Difference between revisions of "Trutzbox Manual"
(→Fast Lane (for TrutzBox® Administrator)) |
|||
Line 211: | Line 211: | ||
Interested laymen will find detailed information in chapter 3 ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#Einrichten_.28Set_Up.29_der_TrutzBox.C2.AE_.28f.C3.BCr_TrutzBox.C2.AE_Administrator.29 Weiter zu 3]) | Interested laymen will find detailed information in chapter 3 ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#Einrichten_.28Set_Up.29_der_TrutzBox.C2.AE_.28f.C3.BCr_TrutzBox.C2.AE_Administrator.29 Weiter zu 3]) | ||
− | ===<span style="color: green"> | + | ===<span style="color: green">Installation Instructions (Overview for Experts)</span style>=== |
+ | |||
+ | Folgende Tabelle kann auch als PDF heruntergeladen werden: [https://comidio.de/wp-content/uploads/2017/06/TrutzBox-installations-Anweisung-U%CC%88bersicht-1.4.pdf Download] | ||
+ | <br><br> | ||
+ | <!--************** Überschriften, 3-spaltig **************--> | ||
+ | <table border="2" width="700"> | ||
+ | <tr> | ||
+ | <td width="100">'''TrutzBox Function'''</td> | ||
+ | <td width="300">'''Sub-Function'''</td> | ||
+ | <td width="300">'''Action'''</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <!--************** HW verkabeln, etc. **************--> | ||
+ | <table border="2" width="700"> | ||
+ | <tr> | ||
+ | <td width="100">'''Wiring the Hardware'''</td> | ||
+ | <td width="300"></td> | ||
+ | <td width="300"> Connect the TrutzBox LAN-Ext socket to the Internet router using the LAN cable supplied. Connect TrutzBox to the power supply with the power supply unit. ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#TrutzBox_anschlie.C3.9Fen_.28Schritt_B.29 Details])</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td>'''Carry out setup'''</td> | ||
+ | <td></td> | ||
+ | <td><nowiki>"http://trutzbox"</nowiki> enter in browser ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#TrutzBox_einrichten_.28Schritt_C.29 Details]);<br/> | ||
+ | Confirm certificate error </td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td>'''Install TrutzBox certificate on any device & on any browser'''</td> | ||
+ | <td></td> | ||
+ | <td> Install TrutzBox certificate on any device & on any browser ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#Zertifikate Details])</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | |||
+ | <!--************** spurenarmes Surfen **************--> | ||
+ | <table border="2" width="700"> | ||
+ | <tr> | ||
+ | <td width="100">'''little-tracking surfing'''</td> | ||
+ | <td width="300"> transparent mode (every software on the device is controlled)</td> | ||
+ | <td width="300"> Connect the Device to the TrutzBox network (via WLAN or LAN) ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#Ger.C3.A4t_direkt_per_WLAN_.28oder_LAN.29_mit_TrutzBox.C2.AE_verbinden_.28Transparent-Modus.29 Details])</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td></td> | ||
+ | <td> Proxy mode (only browser accesses are controlled)</td> | ||
+ | <td> Keep Device on the network of the Internet router and Automatic proxy configuration <nowiki>"http://trutzbox/api/proxy/pac"</nowiki> configure in the browser([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#TrutzBox.C2.AE_als_Proxy_.28Proxy-Modus.29_einrichten_in_... Details])</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | |||
+ | <!--************** verschlüsselte E-Mails **************--> | ||
+ | <table border="2" width="700"> | ||
+ | <tr> | ||
+ | <td width="100">'''encrypted<br/>mails'''</td> | ||
+ | <td width="300">sicherer Mail-Austausch mit anderen TrutzBoxen (TrutzMail)</td> | ||
+ | <td width="300">im E-Mail Programm zusätzliche E-Mail Adresse einrichten:<br>Posteingangsserver (IMAP): trutzbox, port: 143, TLS;<br>Postausgangsserver (SMTP): trutzbox, port: 587, TLS ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#Nutzung_eines_Mail-Client Details])</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td></td> | ||
+ | <td>PGP-verschlüsselte E-Mails mit "normalen Mail-Accounts" austauschen</td> | ||
+ | <td>auf der TrutzBox externen SMTP-Server konfigurieren und public-Keys der Mail-Empfänger erfassen ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#Mail-Austausch_.28PGP.29_verwalten Details])</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <!--************** Zugriffs-Beschränkungen für Jugendliche oder IoT **************--> | ||
+ | <table border="2" width="700"> | ||
+ | <tr> | ||
+ | <td width="100">'''Zugriffs-Beschrän-<br/>kungen für Jugendliche oder IoT'''</td> | ||
+ | <td width="300">transparent Mode (jede Software auf dem Device)</td> | ||
+ | <td width="300">evtl. auf der TrutzBox eine andere Benutzergruppe auswählen oder eigene Zugriffs-Beschränkungen definieren ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#Filter-Konfigurieren Details])</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <!--************** sichere Video-Konferenzen **************--> | ||
+ | <table border="2" width="700"> | ||
+ | <tr> | ||
+ | <td width="100">'''sichere Video-Konferenzen'''</td> | ||
+ | <td width="300">neue Video-Konferenz-Raum einrichten</td> | ||
+ | <td width="300">Raumname ausdenken und Im Browser (möglichst Chrome) <nowiki>https://trutzbox:9082/raumname</nowiki> aufrufen und mit Mail-Account einloggen ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#TrutzMeeting:_Audio-_und_Video-Konferenz_Service Details])</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td></td> | ||
+ | <td>Teilnehmer sind mit dem internen Netz verbunden</td> | ||
+ | <td>Im Browser (möglichst Chrome) <nowiki>https://trutzbox:9082/raumname</nowiki> aufrufen</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td></td> | ||
+ | <td>Teilnehmer möchten sich über das Internet verbinden</td> | ||
+ | <td>Portfreigabe für TrutzRTC auf dem Internet-Router einrichten: Port 9083 UDP und Port 9082 TCP. Im Browser (möglichst Chrome) <nowiki>https://ip-addr:9082/raumname</nowiki> aufrufen. ip-addr ist die externe Ip-Adresse oder (falls eingerichtet) DynDNS-Domain des Internet-Routers</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <!--************** '''sicheres Chatten/Messaging''' **************--> | ||
+ | <table border="2" width="700"> | ||
+ | <tr> | ||
+ | <td width="100">'''sicheres Chatten/<br/>Messaging'''</td> | ||
+ | <td width="300"></td> | ||
+ | <td width="300">xmpp-Client installieren:<br> | ||
+ | Apple Macintosh Adium (https://adium.im)<br> | ||
+ | Microsoft Windows PSI (http://psi-im.org)<br> | ||
+ | iOS ChatSecure (https://chatsecure.org)<br> | ||
+ | Android Xabber (https://www.xabber.com/)<br><br> | ||
+ | |||
+ | Als xmpp-Server "trutzbox" eintragen; Login ist TrutzMail-Adresse und Passwort. ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#TrutzChat_.28XMPP_Service.29 Details])</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <!--************** Fernzugriff auf TrutzBox (mobiler Zugriff) **************--> | ||
+ | <table border="2" width="700"> | ||
+ | <tr> | ||
+ | <td width="100">'''Fernzugriff auf TrutzBox (mobiler Zugriff)'''</td> | ||
+ | <td width="300">VPN-Zugriff auf dem Internet-Router erlauben</td> | ||
+ | <td width="300">Portfreigabe für VPN auf dem Internet-Router einrichten: Port 1194 UDP</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td></td> | ||
+ | <td>DynDNS - Domain besorgen und Fernzugriff auf der TrutzBox aktivieren</td> | ||
+ | <td>Falls noch nicht vorhanden:<br> | ||
+ | DynDNS-Domain für den Internet-Anschluss bei einem Dienstleister besorgen. Z.B. spdyn.de: | ||
+ | DynDNS im Internet-Router aktivieren.<br> | ||
+ | Update-URL: "update.spdns.de/nic/update?hostname=<domain>&myip=<ipaddr>"<br> | ||
+ | DynDNS-Domain in der TrutzBox eintragen und Remote-Zugriff aktivieren. ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#Fernzugriff_.2F_VPN Details])</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td></td> | ||
+ | <td>VPN-Client Einrichtung auf dem mobilen Gerät</td> | ||
+ | <td>Fernzugriff auf der TrutzBox für den Benutzer aktivieren. Benutzer bekommt daraufhin eine TrutzMail mit einem OpenVPN-Konfigurations-File zugeschickt Dieses muss dann in die OpenVPN-Software auf dem mobilen Gerät importieren. ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#VPN_Client_auf_iPhone_installieren Details])</td> | ||
+ | </tr> | ||
+ | <tr> | ||
+ | <td></td> | ||
+ | <td>Remote Zugriff nutzen - Verbindung aufbauen</td> | ||
+ | <td>Gerät mit dem Internet verbinden und im VPN-Client Verbindungsaufbau aktiviern. ([https://comidio.de/wiki/index.php/TrutzBox_Handbuch#VPN_Client_auf_iPhone_installieren Details])</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <br> | ||
+ | Diese Tabelle kann auch als PDF heruntergeladen werden: [https://comidio.de/wp-content/uploads/2017/06/TrutzBox-installations-Anweisung-U%CC%88bersicht-1.4.pdf Download]<br> | ||
+ | <br/><br/> | ||
+ | [[#top|-> <u> Table of Contents </u> (of this manual)]] | ||
+ | <br/><br/> | ||
+ | |||
+ | ===<span style="color: green"> TrutzBox Setup-Anleitung </span style>=== | ||
+ | |||
+ | '''<span style="color: green">Der folgende Schnell-Einstieg entspricht der zweiseitigen "TrutzBox Setup-Anleitung", welche der TrutzBox Lieferung beiliegt.<br/> | ||
+ | Zur besseren Navigation enthält der Schnell-Einstieg im Wiki grüne Überschriften.</span style>''' | ||
+ | |||
+ | '''Die Schritte A - D müssen nacheinander durchgeführt werden.''' |
Revision as of 18:25, 22 April 2018
1 The TrutzBox®
Comprehensive background information and technical details that go beyond setting up and using the TrutzBox® are provided by the Comidio Compendium', see https://comidio.de/trutzbox-kompendium/.
1.1 Searching the manual
Comment on "Search":
This manual is structured as a single, large wiki page. Therefore the search function (top right) is not helpful.
To search, please use "Ctrl f", i.e.
- Press and hold the " Strg" or "Ctrl" key
- Press the "f" key simultaneously (for "find")
A search line will appear at the bottom of the browser window.
Enter the search term in the search window on the left, and depending on the search direction, press down arrow or up arrow to jump to the next search result.
If the search text is displayed on a red field, the search term does not appear in the entire text.
(To hide the search line: click on "x" on the right side in the search line.
1.2 Before you turn to the TrutzBox... updates!
Please make sure that the following Updates are done and that you can access your Internet router user interface.
Operating system | Please make sure that your operating system is up to date with the latest update. Only in this way can you be sure that you are optimally protected by the latest updates.In addition, TrutzBox is set up with its own updates to work with the latest operating system updates. If the operating system is not equipped with the latest update, the TrutzBox may not be able to work and thus do not offer optimum protection. |
Browser | Bitte achten Sie darauf, dass jeder Ihr Browser mit dem neusten Update versehen auf dem neusten Stand ist. Only in this way can you be sure that you are optimally protected by the latest updates. In addition, TrutzBox is set up with its own updates to work with the latest browser updates. If the browser is not equipped with the latest update, the TrutzBox may not work and therefore does not offer optimum protection.
|
Internet- Router |
Please make sure that your Internet router is up to date with the latest firmware update. Only in this way can you be sure that you are optimally protected by the latest updates.In addition, settings are made on the Internet router for certain functions of the TrutzBox. In this respect, access to the user interface of the Internet router may be necessary, i.e. the Internet router administrator should know its call and password'. |
-> Table of Contents (of this manual)
1.3 Follow this manual
ATTENTION:
We can only provide support if you first go through Quick Start
|
The TrutzBox® will now make your Internet more secure. It has the effect that you cannot be observed while e-mailing and cannot be spied on while surfing. You leave fewer traces on the Internet and you are less traceable. With the TrutzBox ® you strengthen your privacy.
The TrutzBox® is the security center of your home network. It controls incoming and outgoing Internet traffic. With the TrutzBox® you determine which information the devices connected to the Internet in your home network may disclose.
With the TrutzBox® you can control the Internet connections of your
- Internet devices at home, like computers, tablets, smartphones,
- mobile Internet devices on the move, such as laptops, tablets, smartphones,
- Internet-enabled devices, such as television, house control (e.g. roller shutters, heating), toothbrush, refrigerator, etc.
The TrutzBox® will make the lives of criminal Internet hackers, professional data traders and secret services, which have been observing you while surfing and use your data for their own purposes or commercially, more difficult to a previously unknown extent.
Comidio TrutzBox® offers optimal protection of your privacy through
- automatic end-to-end encryption of your e-mails,
- traceless surfing the Internet,
- maximum protection for your children,
- Firewall and virus protection,
- easy operability,
- cost-effective use,
and thus delivers optimal anonymity.
The TrutzBox® offers plug and play settings and is already optimally configured for most requirements at the factory. Special personal requirements are set via the easy-to-use user interface.
-> Table of Contents (of this manual)
1.4 TrutzBox with or without (own) WLAN?
The WLAN module of the TrutzBox is required if a mobile device is to be controlled via the TrutzBox®. This is then connected directly to the network of the TrutzBox (= its WLAN).
There are basically two ways to connect devices to the TrutzBox®:
Case 1: | PC 1 is connected to the Internet router via WLAN or network cable (dashed yellow).
|
Case 2: | PC 2 is connected to the TrutzBox® via WLAN or network cable (green dashed). All Internet traffic (surfing) automatically passes through the TrutzBox®.This mode is called |
To use the TrutzBrowse and TrutzContent functions (secure surfing for and protection of minors), it can be decided for each device whether it should be left on the network of the Internet router (e.g. Fritzbox) (proxy mode) or connected to the TrutzBox network (transparent mode).
The aim is to connect as many or all devices as possible in the home network directly via the TrutzBox® (i.e. in "transparent mode").
It is advisable to reach this state step by step.
Therefore, you should start "small" at the beginning and gain experience in "proxy mode" by not changing anything on your home network, i.e. the devices initially remain on the Internet router.
You can also intentionally surf in a browser (e.g. Firefox) in proxy mode while surfing in parallel in a second browser (e.g. Chrome) without protection.
For example, you can track the influence the security slider has on unprotected access in various positions (e.g. effects on advertising offers shown).
If you have sufficient experience in proxy mode and would like to gain additional security, you can gradually connect devices in transparent mode by connecting them directly to the TrutzBox® via WLAN (or network cable).
[Since there are occasional exceptions in which website use is not possible even with SliderLevel 10 (TrutzBox set to "pull-through"), it is recommended to operate a browser-based client device in proxy mode, so that the TrutzBox can be switched off as a proxy in the browser of this client device if necessary. This allows the browser of this device to access the Internet directly via the Internet router (bypassing the TrutzBox). After the exception has been made, the TrutzBox should be activated again in the browser as a proxy].
This means that the TrutzBox can also be operated safely without a WLAN module and the WLAN module can be added later if required.
The other TrutzBox functions, such as Webmeeting, Mail, Chat and Remote Access, work in both modes unaffected by this.
To change from transparent mode to proxy mode or vice versa, please proceed as follows:
- Shut down PC or device (= switch off by software).
- If previously connected to TrutzBox, now connect to the Internet router or vice versa.
- Switch on/restart the device (now the device automatically receives an IP address valid in this network area).
-> Table of Contents (of this manual)
1.5 Phases, users and administrator
This manual describes two roles in these words:
”User”
Anyone using TrutzBox functions is referred to in this manual as "'User'".
Administrator
A person who uses certain administrative functions of the TrutzBox that are not available to every user is described in this manual "Administrator".
With private use of the TrutzBox the administrator is usually an adult, in families e.g. a legal guardian.
For commercial use of the TrutzBox, the administrator is usually an internal or external IT administrator.
In general, the following phases can be distinguished when using the TrutzBox:
Phase | activities | |
start up (ca. 15 Min.) |
Unpacking, checking, connecting and switching on the TrutzBox | Administrator |
set up (ca. 30 Min. plus updates) |
Test Internet connection, import certificate, set admin password, register TrutzBox, create TrutzMail address, set WLAN name and password | Administrator |
Usage (ongoing) |
Surfing, Mailing, Webmeets | User |
Administrieren (as needed) |
Manage users, create PGP partners, manage TrutzBrowse filters, set up remote access (VPN), import certificates on end devices, reactivate SecuritySlider, advise and support users | Administrator |
-> Table of Contents (of this manual)
1.6 How do I set up my TrutzBox?
Depending on the administrator's IT skills, the following sections of this manual may be helpful:
Administrator is ... | recommended chapter |
IT-Expert | chapter: 2.1 (Weiter zu 2.1) |
IT- knowledgable | chapter: 2.2 (Weiter zu 2.2) |
interested layperson | chapter: 3 (Weiter zu 3) |
-> Table of Contents (of this manual)
Fast Lane *** Fast Lane *** Fast Lane *** Fast Lane *** Fast Lane ***
2 Fast Lane (for TrutzBox® Administrator)
Chapter 2 contains information for technically affine users:
- für IT-Experts, following, in chapter 2.1 (Weiter zu 2.1)
- for IT-knowledgable in chapter 2.2 (Weiter zu 2.2)
Interested laymen will find detailed information in chapter 3 (Weiter zu 3)
2.1 Installation Instructions (Overview for Experts)
Folgende Tabelle kann auch als PDF heruntergeladen werden: Download
TrutzBox Function | Sub-Function | Action |
Wiring the Hardware | Connect the TrutzBox LAN-Ext socket to the Internet router using the LAN cable supplied. Connect TrutzBox to the power supply with the power supply unit. (Details) | |
Carry out setup | "http://trutzbox" enter in browser (Details); Confirm certificate error |
|
Install TrutzBox certificate on any device & on any browser | Install TrutzBox certificate on any device & on any browser (Details) |
little-tracking surfing | transparent mode (every software on the device is controlled) | Connect the Device to the TrutzBox network (via WLAN or LAN) (Details) |
Proxy mode (only browser accesses are controlled) | Keep Device on the network of the Internet router and Automatic proxy configuration "http://trutzbox/api/proxy/pac" configure in the browser(Details) |
encrypted mails |
sicherer Mail-Austausch mit anderen TrutzBoxen (TrutzMail) | im E-Mail Programm zusätzliche E-Mail Adresse einrichten: Posteingangsserver (IMAP): trutzbox, port: 143, TLS; Postausgangsserver (SMTP): trutzbox, port: 587, TLS (Details) |
PGP-verschlüsselte E-Mails mit "normalen Mail-Accounts" austauschen | auf der TrutzBox externen SMTP-Server konfigurieren und public-Keys der Mail-Empfänger erfassen (Details) |
Zugriffs-Beschrän- kungen für Jugendliche oder IoT |
transparent Mode (jede Software auf dem Device) | evtl. auf der TrutzBox eine andere Benutzergruppe auswählen oder eigene Zugriffs-Beschränkungen definieren (Details) |
sichere Video-Konferenzen | neue Video-Konferenz-Raum einrichten | Raumname ausdenken und Im Browser (möglichst Chrome) https://trutzbox:9082/raumname aufrufen und mit Mail-Account einloggen (Details) |
Teilnehmer sind mit dem internen Netz verbunden | Im Browser (möglichst Chrome) https://trutzbox:9082/raumname aufrufen | |
Teilnehmer möchten sich über das Internet verbinden | Portfreigabe für TrutzRTC auf dem Internet-Router einrichten: Port 9083 UDP und Port 9082 TCP. Im Browser (möglichst Chrome) https://ip-addr:9082/raumname aufrufen. ip-addr ist die externe Ip-Adresse oder (falls eingerichtet) DynDNS-Domain des Internet-Routers |
sicheres Chatten/ Messaging |
xmpp-Client installieren: Apple Macintosh Adium (https://adium.im) |
Fernzugriff auf TrutzBox (mobiler Zugriff) | VPN-Zugriff auf dem Internet-Router erlauben | Portfreigabe für VPN auf dem Internet-Router einrichten: Port 1194 UDP |
DynDNS - Domain besorgen und Fernzugriff auf der TrutzBox aktivieren | Falls noch nicht vorhanden: DynDNS-Domain für den Internet-Anschluss bei einem Dienstleister besorgen. Z.B. spdyn.de:
DynDNS im Internet-Router aktivieren. |
|
VPN-Client Einrichtung auf dem mobilen Gerät | Fernzugriff auf der TrutzBox für den Benutzer aktivieren. Benutzer bekommt daraufhin eine TrutzMail mit einem OpenVPN-Konfigurations-File zugeschickt Dieses muss dann in die OpenVPN-Software auf dem mobilen Gerät importieren. (Details) | |
Remote Zugriff nutzen - Verbindung aufbauen | Gerät mit dem Internet verbinden und im VPN-Client Verbindungsaufbau aktiviern. (Details) |
Diese Tabelle kann auch als PDF heruntergeladen werden: Download
-> Table of Contents (of this manual)
2.2 TrutzBox Setup-Anleitung
Der folgende Schnell-Einstieg entspricht der zweiseitigen "TrutzBox Setup-Anleitung", welche der TrutzBox Lieferung beiliegt.
Zur besseren Navigation enthält der Schnell-Einstieg im Wiki grüne Überschriften.
Die Schritte A - D müssen nacheinander durchgeführt werden.