Freifunk freedom fighter box
Aus wiki.freifunk.net
Zur Navigation springenZur Suche springenBrief summary
The "Freifunk-Freedom-Fighter-Box" is a WiFi router running a customized firmware having a VPN-tunnel configured. It gets connected to an existing internet connection and opens a WiFI network with internet connection named "*.anon.freifunk.net". All internet traffic gets routed via the VPN. That way the so called "liability for interference" or "stoerhaftung" - which would affect the provider of the network - does not apply.
Version
The most recent version of the FFFB firmware:
Version 0.23
The version covers:
- OpenWrt: trunk, svn-revision: 32343
- feeds: luci, svn-revision: 8703
- as well as a set of configuration files ([Files]).
Hardware / VPN-Provider
The configuration running on those very 'Freifunk-Freedom-Fighter-Boxes' we distribute in Berlin is partially hardware and VPN-provider dependendant. Those should however be easy to adjust fitting other hardware / VPN-providers.
Hardware as well as VPN-connections we're using on the original FFFBs are:
The hardware we're using: Airties WAV-281
VPN-provider we're using: IPredator
Software
Basically everything we need got committed / has already been in OpenWrt upstream - this includes:
- VPN client (OpenVPN, IPSec, PPtP, etc.)
- Traffic limiting / shaping / quality of service (tc)
- Splashpage (nodogsplash)
- Webinterface for ease-of-use (luci, incl. modules for all relevant components)
- statistics (collectd)
What got added to the image for the Freedom-Fighter-Box:
- special set of firewall rules to force traffic not going anywhere else but through the VPN network
- special network config to split the 4 port-switch ports into VLANed ports, as in:
- Port 1 and 2: INET (internet)
- the port an DHCP client is running on aquiring an existing internet connection
- Port 3: VPN port which
- meant as "public interface"
- provides 10.42.42.X subnet via DHCP
- serves the splashpage
- routes everything through the VPN
- access to the router itself (SSH/webinterface) is forbidden
- bridged with the Wifi-interface
- Port 4: MGMT (management) port
- provides 172.23.23.X subnet via DHCP
- management router via 172.23.23.1
- allows access to the router via telnet/SSH and Web Interface
- Port 1 and 2: INET (internet)
Do It Yourself
Sections in this tutorial which depend on the hardware / VPN-provider are marked respectively.
Values you should adjust to your needs are marked yellow.
In this tutorial we're assuming you have a device containing a switch which ports can be configured as VLANs.
TODO: should be fairly easy to port this guide to fit devices with just 1 ethernet port
config files
OpenWrt .config
This config creates an image for the Airties WAV-281. It gets about 3.5MB in size and therewith fits perfectly in the 4MB flash on the device.
Freifunk freedom fighter box/.config
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'eth0'
option vlan '1'
option ports '0 5t' # port 4 (MGMT)
config switch_vlan
option device 'eth0'
option vlan '2'
option ports '1 5t' # port 3 (VPN)
config switch_vlan
option device 'eth0'
option vlan '3'
option ports '3 2 5t' # port 1-2 (INET)
config interface 'mgmt'
option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option ipaddr '172.23.23.1'
option netmask '255.255.255.0'
config interface 'anon'
option ifname 'eth0.2'
option type 'bridge'
option proto 'static'
option ipaddr '172.42.42.1'
option netmask '255.255.255.0'
config interface 'wan'
option ifname 'eth0.3'
option proto 'dhcp'
/etc/config/dhcp
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0
option localise_queries 1
option rebind_protection 1
option rebind_localhost 1
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
# DNS server, reachable from the 'outside', used only for 'ap.nat.openvpn.ipredator.se'
list server '/ap.nat.openvpn.ipredator.se/208.67.220.220'
list server '/ap.nat.openvpn.ipredator.se/194.150.168.168'
# DNS server, reachable within the IPredator network only, for everything else
list server '/#/93.182.182.93'
list server '/#/93.182.132.32'
option noresolve 1
#option nonwildcard 1
config dhcp mgmt
option interface mgmt
option start 100
option limit 150
option leasetime 12h
config dhcp anon
option interface anon
option start 100
option limit 150
option leasetime 12h
config dhcp wan
option interface wan
option ignore 1
/etc/config/openvpn
If you are using OpenVPN:
package openvpn
config openvpn
option enabled 1
option config /etc/openvpn/vpn.conf
ToDo: Examples for PPtP, IPsec, etc.
/etc/openvpn/vpn.conf
If you are using OpenVPN:
client
dev tun
proto udp
fast-io
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
fragment 1440
mssfix 1440
nobind
remote ap.nat.openvpn.ipredator.se 1195
keepalive 10 30
#comp-lzo
tls-client
tls-auth /etc/openvpn/vpn.ipredator.se.auth
ns-cert-type server
ca /etc/openvpn/vpn.ipredator.se.ca
cert /etc/openvpn/vpn.ipredator.se.crt
key /etc/openvpn/vpn.ipredator.se.key
cipher AES-128-CBC
tls-cipher TLSv1:!ADH:!SSLv2:!NULL:!EXPORT:!DES:!LOW:!MEDIUM:@STRENGTH
mute 10
pull
route-nopull
# Set default gateway to VPN endpoint (route all traffic through VPN)
redirect-gateway def1
/etc/resolv.conf
nameserver 127.0.0.1
/etc/config/firewall
config include
option path /etc/firewall.user
/etc/firewall.user
inet=eth0.3 anon=tun0 vpn=br-anon mgmt=br-mgmt match_vpn_out="-p udp --sport 1024: --dport 1195" match_vpn_in="-p udp --sport 1195 --dport 1024:" match_tcp_new="-p tcp -m conntrack --ctstate NEW" match_tcp_related="-p tcp -m conntrack --ctstate RELATED,ESTABLISHED" match_dhcp_client="-p udp --dport 67 --sport 68" match_dhcp_server="-p udp --dport 68 --sport 67" match_dns_request="-p udp --sport 1024: --dport 53" match_dns_reply="-p udp --sport 53 --dport 1024:" # CLEAR IPTABLES iptables -t filter -F iptables -t filter -X iptables -t nat -F iptables -t nat -X iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # FORWARDING POLICIES # forwarding for inet users iptables -A FORWARD -i $inet -o $mgmt -j ACCEPT iptables -A FORWARD -o $inet -i $mgmt -j ACCEPT # forwarding for anon users iptables -A FORWARD -i $anon -o $vpn -j ACCEPT iptables -A FORWARD -o $anon -i $vpn -j ACCEPT # ROUTER FIREWALL # allow local communication iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # allow icmp to router from everywhere iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT # allow router access from mgmt iptables -A INPUT -i $mgmt -j ACCEPT iptables -A OUTPUT -o $mgmt -j ACCEPT # allow router access from vpn iptables -A INPUT -i $anon -j ACCEPT iptables -A OUTPUT -o $anon -j ACCEPT # allow vpn tunnel on inet iptables -A INPUT -i $inet $match_vpn -j ACCEPT iptables -A OUTPUT -o $inet $match_vpn -j ACCEPT # allow dhcp client on inet interface iptables -A INPUT -i $inet $match_dhcp_server -j ACCEPT iptables -A OUTPUT -o $inet $match_dhcp_client -j ACCEPT # allow dhcp server on vpn iptables -A INPUT -i $vpn $match_dhcp_client -j ACCEPT iptables -A OUTPUT -o $vpn $match_dhcp_server -j ACCEPT # allow dhcp server on mgmt iptables -A INPUT -i $mgmt $match_dhcp_client -j ACCEPT iptables -A OUTPUT -o $mgmt $match_dhcp_server -j ACCEPT # allow dns client on inet interface iptables -A INPUT -i $inet $match_dns_reply -j ACCEPT iptables -A OUTPUT -o $inet $match_dns_request -j ACCEPT # allow dns server on mgmt interface iptables -A INPUT -i $mgmt $match_dns_request -j ACCEPT iptables -A OUTPUT -o $mgmt $match_dns_reply -j ACCEPT # allow dns server on vpn interface iptables -A INPUT -i $vpn $match_dns_request -j ACCEPT iptables -A OUTPUT -o $vpn $match_dns_reply -j ACCEPT iptables -A OUTPUT -o $vpn -p tcp --sport 22 --dport 1024: -j ACCEPT # allow router tcp connections iptables -A OUTPUT $match_tcp_new -j ACCEPT iptables -A OUTPUT $match_tcp_related -j ACCEPT iptables -A INPUT $match_tcp_related -j ACCEPT # reject disallowed tcp properly iptables -A INPUT $match_tcp_new -j REJECT --reject-with tcp-reset # NAT / MASQUERADING # set up NAT for everything going through the uplink interfaces iptables -t nat -A POSTROUTING -o $anon -j MASQUERADE iptables -t nat -A POSTROUTING -o $inet -j MASQUERADE
/etc/config/qos
config interface 'anon'
option classgroup 'Default'
option enabled '1'
option download '500' # actual UPload on the client in KBit/s
option upload '2000' # actual DOWNload on the client in KBit/s
config classgroup 'Default'
option classes 'Priority Express Normal Bulk'
option default 'Normal'
config class 'Priority'
option packetsize '400'
option maxsize '400'
option avgrate '10'
option priority '20'
config class 'Priority_down'
option packetsize '1000'
option avgrate '10'
config class 'Express'
option packetsize '1000'
option maxsize '800'
option avgrate '50'
option priority '10'
config class 'Normal'
option packetsize '1500'
option packetdelay '100'
option avgrate '10'
option priority '5'
config class 'Normal_down'
option avgrate '20'
config class 'Bulk'
option avgrate '1'
option packetdelay '200'
/etc/nodogsplash/htdocs/splash.html
<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>$gatewayname</title> <meta http-equiv="refresh" content="1; URL=$authtarget" /> </head> <body style="background-color: black; font-family: Verdana"> <p align="center"> <img src="data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAfMAAAFnAgMAAADPlkiNAAAAAXNSR0IArs4c6QAAAAlQTFRFAABn 3ixn/8wsrIkrBwAAAAF0Uk5TAEDm2GYAAA2FSURBVHja1Z1LcuyoEobFiWDieW6iVsHdAR0h9lNL 8dDhVd62T5VK5IN8gOzoGtoSH5l/gsRDybat/LXv3779wi+316/8MDu1/vdrhv+4+dDor/4m/Mfw PPyH8LlJv/Lz0f6zkT+AX9/xwIh+tfS5jX/l1/x+ue810y81PjX991shd3HgWUy/zngw0etvmn6V 8WCk1980/RrjwUyvv2n6FcaDg15/vIe/tLfPHvry3t4FX2188tHb78Xc+rhzwte6PnvpS+MO3PR6 ecwZ/nmZ45XKlSsdX30XrHV80b3zk3MF180ngKXgfJHrk61cuMb12diPXeN6MNqULnG92aR8QV/v KPMC14O9yLze9Z4SYbXrk6cZpdVtLrucCYuFB5c1abHwzuJgqfDJKWRaKnz2ehJWCj8qDDj35pXC yzJmgbFQ+CSaDpK+eZ3wYlHycy+tEx4EEUdvcbBMeMEOeP0lEYXzKuETX1DuzcVWrhI+s05M2Ke5 dw0sEh5YK6igubsgLRKedXxmCu3/tkZ43gi2TDgbD0uET1wpmS/yXKe0hJ4ZDyYhlLq/Lwk7YBwP UiTlUxVhRdhxJsjOPF2VF4RdYsrIsi/TydAFwmfGfyNj4IWCeeEzLSKPSjsZn+fpQN031vFlfJoP Oyp7Gpty+vd02DH1B6Ws1/9hNuwS1U7zYz5YeZZOC8hqUUf10mzYAZEO1BDKx7WzYQfkft2OdHgH JsOO+C4bCjrck+foicgOBiceNUxzYUcrbyrnuGgu7MhIKZl8eDgIpujkbjBF7+H6PBX0RDejgHTV YJ+h7x7Hf7mo8AXEQv5oQtUYL0T4BXQwRs/hoxl6xkFndiA0oYRQyD9NquZ6F957Efrel2lxfUVh V+MhX3t/Wm7deQMm6I4inhWN0xMKmeRw31OkHA56fGd2BO6zpikc9Bl5DTz1f94UpmPNXNo9qxoO euhvTK4CnjJBlI6cll3Oe9Y1R4Me0cEXtg9clJ5QyIPv/sflKdjk0kzQfRmNPDjV4JIzbp5hEmxy uY/W7Lz9WVuI0QGHvDdod86IIB28TQam6Chc3N3Fw1kp1uR6egrQS5yecMh7HxMJB32IXmNBd2gF ETqKFgjQ93iTy5Mhf1Q4L6AHXkrzBB1QyPuHAwkFff3P0PsGlyNzHw9epMH390CE/ojUGXqNhvxx E/jpSK3Q1MdDrkB3k6YbHG1y0eaeQpNOj7sCDT5PNzja5IqhiVeGnmNz3H/LMtH7WY4+UHNsmhcq 03yUaZJvZE+HIH030vHWMESPTbBnIx1vXawLmjtp8PtY87KRHWoPegnRk4meus6A7ldJYXrX4He5 T995HcrJhkCTK3pnlwdbsstEc3/Gy5CeGKfAis6GdDdSvIsPmZnm/rxxRGf3MeRL6IU1vYrd7lRn Q7qbwpq+KfTwEvYjYGQ6sA5B9BKkp6Z0tXwnACu6uqO7AYku7GPork+X0YX+D9G3baqzk+jSPgZY 0tHizq4Syq6/zedV9J1Qij5tkuN71GBEF/cxdE+ZGXrX2e3Y8VWh15mOVqFLju/X7SG+SSwPHjN5 /LLzdP1FdNHxh6u+13MnNsihjh45XhlD7t8bSCY2ByaZLi+nv8Lky/XX0OXl9FcD/bpmil6kR6w8 on7R05f3r6AP9jGcOubW0sxO6P4xUyyOP9Oh/e8S+mAfw4me5naBi/RBqedH4iS98vQ03hr66uWn 9t9D5V8vsmE0XzbbtjLrI7ZaZO/o6RL6qNBOpyvoyTKJU8JztP0DntCHa4uIHu/rHo/YKXpdTh/6 E9H35XRtN/Rp/Dz17UH3clMtQdc/j4f0z+P3bqDvFtkJXbz2z4t+d9DHzaijt39kP7296KMXO0Lf 7fQqx8jtgH+MXq0wvTnoRa6qJjtPVxa0EV0eRmqyS/Tiohc16DYHXRkUI7roqTdNdp6uDAwRXRzN 3DTZeXrz0aXKqrIL9GqhH/NlQu+gy44GM7ZdFJguhIku+xK6cL0uO0vX5oEovcZkZ+naXAiZJ2Xp f36Kzt7wpgcdS9felWz0mx50a+hsoHzqQcfR1RG5iW6RnaNn/VsnROfqa5Fdpb8xvqNrAwzdIjtH 72LoD1MAQ68h2VX6xjiP0umMoUl2jt4bcqMlMPQ9JLtOZ4SndDpPbZKdpZdtLDx+vnPNxCQ783zH zYe6j9LJtJlNdpbO+fCu0EtEdoaOvUiFp3TS4G2yc/SddaJCrxHZGTppPUQ+nW6U3UK/YRvQOG6j 3Y1RdmYUSfqtN6xfP4KuzAvJLUwnfTYRnqGjYPkc/O7D8Tt9XuG7OHoTZHfSmWc1Fh4uoleWjoXv 56yYheg3H72bcZde0cb0wgedk869V6HOtqcz2x8+rXSw099Zeqb0PxP0XbLgY0ivRtl7Op6jBpH+ OaKf+6jbJfS7kf45Qa9iIe/MqtCxQ3A3ys7QgVvQ/pSEV+hvdjpZk2oy/ZOjP/qHU0d/c9Dxetyr 6Yg3KvTPi+gfA3ozyh6nf/b084j3RX+z08kadDLQE7PFLMXo6Il9esiInh/T/1xFf2fp+BF7Ff3e 01tHL/4W17/WKfSPjaMD3uNn723Ifps8oL/b6H8m6INe486/VpIHvJlO9lmN6OSlVni9MD9hyQ63 Af1jTK9r6fIrNbeJ+0Q3v9s0B/3Ov9Smhl8vzO91/Rb2Kky54qEUt6fU/HJzlx4yAp1M3XD7ac0v dnf8kAHuxWowe8HtJQbrS+0dd7QK/UZ7SNrRn280juPoLm6GTqdONPq2kE5mD9j9813A2GYP6P55 hk5mTthvBzq6beaEfjsA0mzzvZvs6b7a2MnshW3WCMhXG+Js8ybTmQ3NphmzZqBT2dGHFhzdNFtI v5eh9Ju8OnH+Uqmn25bDCg5hSufKUOm2pUCdzi2NbMwXauKc2ft4sq77RqxVrZtlulqGbhA+k46W 0m+c+5gvExHdIDzzZSKhsyXodIPwBjorO/dFKn4t0YVnvkjFdFZ2C/22gi4FDPkWGNPVfQ/ct8A2 eqINXljSkMMuMR8mQoC+9fN8xo0P3DfgTnqV6Zrw3Pfvxm8w6Lf/hK4Jz33776S/NqkQuiY8l3XB SAedrgnfmE/AnfRXk4PBQvC7ocHN0OtwEfyDDbo4neY58S7Bs3lOYvR/0d7tBzixkYeeSH4bcG69 wPlttgj9CHpxICAIj0Le91kxyWskDoJ44XFeI1/+BpLTSR4AssLzOZ1i9H9V5CQbCA9sPisrneTy auLQmxWez+UVpGc2Y8RAeJw0xEcnOdy4jWmy8EION+u3tSR/HbstThReyF9npZPcfSxdFB743H3J Sz9SjpbN8Wt83kLzx3ZTGSM3IWPkz9CTSC/OJrcyV6ef/lRwSZ5SKx1liM2tzQRdcdIToRe37DRV p1W/hFOtLMnNay6k1yzvS/ISg5v+mKoM5GRucTqgUUg2e22Qjxp2L/0x/kuOTOAFhU5FE8eeJvcY 9zd7N8mV4KP3Nf8aTyzIwW5OntGnzv/+dMSZf545dMH+RfmZnr43Dszn3rfTz477fjzYurtEzx2o 5DXfQy9/65wXnLlgpp/v/o4W63kThdbeTz+H3d+WYnF9Ys7aoC89Hnp70BecM2LPHHJKOHIsLxlu Gp6xYs/Zcjpf5sgCWMyOBzYBe4S+H0OTXb1nfLaOPVMQPbYvGc4VKkT2EqIneojZ9JlKjuQdjTnb p9liTjpWyJG4hB6ElsbGZ/0sLTudOQ9r/Dk8nI/8Es4wrYGwK9Q6NlDUM9Ts3Q13et0o9Uh31pqQ hdve4LmjDwcv9vmcXECi55mgV84NZDTbw3Tu6MMsJb6E/mBFIWmeo8mxJgzOixw6zU1PXCnyWZmV 66OFaQ2n8MFzQvc19P6MVC69p+2MVNgjYYdOn93Jdfvg4cgMcEMP2cM2kta1KHX2NznhXOCE8pZ4 zgX2pOcSzkTOr7KpZ8ZnIntmv0AoCacylv5XxZlEr/BtE/G7oBabmHUPCd9XWvKKfEC4P+gHJ5pL 5zVpZ6B7EmAOD5PnzFPPf0+RdOzWBPpNPQLdEXZJL02ubRtOqHmFN9QadF9BVPjmc5V0dPMWE141 HgxChcNOUx5drMxluj1vTE4zvtYRdqhDN54fMLwUWqzFjQMvGa/Mjpmr2pox8KwiuQ5/BKPvs7ma noMvs833yR4hZuG/qtmaxaW2q1zCp7/5Qg0+NV2Ep7F12amgXMkEPjLPOt3dGtvqmMTajpZpPWb3 UUmm7H2oufZEsK1zZLQPnPes8u+w8IB3MDD2j/435/rWRFmVXzXO4m+G2MxuejFJqtSwymE1/O1W u0zq5LWm2ybbd/lBO/453Gq5AlbGnG+y3e36YmlO2iviPu7OwjFnWecAtKax1HTN9WhnV1oZc/o6 BzDzUqtiTl/nwKWktaaP1zlo1WCp6eO4o5Gblpo+XOfg/gVLTR9P9e+Gcc2M6YN1Dv4feanpovFS 1vs13dymrHOAYENe0s3xSwqbsvxgCDxn2vAsnKVVrQPqaMi9pKR/Uo+DWOH3pzWkPsU6SJ/x+1Ec qo0lTflkvHfF9evmvrmUqOhdcfUQtWwR/Bb7ZWfs5DURF5uP5PFheF9ccYg17XYUyf5tl8GmxvAj 5+dOGz6ll13w/wO2fsacnTJ/LAAAAABJRU5ErkJggg==" /> <br /> <br /> <br /> <br /> <a href="$authtarget">Continue...</a> </p> </body> </html>
/etc/nodogsplash/nodogsplash.conf
GatewayInterface br-anon
FirewallRuleSet users-to-router {
# Nodogsplash automatically allows tcp to GatewayPort,
# at GatewayAddress, to serve the splash page.
# Additional services:
FirewallRule allow udp port 53 # DNS
FirewallRule allow tcp port 53 # DNS
FirewallRule allow udp port 67 # DHCP
}
EmptyRuleSetPolicy authenticated-users passthrough
EmptyRuleSetPolicy preauthenticated-users passthrough
EmptyRuleSetPolicy trusted-users-to-router passthrough
GatewayName freifunk
MaxClients 50
ClientIdleTimeout 720
ClientForceTimeout 1440
RedirectURL https://stoerhaftung.net?gw_name=:::GW_NAME:::
GatewayName :::GW_NAME:::
/etc/init.d/setdate
Ensure configured date and time is something reasonable, so e.g. SSL connections don't fail due to invalid certificates.
#!/bin/sh /etc/rc.common
START=90
start() {
[ `date +%Y` -lt 2012 ] && date -s 20120101
}
/etc/uci-defaults/freifunk
Script which gets executed at first boot - make some device specific configurations (such as extracting MAC address and using it as part of the ESSID).
#!/bin/sh
# extract MAC address and store last 3 octets and use it as prefix for gateway name
gw_name=$(echo -n "$(uci get wireless.radio0.macaddr)" | tr '[a-z]' '[A-Z]' | sed -e 's#:##g' | tail -c 6).anon.freifunk.net
uci set wireless.radio0.disabled=0
# bridge WiFi with interface 'anon'
uci set wireless.@wifi-iface[0].network=anon
# set ESSID containing
uci set wireless.@wifi-iface[0].ssid=${gw_name}
uci commit
sed -i "s/:::GW_NAME:::/${gw_name}/g" /etc/nodogsplash/nodogsplash.conf
Medienspiegel
Announcement auf freifunkstattangst.de
http://freifunkstattangst.de/2012/06/14/aktion-gegen-storerhaftung-anonym-im-wlan-an-offentlichen-platzen-mit-freifunk/
Announcement http://blog.freifunk.net
http://blog.freifunk.net/2012/freifunkfreedomfighterbox-gegen-st%C3%B6rerhaftung-und-abmahnwahn
Video in der TagesWEBschau (ab 1:29)
http://www.tagesschau.de/multimedia/video/video1135426.html auf Grund des Rundfunkänderungsstaatsvertrag dort nicht mehr online, Kopie auf YouTube: http://www.youtube.com/watch?v=gECMLkq-0zI#t=1m29s
Artikel 1 auf taz.de
http://www.taz.de/Freies-Netz-und-Stoererhaftung/!95330/
Artikel 2 auf taz.de
http://www.taz.de/Internet-fuer-alle/!95396/
Artikel auf zeit.de
http://www.zeit.de/digital/datenschutz/2012-06/freifunk-freedom-box/seite-1
Sendemanuskript des Interviews mit Mirko im DeutschlandRadio
http://www.dradio.de/dlf/sendungen/computer/1799065/
Artikel auf Netzpolitik.org
https://netzpolitik.org/2012/freifunk-freedom-fighter-box-gegen-storerhaftung/
Artikel auf dem IT-News-Portal "heise.de"
http://www.heise.de/newsticker/meldung/Mit-der-Freifunk-Freedom-Fighter-Box-gegen-die-Stoererhaftung-1618782.html
Artikel auf dem IT-News-Portal "golem.de"
http://www.golem.de/news/freifunk-berliner-verein-verschenkt-anonyme-netzzugaenge-1206-92628.html
Artikel auf dem IT-News-Portal "winfuture.de"
http://winfuture.de/news,70330.html
Interview mit Mirko auf Radio Fritz
http://trackback.fritz.de/2012/06/23/trb-284-totgesagt-tablets-leistungsschutzrecht-gratisrouter-milenskaya/
