[Freedombox-discuss] Configurable/adaptive connection strategies: lapcat ?

Bjarni Rúnar Einarsson bre at pagekite.net
Thu Jul 28 08:15:58 UTC 2011 

Hey all,

TL;DR:
  I just wrote lapcat: a location aware proxy chooser and router / netcat
for your laptop
  Get it here:
https://github.com/pagekite/PyPagekite/blob/main/scripts/lapcat

I got briefly sidetracked from PageKite development by a small project that
was partially inspired by the discussions here on how FreedomBoxes would
find each other and communicate, and partially inspired by the fact that I
want my home server to be able to make remote rsync-based backups of my
laptop no matter where my laptop is in the world. I thought I'd share and
see if anyone on the list wants to collaborate or provide feedback or tell
me I'm reinventing the wheel before I spend too much time on it.

The initial implementation is used just like netcat: lapcat hostname port
(this integrates v. well with ssh)

The most important next step is to add HTTP Proxy functionality so browsers
and other apps can use it too.

When lapcat opens a connection, it first consults a local rule database (a
directory of configuration files) and is able to run a set of tests to
determine how best to establish the connection. Thus the hostname becomes a
'nickname' of sorts which lapcat may translate into an IP address, an Onion
hidden service name, or a PageKite hostname, along with a set of rules on
preference and how to establish a connection to each one, depending on what
is reachable and where lapcat is running.

Use case 1: I want my home server to make backups of my laptop wherever it
is
  1. I configure an dirvish/rsync+ssh based backup system to connect to
'laptopname' using lapcat
  2. I configure lapcat to initially attempt direct connections on the LAN
  3. As a fallback, I configure lapcat to connect using my laptop's PageKite
name

Use case 2: I want my laptop to always connect securely to my FreedomBox and
those of my friends
  1. I configure my laptop to use a local lapcat as an HTTP proxy
  2. I configure lapcat to connect directly when I am on the home LAN of
each FreedomBox
  3. I configure lapcat to connect over PageKite or Tor when I am away from
home

Use case 3: Route around censorship
  1. Configure lapcat as an HTTP proxy (on my laptop or the FreedomBox or
both)
  2. Configure lapcat to first attempt direct connections to all hosts
  3. Configure lapcat to attempt connections over Tor if direct conns fail
or a 'censorship test' fails
  4. Add explicit rules for alternate or preferred routes to hosts that are
important to me

Use case 4: Improve my browsing security
  1. Configure lapcat as an HTTP proxy (on my laptop or the FreedomBox or
both)
  2. Use the EFF HTTPS Everywhere database to create lapcat rules for
automatically encrypting requests
  3. Enable Tor automatically for another list of sites and .onion addresses
  4. Block access to known bad stuff, e.g. by consulting Google's DNS
blacklist

(Regarding use case 4, I know the HTTPS Everywhere and Tor browsers do many
of these things better than a proxy can, but I believe providing this
functionality is one of the goals for FreedomBox and an HTTP Proxy is
probably the only real way to implement that.)

For use within the FreedomBox, it would be interesting to both create useful
lapcat rulesets and create tools which easily or even automatically create
explicit alternate/preferred routes for hosts we are friends with.  As an
example, sites which are concerned they will be censored could publish
descriptions of 'alternate routes' which people could then install into
their local lapcat config. If people want to experiment with alternate
discovery/connection methods (IPv6 darknets, .p2p DNS, httpk-style
addressing, meshes), lapcat or something like it could be very useful as a
translation/routing layer.

I'm curious to hear what people think - I have the nagging feeling that I
may very well have just reinvented a wheel. Anyway, when comparing lapcat's
main feature are:

  - Built in support for chaining together multiple HTTP or Socks proxies
  - Built in support for SSL encryption
  - Rule-based connection and fail-over strategies
  - Rule selection based on hostnames/nicknames
  - Rule selection based on local network configuration
  - Rule selection based on arbitrary tests (pluggable)
  - Packaging/plug-in friendly rule database (directory based, like Debian's
Apache)

And no, it's not in Debian yet. But it could be! :-)

-- 
Bjarni R. Einarsson
Founder, lead developer of PageKite.

Make localhost servers visible to the world: http://pagekite.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110728/a44224ff/attachment.html>

More information about the Freedombox-discuss mailing list