1. Basic informations

The network of the Department of Applied Computer Science and the Institute of Physics is a part of Toruń’s urban computer network TORMAN.

1.1 Administrators

• Paweł Binnebesel (email: operator@fizyka.umk.pl, tel. 3265) is responsible for:
  1. supervision over the functioning of the local computer network
  2. supervision over sign and graphic terminals
  3. help in the installation and configuration of computers with Windows (connection to the local computer network, installation of an antivirus program, configuration of the firewall, etc.)
• Jacek Kobus (tel. 3266), Mariusz Piwiński (tel. 3341), Szymon Śmiga (tel. 3277) i Sławomir Zelek (tel. 3295) (email: operator@fizyka.umk.pl) are responsible for:
  1. supervision over servers and services (e-mail, www, ftp, DHCP, DNS, samba, firewall, MySQL databases) service of employee and student accounts
  2. supervision over the operation of the local network installation and maintenance of software
  3. supervision over the functioning and development of the local computer network (including the approval of the location of new connections)
  4. supervision over the connection of a local computer network to the TORMAN (Internet) network

1.2 Servers and services

• Mail servers for the staff, doctoral students and students are managed by UCI. In order to facilitate the distribution of mail to whole groups of users, a number of special addresses can be used, such as students-ifiz or PhD students-ifiz (in the domain @listy.umk.pl); more on the Group Mail addresses page.
• www.fizyka.umk.pl: www server
• samba.fizyka.umk.pl: samba server
• application servers: polon/tor (CentOS 7), uran (CentOS Stream 9), neptun (Fedora36)
  All IF and KIS employees, PhD students and WFAiIS students have access to these servers. After logging on to any of these machines, the user has access to his home directory. These servers are available from anywhere on the Internet via OpenVPN for holders of relevant certificates (see section 1.5)
• ameryk.fizyka.umk.pl: access server: ssh (port 22) ,. ameryk acts as an access server, i.e. people who have access to application servers can log in to it using ssh (possibly clients such as putty for Windows) from ANY location in the world. For transferring files, use the scp program (pscp for Windows users). The americ server allows access only to your own home directory. From this server you can not log in to any machine in the local network.
• moodle.umk.pl/WFAIIS: the Moodle e-learning system is designed to support the classes held at WFAiIS.

The local computer network is connected to the TORMAN network with a bandwidth of 2 Gb/s. Network devices work in the 100/1000/10000 Mb/s standard. The smooth functioning of the network, in which more than 400 hosts work, requires maintaining appropriate rigors in its expansion and connecting new computers. Therefore, any changes and expansion of the network must be agreed and approved by the administrators before they are directed for implementation.

1.3 Changing the password

In order to change the password, please use the website at https://hel.fizyka.umk.pl/cgi-bin/passwd. On faculty servers, the password is updated four times a day (by 2, 8, 14 and 20). For security reasons, access to this site is only possible from computers working on the local computer network. Anyone who has an account and can register via ssh on the server ameryk.fizyka.umk.pl can access this page by following the following instructions:

• in the browser, enable proxy support via the SOCKS protocol, directing traffic to 127.0.0.1 and port 1080
• as a regular user, execute the command ‘ssh -D 1080 user@ameryk.fizyka.umk.pl‘

The ‘-D’ option used above is responsible for using the so-called ssh dynamic port forwarding.

1.4 Access to the faculty account (with a shell) for students

At the beginning of the academic year 2006/2007, student accounts on the servers of our faculty are not founded independently, but are closely related to the accounts on the university student server. Therefore, in order to gain access to departmental servers it is necessary to first set up an account on the university server using the Account creation form. In addition to the account on the central server, an additional account (with the same identifier and password) is created on the departmental server and becomes available the next day.

1.5 Access to local network resources via OpenVPN

Due to security considerations the access to servers running in the local network (general servers and workgroup servers) is restricted by the proper confguration of the firewall.
The most convenient and secure access to local network resources is provided by the OpenVPN system. In order to use the system, the user should install on his computer the OpenVPN client software and obtain certificates.

Employees and doctoral students shoud contact the administrator of the system to receive the certificates (email: operator@fizyka.umk.pl).

Students must submit an application (OpenVPN-application) to the WFAiIS Dean’s Office in order to obtain the certificates.

Certificates together with the configuration files (for Windows and Linux/MacOS) are placed in the openvpn subdirectory of the user’s home directory.

By default, an OpenVPN client uses the UDP communication protocol to connect to the OpenVPN server. Unfortunately, often in public places access to the IF+KIS LAN is difficult since the Internet connection is only available via HTTP and HTTPS protocols. In order to circumvent this limitation, you need to start the OpenVPN client using client4tcp.conf instead of client.conf configuration file.

For Windows (Linux) users, the contents of the file should be unziped in the c:Users(profile)OpenVPNconfig directory (/etc/openVPNconfig). From now on, you can establish an OpenVPN connection using the new “client4tcp” configuration.

Using OpenVPN over TCP is also recommended in case of the unstable/poor connection.

Installing and running the OpenVPN service requires the administrative privileges (Windows – administrator, Linux – root).

Windows users can start the OpenVPN client in the graphical mode, and then by right-clicking on the OpenVPN icon in the taskbar, indicate the client (configuration) and select “connect”. As the administrator you can also run in the console mode start.bat script (located in the appropriate OpenVPN directory). In both cases, after the connection is established, a new logical interface should be created and new entries in the routing table added. This can be verified by running the following commands in console mode (cmd): ipconfig/all and netstat -r. In case of routing tables you should see extra routes to networks 158.75.104.0 and 158.75.4.0. When the OpenVPN client is stopped these entries are automatically removed.

1.6 Access to Internet via Eduroam

Since April 2005, the Eduroam wireless network has been operating on the Nicholaus Copernicus University. It enables authenticated access to the Internet in many scientific institutions in Poland and around the world, including the Institute of Physics premises. Due to the size of the building and its construction (thick reinforced walls), as well as the limited number of access points, the radio signal of adequate quality is available only in frequently used open spaces (the entrance hall, the main corridors and the bar) and large lecture halls (S20 and S26). If the radio signal quality in other areas is unsatisfactory, employees should connect
their computers directly to the cable infrastructure of the local area network (see Section 1.7).

In the case of employees, connecting a computer to the Eduroam network requires the installation of a special certificate.

Students connect their computers to this network by authenticating themselves through their ID and password, which they use when registering on departmental servers (http://eduroam.umk.pl/studenci/instalacja/). More information on the access mode and hardware configuration can be found at http://eduroam.umk.pl/studenci/.

Connecting the computer to the Eduroam network allows unrestricted access to the Internet, but it does not allow access to the resources of the local computer network (except access to the server http://www.fizyka.umk.pl and to your account on the server ameryk). Such access can be obtained only after obtaining the appropriate certificate and installing the OpenVPN system (see the previous item). To this end, students must apply to the dean’s office of WFAiIS with the application signed (OpenVPN-application), which will be the basis for issuing the certificate, which, together with the OpenVPN service configuration file (for Linux and Windows) will be placed in the openvpn subdirectory of the user’s home directory.

1.7 Registration and configuration of a new computer (new network card)

A new computer can utilise the cable local network provided it can aquire a separate IP number from a DHCP server. To this end the computer must be registered beforehand by sending an email to operator@fizyka.umk.pl with information about the computer’s location, its administrator and its network card’s hardware address (so called MAC address, i.e. 1A:60:19:07:1A:F0). When a network card is swapped for another one MAC addresses of both the cards should be provided.

1.8 Antivirus program

WFAiIS employees can use the Eset Smart Security antivirus software; see http://www.uci.umk.pl/pracownicy/esetsmartsecurity/.

1.9 Publishing WWW pages on UCI servers

Staff and students have the opportunity to publish their websites on the UCI servers. Details are available at the link.