Trutzbox Manual
Contents
1 The TrutzBox®
Comprehensive background information and technical details that go beyond setting up and using the TrutzBox® are provided by the Comidio Compendium', see https://comidio.de/trutzbox-kompendium/.
1.1 Searching the manual
Comment on "Search":
This manual is structured as a single, large wiki page. Therefore the search function (top right) is not helpful.
To search, please use "Ctrl f", i.e.
- Press and hold the " Strg" or "Ctrl" key
- Press the "f" key simultaneously (for "find")
A search line will appear at the bottom of the browser window.
Enter the search term in the search window on the left, and depending on the search direction, press down arrow or up arrow to jump to the next search result.
If the search text is displayed on a red field, the search term does not appear in the entire text.
(To hide the search line: click on "x" on the right side in the search line.
1.2 Before you turn to the TrutzBox... updates!
Please make sure that the following Updates are done and that you can access your Internet router user interface.
| Operating system | Please make sure that your operating system is up to date with the latest update. Only in this way can you be sure that you are optimally protected by the latest updates.In addition, TrutzBox is set up with its own updates to work with the latest operating system updates. If the operating system is not equipped with the latest update, the TrutzBox may not be able to work and thus do not offer optimum protection. |
| Browser | Bitte achten Sie darauf, dass jeder Ihr Browser mit dem neusten Update versehen auf dem neusten Stand ist. Only in this way can you be sure that you are optimally protected by the latest updates. In addition, TrutzBox is set up with its own updates to work with the latest browser updates. If the browser is not equipped with the latest update, the TrutzBox may not work and therefore does not offer optimum protection.
|
| Internet- Router |
Please make sure that your Internet router is up to date with the latest firmware update. Only in this way can you be sure that you are optimally protected by the latest updates.In addition, settings are made on the Internet router for certain functions of the TrutzBox. In this respect, access to the user interface of the Internet router may be necessary, i.e. the Internet router administrator should know its call and password'. |
-> Table of Contents (of this manual)
1.3 Follow this manual
| ATTENTION:
We can only provide support if you first go through Quick Start
|
The TrutzBox® will now make your Internet more secure. It has the effect that you cannot be observed while e-mailing and cannot be spied on while surfing. You leave fewer traces on the Internet and you are less traceable. With the TrutzBox ® you strengthen your privacy.
The TrutzBox® is the security center of your home network. It controls incoming and outgoing Internet traffic. With the TrutzBox® you determine which information the devices connected to the Internet in your home network may disclose.
With the TrutzBox® you can control the Internet connections of your
- Internet devices at home, like computers, tablets, smartphones,
- mobile Internet devices on the move, such as laptops, tablets, smartphones,
- Internet-enabled devices, such as television, house control (e.g. roller shutters, heating), toothbrush, refrigerator, etc.
The TrutzBox® will make the lives of criminal Internet hackers, professional data traders and secret services, which have been observing you while surfing and use your data for their own purposes or commercially, more difficult to a previously unknown extent.
Comidio TrutzBox® offers optimal protection of your privacy through
- automatic end-to-end encryption of your e-mails,
- traceless surfing the Internet,
- maximum protection for your children,
- Firewall and virus protection,
- easy operability,
- cost-effective use,
and thus delivers optimal anonymity.
The TrutzBox® offers plug and play settings and is already optimally configured for most requirements at the factory. Special personal requirements are set via the easy-to-use user interface.
-> Table of Contents (of this manual)
1.4 TrutzBox with or without (own) WLAN?
The WLAN module of the TrutzBox is required if a mobile device is to be controlled via the TrutzBox®. This is then connected directly to the network of the TrutzBox (= its WLAN).
There are basically two ways to connect devices to the TrutzBox®:
| Case 1: | PC 1 is connected to the Internet router via WLAN or network cable (dashed yellow).
|
| Case 2: | PC 2 is connected to the TrutzBox® via WLAN or network cable (green dashed). All Internet traffic (surfing) automatically passes through the TrutzBox®.This mode is called |
To use the TrutzBrowse and TrutzContent functions (secure surfing for and protection of minors), it can be decided for each device whether it should be left on the network of the Internet router (e.g. Fritzbox) (proxy mode) or connected to the TrutzBox network (transparent mode).
The aim is to connect as many or all devices as possible in the home network directly via the TrutzBox® (i.e. in "transparent mode").
It is advisable to reach this state step by step.
Therefore, you should start "small" at the beginning and gain experience in "proxy mode" by not changing anything on your home network, i.e. the devices initially remain on the Internet router.
You can also intentionally surf in a browser (e.g. Firefox) in proxy mode while surfing in parallel in a second browser (e.g. Chrome) without protection.
For example, you can track the influence the security slider has on unprotected access in various positions (e.g. effects on advertising offers shown).
If you have sufficient experience in proxy mode and would like to gain additional security, you can gradually connect devices in transparent mode by connecting them directly to the TrutzBox® via WLAN (or network cable).
[Since there are occasional exceptions in which website use is not possible even with SliderLevel 10 (TrutzBox set to "pull-through"), it is recommended to operate a browser-based client device in proxy mode, so that the TrutzBox can be switched off as a proxy in the browser of this client device if necessary. This allows the browser of this device to access the Internet directly via the Internet router (bypassing the TrutzBox). After the exception has been made, the TrutzBox should be activated again in the browser as a proxy].
This means that the TrutzBox can also be operated safely without a WLAN module and the WLAN module can be added later if required.
The other TrutzBox functions, such as Webmeeting, Mail, Chat and Remote Access, work in both modes unaffected by this.
To change from transparent mode to proxy mode or vice versa, please proceed as follows:
- Shut down PC or device (= switch off by software).
- If previously connected to TrutzBox, now connect to the Internet router or vice versa.
- Switch on/restart the device (now the device automatically receives an IP address valid in this network area).
-> Table of Contents (of this manual)
1.5 Phases, users and administrator
This manual describes two roles in these words:
”User”
Anyone using TrutzBox functions is referred to in this manual as "'User'".
Administrator
A person who uses certain administrative functions of the TrutzBox that are not available to every user is described in this manual "Administrator".
With private use of the TrutzBox the administrator is usually an adult, in families e.g. a legal guardian.
For commercial use of the TrutzBox, the administrator is usually an internal or external IT administrator.
In general, the following phases can be distinguished when using the TrutzBox:
| Phase | activities | |
| start up (ca. 15 Min.) |
Unpacking, checking, connecting and switching on the TrutzBox | Administrator |
| set up (ca. 30 Min. plus updates) |
Test Internet connection, import certificate, set admin password, register TrutzBox, create TrutzMail address, set WLAN name and password | Administrator |
| Usage (ongoing) |
Surfing, Mailing, Webmeets | User |
| Administrieren (as needed) |
Manage users, create PGP partners, manage TrutzBrowse filters, set up remote access (VPN), import certificates on end devices, reactivate SecuritySlider, advise and support users | Administrator |
-> Table of Contents (of this manual)
1.6 How do I set up my TrutzBox?
Depending on the administrator's IT skills, the following sections of this manual may be helpful:
| Administrator is ... | recommended chapter |
| IT-Expert | chapter: 2.1 (Weiter zu 2.1) |
| IT- knowledgable | chapter: 2.2 (Weiter zu 2.2) |
| interested layperson | chapter: 3 (Weiter zu 3) |
-> Table of Contents (of this manual)
Fast Lane *** Fast Lane *** Fast Lane *** Fast Lane *** Fast Lane ***
2 Fast Lane (for TrutzBox® Administrator)
Chapter 2 contains information for technically affine users:
- für IT-Experts, following, in chapter 2.1 (Weiter zu 2.1)
- for IT-knowledgable in chapter 2.2 (Weiter zu 2.2)
Interested laymen will find detailed information in chapter 3 (Weiter zu 3)
2.1 Installation Instructions (Overview for Experts)
Folgende Tabelle kann auch als PDF heruntergeladen werden: Download
| TrutzBox Function | Sub-Function | Action |
| Wiring the Hardware | Connect the TrutzBox LAN-Ext socket to the Internet router using the LAN cable supplied. Connect TrutzBox to the power supply with the power supply unit. (Details) | |
| Carry out setup | "http://trutzbox" enter in browser (Details); Confirm certificate error |
|
| Install TrutzBox certificate on any device & on any browser | Install TrutzBox certificate on any device & on any browser (Details) |
| little-tracking surfing | transparent mode (every software on the device is controlled) | Connect the Device to the TrutzBox network (via WLAN or LAN) (Details) |
| Proxy mode (only browser accesses are controlled) | Keep Device on the network of the Internet router and Automatic proxy configuration "http://trutzbox/api/proxy/pac" configure in the browser (Details) |
| encrypted mails |
secure mail exchange with other TrutzBoxes (TrutzMail) | set up an additional email address in the email program: incoming mail server (IMAP): trutzbox, port: 143, TLS; outgoing email server (SMTP): trutzbox, port: 587, TLS (Details) |
| Exchange PGP-encrypted emails with "normal mail accounts“ | configure external SMTP server on the TrutzBox and enter public keys of the mail recipients (Details) |
| Access restrictions for young people or IoT |
transparent Mode (any software on the device) | If necessary, select another user group on the TrutzBox or define your own access restrictions (Details) |
| secure video conferencing | Set up a new video conference room | Think up a room name and call it up in your browser (preferably Chrome) https://trutzbox:9082/raumname and log in with your mail account (Details) |
| Subscribers are connected to the internal network | call up in your browser (preferably Chrome): https://trutzbox:9082/raumname | |
| Participants want to connect via the Internet | Set up port sharing for TrutzRTC on the Internet router: Port 9083 UDP and port 9082 TCP. In the browser (preferably Chrome) launch https://ip-addr:9082/raumname. ip-addr is the external IP address or (if configured) DynDNS domain of the Internet router. |
| secure Chat/ Messaging |
install xmpp-client: Apple Macintosh Adium (https://adium.im) |
| Remote access to TrutzBox (mobile access) | Allow VPN access on the Internet router | Setting up port sharing for VPN on the Internet router: Port 1194 UDP |
| DynDNS - Get domain and activate remote access on the TrutzBox | If not yet available: Get DynDNS domain for the Internet connection from a service provider. Z.B. spdyn.de:
Activate DynDNS in the Internet router. |
|
| VPN client setup on the mobile device | Activate remote access on the TrutzBox for the user. User will then receive a TrutzMail with an OpenVPN configuration file. This must then be imported into the OpenVPN software on the mobile device. (Details) | |
| Use remote access - establish connection | Connect the device to the Internet and activate connection setup in the VPN client. (Details) |
This table can also be downloaded as PDF: Download
-> Table of Contents (of this manual)
2.2 TrutzBox Setup-Guide
The following quick introduction corresponds to the two-sided "TrutzBox Setup Guide", which is included with the TrutzBox delivery.
For better navigation, the Quick Start wiki contains green headings.
Steps A - D must be performed one after the other.
Safety instructions:
- Use only the supplied power supply and network cable. Connect only compatible accessories.
- The TrutzBox is not splash-proof. Do not place them in bathrooms or shower rooms.
- Protect the TrutzBox from shocks, dust and chemicals.
- The TrutzBox must not be exposed to strong temperature variations and may only be operated indoors. Protect the TrutzBox from overheating and direct sunlight; do not place the TrutzBox near stoves, radiators or similar heat sources.
Disposal:
It is prohibited to dispose of the TrutzBox (including the entire scope of delivery) with household waste. If the adjacent symbol of a crossed-out waste bin is attached to a product, this product is subject to European Directive 2002/96/EC. Please dispose of the device including the scope of delivery in accordance with this directive. If you have any questions regarding disposal, please contact the local authority responsible for disposal. The TrutzBox contains a built-in battery. You are legally obliged to dispose of the (used) battery only via specialist electrical retailers or recycling collection points (do not dispose of it with household waste!).
2.2.1 Check scope of delivery (Step A)
... and if applicable the WLAN antenna installation kit.
-> Details zu Lieferumfang überprüfen
-> Table of Contents (of this manual)
2.2.2 Connecting TrutzBox (Step B)
- Connect the network cable to the Internet router (1) and "Ext" on the TrutzBox (2).
- Connect the power supply unit to the "12V DC" connection of the TrutzBox (3) and then to the power supply (4).
- After approx. 1 minute the TrutzBox beeps and after approx. 3-4 minutes the left-hand LED on the front of the TrutzBox starts to flash "and after another approx. 5-6 minutes (after a total of approx. 9-10 minutes) the TrutzBox is ready for operation.
If required, the WLAN built-in antenna available in the Comidio Shop (www.comidio.de/shop) can be retrofitted at any time.
-> Details zu TrutzBox anschließen
-> Table of Contents (of this manual)
2.2.3 Setting up TrutzBox (Step C)
In the Internet browser address bar of a computer connected to your home network, type: http://trutzbox
Now 9 screen pages follow one after the other for the initial setup of your TrutzBox:
- Page 1: Welcome : TrutzBox self-tests whether it has access to the Internet,
- Page 2: License terms : accept the license agreement,
- Page 3: Import Root-Zertificate
| Schritt 1: | Download Root-Zertificate |
| Step 2: using Firefox: |
2a. Certificate is automatically loaded into Firefox certificate management 2b. Confirm the first box of the certificate trust query |
| Step 2: using IE* / Chrome |
2a. Root certificate is located in the download directory 2b. Importing the root certificate into Windows certificate management |
| Step 3 | Start test |
- Page 4: Set admin password : Setting the administrator password for your TrutzBox,
- Page 5: Register TrutzBox : Enter TrutzLegitimierung (TrutzKennung und TrutzSchlüssel),
- Page 6: Create TrutzMail Adresse: Create name, e-mail address and password,
- Page 7: WLAN settings : Setting the WLAN name (SSID) and the WLAN password (can be done later in case of later WLAN setup),
- Page 8: source packages : Determine memory release or storage of source packages, and
- Page 9: recap : Presentation of the entries, and if OK: "Start initial setup".
*IE = Internet Explorer
At the end of setup, updates are downloaded to the TrutzBox.
This process can take more than 60 minutes. Please do not switch off the TrutzBox or start any other process during this time. As soon as the "Complete Setup" window appears, all updates are complete. Press on „Fertig“.
Then the TrutzBox user interface appears, which can be opened with the just defined admin password (4.). Re-call the TrutzBox user interface with http://trutzbox.
-> Details zu TrutzBox einrichten
-> Table of Contents (of this manual)
2.2.4 Enter TrutzBox as a proxy in your browser (Step D)
In order for the PC to surf the Internet securely via the TrutzBox (and not unprotected via the Internet router), the TrutzBox must be entered as a proxy (= deputy, quasi "bouncer" to protect your devices) in each browser of the connected devices.
-> Details zu TrutzBox als Proxy in Browser eintragen
To enable and disable the TrutzBox as a proxy in the browser - especially in the initial phase -, the use of a proxy switch is recommended.
-> Details zu Verwendung eines Proxy-Schalters
This completes the setup.
For more information on using the TrutzBox see chapter 4.
-> Details zu Nutzung der TrutzBox
2.2.5 Import TrutzBox Certificate
For other devices that wish to use TrutzBox via browser, mail or XMPP chat: To identify the TrutzBox as a secure device, the root certificate generated during setup must be imported into every Firefox browser and operating system used on the device (PC, tablet, smartphone).
-> Details zu TrutzBox Zertifikat importieren
*** END of Fast Lane *** END of Fast Lane *** END of Fast Lane *** END of Fast Lane *** END of Fast Lane *** END of Fast Lane ***
3 TrutzBox® Setup (for TrutzBox® Administrator)
This chapter includes
- Start-up of the TrutzBox®
- Set-up of the TrutzBox®
The aim is to connect as many or all devices as possible in the home network via the TrutzBox®.
However, this only happens after setting up according to the manual.
After the TrutzBox® is connected to the Internet router, start "small" by entering the TrutzBox® as "Proxy" (= deputy, quasi "doorman") in a browser of a connected PC and thus controlling the TrutzBox® the incoming and outgoing Internet traffic of this connected PC.
After completing this quick start, the user can
- surf without tracks (at least with few tracks) with presets,
- encrypted email via web access and
- use the proposed filter lists for child and youth protection.
Once this state has been reached, further devices should be connected to the TrutzBox® in a controlled manner.
Devices for which a proxy can be set up
Devices for which a proxy can be configured (e.g. browser on PC or, if available, on TV set) should first be connected to the Internet router via WLAN (or network cable) and the TrutzBox® should be entered as the proxy.
Once you have gained experience in this way, you can connect the devices directly to the TrutzBox® via WLAN (or network cable).
Devices for which no proxy can be set up
Devices for which no proxy can be set up (e.g. refrigerator or toothbrush) should be connected to the TrutzBox®; then the communication characteristics can be monitored and, if necessary and controlled, external communication can be permitted.
-> Table of Contents (of this manual)
3.1 Start-up of the TrutzBox®
| ATTENTION:
We can only provide support if you first go through Quick Start
|
3.1.1 Before connecting the TrutzBox®
Before you connect the TrutzBox®
- check the scope of delivery,
- check the prerequisites for start-up,
- read "Safety and Handling" and
- familiarize yourself with connections and displays..
Please only put your TrutzBox® into operation afterwards.
3.1.1.1 Scope of delivery
Please check the completeness of the scope of delivery:
3.1.1.2 Prerequisite for start-up
For the start-up of the TrutzBox® the following requirements must be fulfilled:
- Computer or Internet-enabled device with access to the Internet router,
- the up-to-date web browser (e.g. Internet Explorer, Google Chrome, Mozilla Firefox) and
- Internet connection.
-> Table of Contents (of this manual)
3.1.1.3 Safety and Operation
Before installing and using the TrutzBox® read the following safety and operating instructions.
Safety instructions:
Before connecting the TrutzBox® ®, please take note of the following safety instructions to protect yourself and the TrutzBox® from damage.
- Use only the supplied AC adapter and network cable. Incidentally, only connect compatible accessories.
- The TrutzBox® is not splash-proof. Therefore, only place them in dry rooms; not in bathrooms or shower rooms.
- Protect the TrutzBox® against shocks, dust and chemicals.
- The TrutzBox® must not be exposed to strong temperature changes and may only be operated indoors.
- Protect the TrutzBox® from overheating and avoid direct sunlight on the TrutzBox® as well as the proximity of the TrutzBox® to ovens, radiators or similar heat sources.
- Avoid overloading sockets, extension cords and socket strips. Overloaded power supplies present a fire and electric shock risk.
- Do not place the TrutzBox® on carpet or upholstered furniture.
- Do not cover the TrutzBox® .
- Do not place the TrutzBox® on heat-sensitive surfaces, as the underside of the unit may heat up during normal operation.
- Do not install the TrutzBox® during thunderstorms.
- Disconnect the TrutzBox® from the power supply and the Internet connection during thunderstorms.
- Do not allow liquids to penetrate inside the TrutzBox®, as electric shocks or short circuits may result.
- Do not open the housing of the TrutzBox® . Improper opening and improper repairs can pose a risk to users of the device.
Operation
- If you want to establish wireless connections between the TrutzBox® and computers, place the TrutzBox® in a central location.
- Ensure sufficient distance to sources of interference such as microwave ovens, DECT telephones or electrical appliances with large metal housings.
Disposal:
It is prohibited to dispose of the TrutzBox (including the entire scope of delivery) with household waste. If the adjacent symbol of a crossed-out waste bin is attached to a product, this product is subject to European Directive 2002/96/EC. Please dispose of the device including the scope of delivery in accordance with this directive. If you have any questions regarding disposal, please contact the local authority responsible for disposal. The TrutzBox contains a built-in battery. You are legally obliged to dispose of the (used) battery only via specialist electrical retailers or recycling collection points (do not dispose of it with household waste!)
-> Table of Contents (of this manual)
3.1.1.4 Interfacing and LEDs
Connections (rear panel) The following connections are located on the rear panel:
| COM-1 | V24 connection (not required) |
| LAN-Ext | Network connection, insecure network: Internet router |
| LAN-Int1 | Network connection, secure network: network-compatible device, e.g. PC or switch |
| LAN-Int2 | Network connection, secure network: network-compatible device, e.g. PC or switch |
| USB | two USB ports (e.g. for connecting a WLAN adapter via USB cable) |
| 12 V DC | Power supply unit connection via included power supply unit |
-> Table of Contents (of this manual)
LEDs (front panel) At the front panel there are three LEDs:
| left LED: Heartbeat |
off permanent on Rhythmic blinking |
TrutzBox® is switched off TrutzBox® is booting TrutzBox® in operation |
| LED Mitte: TrutzMail |
Lights Up | TrutzMail is sending or receiving an e-mail |
| right LED: TrutzBrowse, TrutzContent |
Lights Up | Short flash as soon as tracker / website are blocked |
-> Table of Contents (of this manual)
3.1.2 Connecting the TrutzBox®
Before initial operation of the TrutzBox® observe the instructions in the section "Safety and Operation“.
Connect the TrutzBox® as follows:
- Connect the RJ45 network cable to a network socket of the Internet router (1) and to the "Ext" connector on the back of the TrutzBox® (2).
- Connect the power supply unit to the "12V DC" connection of the TrutzBox® (3) and to the 100-240V power supply (4). Only use the supplied power supply unit for connection to the power supply.
After approx. 1 minute the TrutzBox beeps and after approx. 3-4 minutes the left LED on its front side starts to flash, and after another approx. 5-6 minutes (after a total of approx. 9-10 minutes) the TrutzBox is ready for operation.
If required, the WLAN options available in the Comidio Shop (www.comidio.de/shop) can be retrofitted at any time.
|
Important:
|
-> Table of Contents (of this manual)
3.2 TrutzBox® Set up
To set up your Trutzbox, you can do this with any browser. The process is a little different, depending on which browser is used. There are two groups:
- Mozila Firefox (with own certificate management) and
- Internet Explorer or Google Chrome (with shared certificate management in the operating system).
The following example shows the processes for both types; starting with Mozilla Firefox.
After connecting the TrutzBox® according to chapter "Connecting the TrutzBox®" it starts up. This can take 9-10 minutes.
Then connect your computer's browser to the TrutzBox® by entering"http://trutzbox" in the browser's address bar..
It is recommended to open 2 browser windows, so that you can work e.g. in the left window on the TrutzBox® user interface and directly next to it, e.g. in the right window, you can access the manual or the browser administration.
This is shown below:
- Part I is the same for all browser types,
- Part II distinguishes between Firefox (2a) and "Non-Firefox" (2b) and
- Part III is identical again.
3.2.1 Part I: Preparation of the setup
After you open a browser window, enter <Ctrl><N> on the keyboard:
Hold down key <Ctrl> (2a) and additionally press key "n" (2b).
This opens a second browser window.
-> Table of Contents (of this manual)
The second window (1) is now above the first window. Click with the left mouse button on the upper frame of the browser window and move the second window (with pressed left mouse button) to the right, next to the first window.
-> Table of Contents (of this manual)
Open the wiki manual in the right window (1) (www.comidio.de/wiki) and go to chapter 3.2.
Enter in the left window (2) "http://trutzbox".
If you are using Firefox, please read on...
If you are not using Firefox, please continue reading at "Part IIb: Setup with Non-Firefox"
3.2.2 Part IIa: Setup with Firefox
-> Table of Contents (of this manual)
The TrutzBox® checks the Internet connection (1) ...
-> Table of Contents (of this manual)
... and confirms the connection with a green tick (1).
Click on "Next" (2).
-> Table of Contents (of this manual)
Here you can read the license conditions.
If you agree, click on "Accept license terms" (1).
-> Table of Contents (of this manual)
Since we are currently using Firefox, click on "here" in step 1 of (a)(1)
-> Table of Contents (of this manual)
In the trust query, set the two upper check marks (1)+(2).
Click on "Weiter" (3).
-> Table of Contents (of this manual)
Click on "Test starten" (1) ...
-> Table of Contents (of this manual)
... and wait for the test result (1).
Click on "Weiter" (2).
Continue to "Part III: Completion of the setup".