Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "Freifunk:VPN1"

From CCCHHWiki
Jump to: navigation, search
m
m
Line 204: Line 204:
  
 
===== ffvpn/hosts/leipzig1 =====
 
===== ffvpn/hosts/leipzig1 =====
Address = vpn1.leipzig.freifunk.net
+
Address = vpn1.leipzig.freifunk.net
-----BEGIN RSA PUBLIC KEY-----
+
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAKL7eWHmD2Rn6IP7JlSWtkphokN785g8nccBmfcjbwEwiZv+EFaVoid/
+
MIGJAoGBAKL7eWHmD2Rn6IP7JlSWtkphokN785g8nccBmfcjbwEwiZv+EFaVoid/
0dPfvHaX0GaQGOhpef3PVHEbIMuU8dD9+7WbXO3+hUSIAfHoIdGK7n8qFtzTpzqn
+
0dPfvHaX0GaQGOhpef3PVHEbIMuU8dD9+7WbXO3+hUSIAfHoIdGK7n8qFtzTpzqn
HAWcgneIE+sZVZRKC0B3VyQ8XujHuLCrQYkjRmVzvbb4cSzE+YhxAgMBAAE=
+
HAWcgneIE+sZVZRKC0B3VyQ8XujHuLCrQYkjRmVzvbb4cSzE+YhxAgMBAAE=
-----END RSA PUBLIC KEY-----
+
-----END RSA PUBLIC KEY-----
  
 
===== ffvpn/hosts/leipzig2 =====
 
===== ffvpn/hosts/leipzig2 =====
Address = vpn2.leipzig.freifunk.net
+
Address = vpn2.leipzig.freifunk.net
-----BEGIN RSA PUBLIC KEY-----
+
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALf6n7zN7GDf50k4F1+JbOde/7WGKc8HtaCNyIV93PeSFz1IiGpf8Vnn
+
MIGJAoGBALf6n7zN7GDf50k4F1+JbOde/7WGKc8HtaCNyIV93PeSFz1IiGpf8Vnn
9xGl64X+5i07gH9l81Cx2/cgSqY3XYSTCVrCCaAJN5jnoQbubfQTojx/e0ZKDXeO
+
9xGl64X+5i07gH9l81Cx2/cgSqY3XYSTCVrCCaAJN5jnoQbubfQTojx/e0ZKDXeO
WVtjm6Y+TcqBLJ2TRAxmtyc3VX5VBfU3N3yaYZv3G+RzKNFI1VX7AgMBAAE=
+
WVtjm6Y+TcqBLJ2TRAxmtyc3VX5VBfU3N3yaYZv3G+RzKNFI1VX7AgMBAAE=
-----END RSA PUBLIC KEY-----
+
-----END RSA PUBLIC KEY-----
  
  
Line 248: Line 248:
 
   bgp log-neighbor-changes
 
   bgp log-neighbor-changes
 
   bgp bestpath as-path confed
 
   bgp bestpath as-path confed
 +
  network 10.4.2.0/24
 
   network 10.112.0.0/13
 
   network 10.112.0.0/13
 
   network 10.120.0.0/14
 
   network 10.120.0.0/14
Line 255: Line 256:
 
   neighbor ff-peers update-source 10.207.0.9
 
   neighbor ff-peers update-source 10.207.0.9
 
   neighbor ff-peers soft-reconfiguration inbound
 
   neighbor ff-peers soft-reconfiguration inbound
   neighbor ff-peers distribute-list hamburg-out out
+
   neighbor ff-peers distribute-list hamburg4out out
    
+
   neighbor ff-peers prefix-list bgp4in in
 +
 
   neighbor 10.207.0.1 remote-as 65041
 
   neighbor 10.207.0.1 remote-as 65041
 
   neighbor 10.207.0.1 peer-group ff-peers
 
   neighbor 10.207.0.1 peer-group ff-peers
   neighbor 10.207.0.1 description leipzig1
+
   neighbor 10.207.0.1 description Leipzig1
 
    
 
    
 
   neighbor 10.207.0.2 remote-as 65041
 
   neighbor 10.207.0.2 remote-as 65041
 
   neighbor 10.207.0.2 peer-group ff-peers
 
   neighbor 10.207.0.2 peer-group ff-peers
   neighbor 10.207.0.2 description leipzig2
+
   neighbor 10.207.0.2 description Leipzig2
 
    
 
    
 
   neighbor 10.207.0.3 remote-as 65042
 
   neighbor 10.207.0.3 remote-as 65042
Line 299: Line 301:
 
   neighbor 10.207.0.13 remote-as 65046
 
   neighbor 10.207.0.13 remote-as 65046
 
   neighbor 10.207.0.13 peer-group ff-peers
 
   neighbor 10.207.0.13 peer-group ff-peers
   neighbor 10.207.0.13 description halle1
+
   neighbor 10.207.0.13 description Halle1
 
    
 
    
 
   neighbor 10.207.0.14 remote-as 65046
 
   neighbor 10.207.0.14 remote-as 65046
 
   neighbor 10.207.0.14 peer-group ff-peers
 
   neighbor 10.207.0.14 peer-group ff-peers
   neighbor 10.207.0.14 description halle2
+
   neighbor 10.207.0.14 description Halle2
 
    
 
    
 
   neighbor 10.207.1.1 remote-as 35492
 
   neighbor 10.207.1.1 remote-as 35492
Line 317: Line 319:
 
   address-family ipv6
 
   address-family ipv6
 
   network 2001:6f8:982::/48
 
   network 2001:6f8:982::/48
  network 2001:6f8:982:801a::/64
 
 
   network 2001:6f8:1300::/48
 
   network 2001:6f8:1300::/48
 +
  neighbor ff-peers activate
 +
  neighbor ff-peers soft-reconfiguration inbound
 +
  neighbor ff-peers distribute-list hamburg6out out
 +
  neighbor ff-peers prefix-list bgp6in in
 
   exit-address-family
 
   exit-address-family
 
  !
 
  !
  access-list access permit 127.0.0.1/32
+
  access-list access4 permit 127.0.0.1/32
  access-list access deny any
+
  access-list access4 deny any
 +
!
 +
access-list hamburg4in deny 10.207.0.0/16
 +
access-list hamburg4in deny 6.0.0.0/8
 +
access-list hamburg4in permit any
 
  !
 
  !
  access-list all deny 192.168.0.0/16
+
  access-list hamburg4out permit 10.112.0.0/13
  access-list all deny 10.112.0.0/12
+
access-list hamburg4out permit 10.120.0.0/14
  access-list all permit any
+
access-list hamburg4out permit 10.124.0.0/15
 +
  access-list hamburg4out permit 10.126.0.0/16
 +
  access-list hamburg4out permit 10.4.2.0/24
 +
access-list hamburg4out deny any
 
  !
 
  !
  access-list hamburg-in deny 10.207.0.0/16
+
  ip prefix-list bgp4in description BGP IPv4 import filter
  access-list hamburg-in permit any
+
ip prefix-list bgp4in seq 5 deny 0.0.0.0/8 le 32
 +
ip prefix-list bgp4in seq 10 deny 6.0.0.0/8 le 32
 +
  ip prefix-list bgp4in seq 100 permit any
 
  !
 
  !
  access-list hamburg-out permit 10.112.0.0/13
+
  ipv6 access-list access6 permit ::1/128
access-list hamburg-out permit 10.120.0.0/14
+
  ipv6 access-list access6 permit 2001:6f8:982::/48
  access-list hamburg-out permit 10.124.0.0/15
+
  ipv6 access-list access6 permit 2001:6f8:1300::/48
  access-list hamburg-out permit 10.126.0.0/16
+
  ipv6 access-list access6 deny any
  access-list hamburg-out deny any
 
 
  !
 
  !
  ipv6 access-list access permit ::1/128
+
  ipv6 access-list hamburg6in deny 2001:6f8:982::/48
ipv6 access-list access permit 2001:6f8:982::/48
+
  ipv6 access-list hamburg6in deny 2001:6f8:1300::/48
  ipv6 access-list access permit 2001:6f8:1300::/48
+
  ipv6 access-list hamburg6in permit any
  ipv6 access-list access deny any
 
 
  !
 
  !
  ipv6 access-list hamburg-in deny 2001:6f8:982::/48
+
  ipv6 access-list hamburg6out permit 2001:6f8:982::/48
  ipv6 access-list hamburg-in deny 2001:6f8:1300::/48
+
  ipv6 access-list hamburg6out permit 2001:6f8:1300::/48
  ipv6 access-list hamburg-in permit any
+
  ipv6 access-list hamburg6out deny any
 
  !
 
  !
  ipv6 access-list hamburg-out permit 2001:6f8:982::/48
+
  ipv6 prefix-list bgp6in description BGP IPv6 import filter
  ipv6 access-list hamburg-out permit 2001:6f8:1300::/48
+
  ipv6 prefix-list bgp6in seq 5 deny ::/0 le 128
ipv6 access-list hamburg-out deny any
 
 
  !
 
  !
 
  line vty
 
  line vty
   access-class access
+
   access-class access4
   ipv6 access-class access
+
   ipv6 access-class access6
 
  !
 
  !
 +
end
 +
  
 
=== Sonstiges ===
 
=== Sonstiges ===

Revision as of 17:38, 9 July 2007

Dieser Node besteht momentan aus einem Soekris 4501 Board und soll die Verbindung zwischen den einzelnen Funkwolken in Hamburg und Freifunk Initiativen in anderen Staedten herstellen. Als VPN Software wird Tinc-VPN eingesetzt, wobei allerdings in Zukunft vermutlich auch andere VPN Protokolle unterstuetzt werden koennen. Eine kleine Hilfestellung auf Basis von OpenWRT kann man hier finden: Freifunk:IP:VPN_Connect

Leipzig hat fuer das IC-VPN ein Looking-Glass installiert, damit man das BGP aus der Leipziger Sicht anschauen kann.


Interfaces

Hier eine kurze Uebersicht ueber die verschiedenen Netzwerk-Interfaces.

eth0

Das eth0 Interface ist momentan noch ungenutzt.

Interface Name: eth0
IP Adresse    : none
Hostname      : none
Description   : not used yet
Bandwidth     : 0bit

eth1

Das eth1 Interface ist zwar up, wird aber in der Regel ebenfalls nicht genutzt.

Interface Name: eth1
IP adresse    : 193.158.228.140
Hostname      : none
Description   : secondary uplink
Bandwidth     : 1500kbit/s

eth2

Ueber das eth2 Interface wird momentan die ganze VPN Geschichte abgewickelt. Es ist moeglich per SSH sich einzuloggen, sofern man den dafuer noetigen Account, oder Exploit hat. Das Tinc-VPN lauscht hier auf den Ports 655 und 656.

Interface Name: eth2
IP adresse    : 62.206.27.20
Hostname      : vpn1.hamburg.freifunk.net
Description   : primary uplink
Bandwidth     : 4000kbit/s


ffhh

Dieses Interface ist fuer das Hamburger Freifunk Netz eingerichtet. Tinc-VPN setzt dieses Interface in den TAP-Modus, damit Pakete zwischen den einzelnen VPN Clients wie bei einem Switch verschickt werden koennen. Der OLSR Daemon sendet seine Pakete an die Broadcast-Adresse (10.127.255.255) ueber dieses Interface.

Interface Name: ffhh
IP Adresse    : 10.112.1.1/12
Hostname      : none
Description   : Freifunk Hamburg
Software      : tinc-vpn, olsrd
Tinc-Port     : 656

ffvpn

Fuer das InterCity-VPN wurde dieses Interface eingerichtet. Tinc-VPN setzt auch dieses Interface in den TAP-Modus und die Quagga Routing Suite kuendigt den Hamburger Freifunk IP-Bereich an entfernte BGP-Router. Wir verwenden die interne AS-Nummer 65044 fuer das BGP-Peering.

Interface Name: ffvpn
IP Adresse    : 10.207.0.9/16
Hostname      : hamburg-r1.hamburg.freifunk.net
Description   : tunnel staedtekopplung
Software      : tinc-vpn, quagga(bgpd)
Tinc-Port     : 655
AS-Number     : 65044


Konfigurationen

Tinc-VPN

Hamburger Freifunk VPN (ffhh)

ffhh/tinc.conf
AddressFamily=ipv4
Name = vpn1
PrivateKeyFile = /etc/tinc/ffhh/rsa_key.priv
Mode = Switch
PingTimeout = 30
Port = 656
BindToAddress = 62.206.27.20
Hostnames=yes
#ConnectTo = vpn2

# CCCHH
ConnectTo = lok72

# Dennis
ConnectTo = elan

# Cnud
#ConnectTo = cgre

# JensM
#ConnectTo = Stockholm


ffhh/tinc-up
#!/bin/sh
ip addr add dev $INTERFACE 10.112.1.1/12 broadcast 10.127.255.255
ip link set dev $INTERFACE up


ffhh/tinc-down
#!/bin/sh
ip link set dev $INTERFACE down
ip addr del 10.112.1.1 dev $INTERFACE


ffhh/hosts/vpn1
Address = vpn1.hamburg.freifunk.net
Cipher=blowfish
Compression=0
Digest=sha1
IndirectData=no
Port = 656
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAKVI9lNEiJ3JVDuXhsLKdqhE+k14bCM8cYaAReNrzBSDODxuLm+pPKwo
+7SgYW2/vAdnbFX689yKIs9inbQGNrakQQS/84pQ4TyN+H1dkhmxn5hweF/Ci3Qp
UxzfjeVmeH2L+ecVOgWK10aoUhfVGvCVB3UpoCT6GrQwOa8gB5vfAgMBAAE=
-----END RSA PUBLIC KEY-----
ffhh/hosts/elan
Address = elan.ainex.net
Port = 656
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALHyO9nsCFXUSlvaBRHZX4DMFTg2xvVPx2Vhtv0NPKIFeSMRNJ1tfuTN
ZhFGT0yUpl2QdCf6Xm6k6gMyEIMgeRSNDTRmm/rgli7EnCA1wEIc30BFP7MHkzx7
1oYD/jQxJIWCyjW3kH1Ui3WkZHws8rvpALcicFSBgvCk7QzYq09nAgMBAAE=
-----END RSA PUBLIC KEY-----


InterCity VPN (ffvpn)

ffvpn/tinc.conf
Name = hhvpn1
PrivateKeyFile = /etc/tinc/ffvpn/rsa_key.priv
Mode = Switch
PingTimeout = 30
#TCPOnly = yes
Port = 655
Hostnames=yes
BindToAddress = 62.206.27.20
ConnectTo = hhvpn2
ConnectTo = berlin1
ConnectTo = ffhallevpn1
ConnectTo = erfurt1
ConnectTo = leipzig1
ConnectTo = leipzig2
ffvpn/tinc-up
#!/bin/sh
ip addr add dev $INTERFACE 10.207.0.9/16 broadcast 10.207.255.255
ip link set dev $INTERFACE up
iptables -A FORWARD -i ffhh -s 10.112.0.0/12   -o ffvpn -j ACCEPT                                               # FF Hamburg -> FF Global
ffvpn/tinc-down
#!/bin/sh
ip link set dev $INTERFACE down
ip addr del 10.207.0.9 dev $INTERFACE
iptables -D FORWARD -i ffhh -s 10.112.0.0/12   -o ffvpn -j ACCEPT


ffvpn/hosts/hhvpn1
Address = vpn1.hamburg.freifunk.net
Port = 655
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAL5ld4OnWv52XD8q0MbfW+DLUe2lCaHLyf4XacwqOhjvS5RH+iAyPgIc
BZJEtmKjW+FrPRLTtJVeptlLWGJr+EE2/G3fq0/AbQDhzIT7OnqCNGrMC1YzNOZm
C8CVyiPwELdvBL+Z7j6Jq545/1zZ/H+z1EK6xuucjhwITFqMQrdxAgMBAAE=
-----END RSA PUBLIC KEY-----


ffvpn/hosts/berlin1
address = vpn-ic1.berlin.freifunk.net
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALfEgQh1Po7B5/IP57pZT0iRjY+8GVfGgkYB7dFIANk/iSWjThe9pERm
x4GGx2NNoiNoDVdUtSz41oIc65bd651G01e2A1bnFQ9qRc9rZ/S91SqpO0+KheYw
judU2Mc81XkKQ38e9rgtU/OvWOF1Hq2EOOork2cePsC8QRa9oAa5AgMBAAE=
-----END RSA PUBLIC KEY-----


ffvpn/hosts/ffhallevpn1
address = vpn1.freifunk-halle.de
address = 88.198.51.136
Port = 655
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALF/Wu4pe+f3dHeLYApHxUnOGUBzpNREUet6nDp80uWT/dph7h6Yqtz2
XMkifjDjSDnHPa1l1LwWFXkTKVQLH4lUrDuadXMU+BSEJWO36vg/A9E3AjbzoTA7
RY6Gzx+FOXqTGOtqzEPMLkBGTrslerpw9JzfCgLlxLLCXg8Tri8ZAgMBAAE=
-----END RSA PUBLIC KEY-----
ffvpn/hosts/erfurt1
address = t35thr.dyndns.org
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAMB63H0OfUEUPoWPbM3tCCHQm+N9f8z0GDc7+fk+/8x09CuW6xmpfdm6
vYrR6ceUsjRUhT/cIO6PhF3bUnaI7otAXHDSK4idvq99Z0miEvHWpJ9W0ZnbuUa4
UeBJP0yCZLL4su7IPpdBWToPrgBHy43CAEnwdEHkp5iKE7zFscaPAgMBAAE=
-----END RSA PUBLIC KEY-----
ffvpn/hosts/leipzig1
Address = vpn1.leipzig.freifunk.net
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAKL7eWHmD2Rn6IP7JlSWtkphokN785g8nccBmfcjbwEwiZv+EFaVoid/
0dPfvHaX0GaQGOhpef3PVHEbIMuU8dD9+7WbXO3+hUSIAfHoIdGK7n8qFtzTpzqn
HAWcgneIE+sZVZRKC0B3VyQ8XujHuLCrQYkjRmVzvbb4cSzE+YhxAgMBAAE=
-----END RSA PUBLIC KEY-----
ffvpn/hosts/leipzig2
Address = vpn2.leipzig.freifunk.net
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALf6n7zN7GDf50k4F1+JbOde/7WGKc8HtaCNyIV93PeSFz1IiGpf8Vnn
9xGl64X+5i07gH9l81Cx2/cgSqY3XYSTCVrCCaAJN5jnoQbubfQTojx/e0ZKDXeO
WVtjm6Y+TcqBLJ2TRAxmtyc3VX5VBfU3N3yaYZv3G+RzKNFI1VX7AgMBAAE=
-----END RSA PUBLIC KEY-----


Quagga

InterCity-VPN

bgpd.conf
!
! Zebra configuration saved from vty
!   2007/04/19 08:19:20
!
hostname bgpd@vpn1.hamburg.freifunk.net
password 8 pophase
enable password 8 blasehase
log file /var/log/bgpd.log informational
log syslog informational
service advanced-vty
service password-encryption
banner motd file /etc/issue.net
!
!debug bgp events
!
bgp multiple-instance
!
router bgp 65044
 bgp router-id 10.207.0.9
 bgp log-neighbor-changes
 bgp bestpath as-path confed
 network 10.4.2.0/24
 network 10.112.0.0/13
 network 10.120.0.0/14
 network 10.124.0.0/15
 network 10.126.0.0/16
 neighbor ff-peers peer-group
 neighbor ff-peers update-source 10.207.0.9
 neighbor ff-peers soft-reconfiguration inbound
 neighbor ff-peers distribute-list hamburg4out out
 neighbor ff-peers prefix-list bgp4in in

 neighbor 10.207.0.1 remote-as 65041
 neighbor 10.207.0.1 peer-group ff-peers
 neighbor 10.207.0.1 description Leipzig1
 
 neighbor 10.207.0.2 remote-as 65041
 neighbor 10.207.0.2 peer-group ff-peers
 neighbor 10.207.0.2 description Leipzig2
 
 neighbor 10.207.0.3 remote-as 65042
 neighbor 10.207.0.3 peer-group ff-peers
 neighbor 10.207.0.3 description Weimar1
 
 neighbor 10.207.0.4 remote-as 65042
 neighbor 10.207.0.4 peer-group ff-peers
 neighbor 10.207.0.4 description Weimar2
 
 neighbor 10.207.0.5 remote-as 65040
 neighbor 10.207.0.5 peer-group ff-peers
 neighbor 10.207.0.5 description Berlin1
 
 neighbor 10.207.0.6 remote-as 65040
 neighbor 10.207.0.6 peer-group ff-peers
 neighbor 10.207.0.6 description Berlin2
 
 neighbor 10.207.0.7 remote-as 65043
 neighbor 10.207.0.7 peer-group ff-peers
 neighbor 10.207.0.7 description Erfurt1
 
 neighbor 10.207.0.8 remote-as 65043
 neighbor 10.207.0.8 peer-group ff-peers
 neighbor 10.207.0.8 description Erfurt2
 
 neighbor 10.207.0.11 remote-as 65045
 neighbor 10.207.0.11 peer-group ff-peers
 neighbor 10.207.0.11 description Stuttgart1
 
 neighbor 10.207.0.12 remote-as 65045
 neighbor 10.207.0.12 peer-group ff-peers
 neighbor 10.207.0.12 description Stuttgart2
 
 neighbor 10.207.0.13 remote-as 65046
 neighbor 10.207.0.13 peer-group ff-peers
 neighbor 10.207.0.13 description Halle1
 
 neighbor 10.207.0.14 remote-as 65046
 neighbor 10.207.0.14 peer-group ff-peers
 neighbor 10.207.0.14 description Halle2
 
 neighbor 10.207.1.1 remote-as 35492
 neighbor 10.207.1.1 peer-group ff-peers
 neighbor 10.207.1.1 description Wien1
 
 neighbor 10.207.1.2 remote-as 35492
 neighbor 10.207.1.2 peer-group ff-peers
 neighbor 10.207.1.2 description Wien2
 
 distance bgp 150 150 150
!
 address-family ipv6
 network 2001:6f8:982::/48
 network 2001:6f8:1300::/48
 neighbor ff-peers activate
 neighbor ff-peers soft-reconfiguration inbound
 neighbor ff-peers distribute-list hamburg6out out
 neighbor ff-peers prefix-list bgp6in in
 exit-address-family
!
access-list access4 permit 127.0.0.1/32
access-list access4 deny any
!
access-list hamburg4in deny 10.207.0.0/16
access-list hamburg4in deny 6.0.0.0/8
access-list hamburg4in permit any
!
access-list hamburg4out permit 10.112.0.0/13
access-list hamburg4out permit 10.120.0.0/14
access-list hamburg4out permit 10.124.0.0/15
access-list hamburg4out permit 10.126.0.0/16
access-list hamburg4out permit 10.4.2.0/24
access-list hamburg4out deny any
!
ip prefix-list bgp4in description BGP IPv4 import filter
ip prefix-list bgp4in seq 5 deny 0.0.0.0/8 le 32
ip prefix-list bgp4in seq 10 deny 6.0.0.0/8 le 32
ip prefix-list bgp4in seq 100 permit any
!
ipv6 access-list access6 permit ::1/128
ipv6 access-list access6 permit 2001:6f8:982::/48
ipv6 access-list access6 permit 2001:6f8:1300::/48
ipv6 access-list access6 deny any
!
ipv6 access-list hamburg6in deny 2001:6f8:982::/48
ipv6 access-list hamburg6in deny 2001:6f8:1300::/48
ipv6 access-list hamburg6in permit any
!
ipv6 access-list hamburg6out permit 2001:6f8:982::/48
ipv6 access-list hamburg6out permit 2001:6f8:1300::/48
ipv6 access-list hamburg6out deny any
!
ipv6 prefix-list bgp6in description BGP IPv6 import filter
ipv6 prefix-list bgp6in seq 5 deny ::/0 le 128
!
line vty
 access-class access4
 ipv6 access-class access6
!
end


Sonstiges

/etc/issue.net

   ,----------------------------------------------------------------------.
   |                                                                      |
   | Unauthorized use of this system is prohibited and may be prosecuted  |
   | to the fullest extent of law. By using this system, you implicitly   |
   | agree to monitoring by system management and law enforcement         |
   | authorities. If you do not agree with these terms,                   |
   | DISCONNECT NOW!                                                      |
   |                                                              ;-p     |
   `----------------------------------------------------------------------^