After more than a week, I have Internet in my apartment. Until now, I was subsisting on my phone’s data plan.
Here is how I seem to have to connect to the Internet in ZJU residences (and I think elsewhere on campus):
- My netbook doesn’t have a built-in Ethernet port, but came with a USB ethernet dongle. Plug it in.
- Plug an ethernet cable into the wall jack (not the one on the side of the room close to my computer, the other one).
- Manually set an IP address that was given to me by someone in a residence office and is linked to my hardware (MAC) address. It took a week to get this, because everyone was on vacation. It took overnight to activate it once it was assigned to me.
At this point, I can access an utterly nonsensical collection of sites that are perhaps whilelisted somehow. These include SFU’s web server, google.com.hk, and this site, but not SFU Connect or Renren. These connections seem to be HTTP only, so probably no easy way to tunnel through.
- Connect to a campus VPN server over IPSEC.
- Log in to the IPSEC layer with a campus VPN username/password. I don’t have one of these, and nobody seems to know how to get me one. Luckily, someone was kind enough to lend me theirs.
- The VPN server with tunnels over L2TP. This provides Internet access that is as complete as one might reasonably hope in the current locale.
Even given the national demand to keep track of who accesses what, there is at least one layer too many in there. There’s some crazy design-by-committee going on to think of all that. Can anyone spot the weak point?
Those last three steps are supported in Windows only, and early attempts to get the VPN working in Linux have failed. There is also a campus proxy server that can be accessed without the VPN, but it seems to use some entirely different account and I can’t log into it.
Thus my proposed further steps may be:
- Open a virtual machine running Linux in Windows. Let the VM’s network magic bridge the Windows network into the VM.
- Probably use sshuttle or similar to secure the whole stack back to a host I trust. There are too many moving parts and possible points of privacy loss in there.
- Internet.
So that’s about 8 steps between my computer and some Internet. Any bets on the fraction of the time all of those actually work?
February 26th, 2013 at 10:58 am
You forgot the step where a middle-man hand-delivers your packets, one at a time, via bicycle.
Oh, if you’ve ever seen the Shenzhen packet market come end of quarter, it’s a marvel.
February 26th, 2013 at 12:06 pm
Yeah… one of the reasons Andrew, Kaylyn, and I moved off campus was for better/easier to access internet. I think Andrew figured out how to connect through Linux, I’ll ask him to contact you.
Oh, the username/password for us was our ZJU student number and the last 5 digits of our passport. One of the slips of paper they gave you should have that on there, probably handwritten. Also, when logging in, you might have noticed you need to put @d or @a or something… it’s specific to your campus (Zijingang has a different domain suffix).
Also, don’t be surprised if one day you go to log in, and there is an IP conflict. This is usually due to a long chain of someone losing their IP address and then manually entering another.