists. The same would apply if Comidio did not renew its services.
Since the TrutzBox hardware is based on a high-quality standard board (an APU2 from PCEngines), the hardware could be used as a powerful server (including the built-in SSD disk) for other purposes.
.<br/><br/>
[[#top|-> <u>Table of Contents </u> (of this manual)]]
<br/>
== Administrieren der TrutzBox<sup>®</sup> (für TrutzBox<sup>®</sup> Administrator) ==
