The Minitel (from the French Médium Interactif par Numérisation d’Information TÉLéphonique) was an interactive videotex online service accessible through phone lines, operated in France from 1982 by the state-owned PTT (Postes, Télégraphes et Téléphones), the ancestor of France Télécom. The service was retired in 2012, after more than 30 years of existence. It might have been the world’s most successful early online service, before the World Wide Web era. It offered services like telephone directory, purchases, reservations, mail, and chat just like the Web offers today.
The Minitel, starting from model 1B, can be used as a VT100-compatible Linux terminal with the proper wiring. So let’s try…
You are without doubt already familiar with the Tor project. The Tor browser is already a very handy tool to surf anonymously, but what if we had an entire network’s traffic forwarded through Tor via a special gateway? Let’s transform a tiny router in a transparent Tor proxy, a portable wifi access point redirecting all traffic to the Tor network!
Let’s begin with a short presentation of one of my favorite hackable network devices: the TL-MR3020.
Network-Attached Storages (NAS) are very handy devices on a home network. They offer a simple way to share or synchronize files, and can host various useful services at the same time provided they are generic enough. A NAS being nothing more than a specialized file server, we will actually build a small home server than will be able to do anything.
The functions can be the following:
File server (FTP, NFS, SMB/CIFS…)
Streaming server (audio or video on the local network)
Personal web server (to host a website, synchonize contacts or send files to people)
Local seedbox (to download torrent files)
Domotic hub (for instance by adding a Zigbee USB dongle)
The server will be pretty simple in its technical design: a Raspberry Pi computer (model B 2) with two hard disks connected with USB adapters.
The Raspberry Pi is actually not able to power the two drives over USB, since we would need 500mA per drive, so 1000mA overall, and the Pi can only supply 600mA over USB. There is a possible boot setting in /boot/config.txt called max_usb_current, which when set to 1 raises the maximum current intensity over USB to 1.2A, but since it is applied only during boot, our disks will still prevent the Pi to actually start properly. For this reason, we need a USB hub with a 2A adapter to power everything and connect the drives to the Pi. Backfeeding would be quite a bad idea, so the Pi needs to be connected to the hub twice, once as a device for power and once as the host.
In this kind of setup, always pay attention to use a genuine power adapter that will be able to handle the load, some really cheap adapters are rated 2A but might not be able to supply this current over a long period of time due to overheating.
I designed the case, front panel and lid with OpenSCAD to print them in 3D. You can download the SCAD source files and the corresponding STL files here.
My network setup at home is surprisingly pretty common: a DSL modem (VDSL2 actually) followed by a router featuring an ethernet switch and an 802.11n wifi access point, configured as a NAT gateway.
Let’s imagine I’m in a country that doesn’t care about the right to private life of its citizens and performs automated mass surveillance, on the pretext of fighting against terrorism or copyright infringement. A gloomy perspective for sure, but let’s keep that as our work hypothesis.
Of course, I could just set up on every computer a VPN whose gateway happens to be in a foreign and more respectful country. However, multiple VPNs on multiple computers are a highly impractical setup for various reasons:
VPN configuration has to be done multiple times, and I’m allergic to repetitive tasks
The maximum number of concurrent connections is restricted by VPN service providers
Access to resources on a local network at the same time is a hassle and need specific configuration, like DNS settings
So, why not install the VPN once and for all in a privacy-enhancing gateway? We will implement it in a clean, IPv6-compatible manner so we even have public addresses working on the hosts.
Our goal is to get a smart gateway behaving as follows:
Outgoing connections are routed through the VPN. We have to use Network Address Translation since the VPN provider only attributed us one IPv4 address and one IPv6 address.
Incoming connections are routed normally to the LAN, so we get IPv4 port forwarding and working IPv6 public addresses.