Freifunk freedom fighter box

Aus wiki.freifunk.net
Wechseln zu: Navigation, Suche

Brief summary

The "Freifunk-Freedom-Fighter-Box" is a WiFi router running a customized firmware having a VPN-tunnel configured. It gets connected to an existing internet connection and opens a WiFI network with internet connection named "*.anon.freifunk.net". All internet traffic gets routed via the VPN. That way the so called "liability for interference" or "stoerhaftung" - which would affect the provider of the network - does not apply.

Version

The most recent version of the FFFB firmware:

Version 0.23

The version covers:

  • OpenWrt: trunk, svn-revision: 32343
  • feeds: luci, svn-revision: 8703
  • as well as a set of configuration files ([Files]).

Hardware / VPN-Provider

The configuration running on those very 'Freifunk-Freedom-Fighter-Boxes' we distribute in Berlin is partially hardware and VPN-provider dependendant. Those should however be easy to adjust fitting other hardware / VPN-providers.

Hardware as well as VPN-connections we're using on the original FFFBs are:

The hardware we're using: Airties WAV-281

VPN-provider we're using: IPredator

Software

Basically everything we need got committed / has already been in OpenWrt upstream - this includes:

  • VPN client (OpenVPN, IPSec, PPtP, etc.)
  • Traffic limiting / shaping / quality of service (tc)
  • Splashpage (nodogsplash)
  • Webinterface for ease-of-use (luci, incl. modules for all relevant components)
  • statistics (collectd)

What got added to the image for the Freedom-Fighter-Box:

  • special set of firewall rules to force traffic not going anywhere else but through the VPN network
  • special network config to split the 4 port-switch ports into VLANed ports, as in:
    • Port 1 and 2: INET (internet)
      • the port an DHCP client is running on aquiring an existing internet connection
    • Port 3: VPN port which
      • meant as "public interface"
      • provides 10.42.42.X subnet via DHCP
      • serves the splashpage
      • routes everything through the VPN
      • access to the router itself (SSH/webinterface) is forbidden
      • bridged with the Wifi-interface
    • Port 4: MGMT (management) port
      • provides 172.23.23.X subnet via DHCP
      • management router via 172.23.23.1
      • allows access to the router via telnet/SSH and Web Interface

Do It Yourself

Sections in this tutorial which depend on the hardware / VPN-provider are marked respectively.

Values you should adjust to your needs are marked yellow.

In this tutorial we're assuming you have a device containing a switch which ports can be configured as VLANs.

TODO: should be fairly easy to port this guide to fit devices with just 1 ethernet port

config files

OpenWrt .config

This config creates an image for the Airties WAV-281. It gets about 3.5MB in size and therewith fits perfectly in the 4MB flash on the device.

Freifunk freedom fighter box/.config

/etc/config/network

config interface 'loopback'
         option ifname 'lo'
         option proto 'static'
         option ipaddr '127.0.0.1'
         option netmask '255.0.0.0'
config switch
         option name 'eth0'
         option reset '1'
         option enable_vlan '1'
config switch_vlan
         option device 'eth0'
         option vlan '1'
         option ports '0 5t' # port 4 (MGMT)
config switch_vlan
         option device 'eth0'
         option vlan '2'
         option ports '1 5t' # port 3 (VPN)
config switch_vlan
         option device 'eth0'
         option vlan '3'
         option ports '3 2 5t' # port 1-2 (INET)
config interface 'mgmt'
         option ifname 'eth0.1'
         option type 'bridge'
         option proto 'static'
         option ipaddr '172.23.23.1'
         option netmask '255.255.255.0'
config interface 'anon'
         option ifname 'eth0.2'
         option type 'bridge'
         option proto 'static'
         option ipaddr '172.42.42.1'
         option netmask '255.255.255.0'
config interface 'wan'
         option ifname 'eth0.3'
         option proto 'dhcp'

/etc/config/dhcp

config dnsmasq
        option domainneeded     1
        option boguspriv        1
        option filterwin2k      0
        option localise_queries 1
        option rebind_protection 1
        option rebind_localhost 1
        option local    '/lan/'
        option domain   'lan'
        option expandhosts      1
        option nonegcache       0
        option authoritative    1
        option readethers       1
        option leasefile        '/tmp/dhcp.leases'
        option resolvfile       '/tmp/resolv.conf.auto'
# DNS server, reachable from the 'outside', used only for 'ap.nat.openvpn.ipredator.se'
        list server             '/ap.nat.openvpn.ipredator.se/208.67.220.220'
        list server             '/ap.nat.openvpn.ipredator.se/194.150.168.168'
        # DNS server, reachable within the IPredator network only, for everything else
        list server             '/#/93.182.182.93'
        list server             '/#/93.182.132.32'
        option noresolve        1
        #option nonwildcard     1
config dhcp mgmt
        option interface        mgmt
        option start    100
        option limit    150
        option leasetime        12h
config dhcp anon
        option interface        anon
        option start    100
        option limit    150
        option leasetime        12h
config dhcp wan
        option interface        wan
        option ignore   1

/etc/config/openvpn

If you are using OpenVPN:

package openvpn
config openvpn
        option enabled 1
        option config /etc/openvpn/vpn.conf

ToDo: Examples for PPtP, IPsec, etc.

/etc/openvpn/vpn.conf

If you are using OpenVPN:

client
dev tun
proto udp
fast-io
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
fragment 1440
mssfix 1440
nobind
remote ap.nat.openvpn.ipredator.se 1195
keepalive 10 30
#comp-lzo
tls-client
tls-auth /etc/openvpn/vpn.ipredator.se.auth
ns-cert-type server
ca /etc/openvpn/vpn.ipredator.se.ca
cert /etc/openvpn/vpn.ipredator.se.crt
key /etc/openvpn/vpn.ipredator.se.key
cipher AES-128-CBC
tls-cipher TLSv1:!ADH:!SSLv2:!NULL:!EXPORT:!DES:!LOW:!MEDIUM:@STRENGTH
mute 10
pull
route-nopull
# Set default gateway to VPN endpoint (route all traffic through VPN)
redirect-gateway def1

/etc/resolv.conf

nameserver 127.0.0.1

/etc/config/firewall

config include
        option path /etc/firewall.user

/etc/firewall.user

inet=eth0.3
anon=tun0
vpn=br-anon
mgmt=br-mgmt
match_vpn_out="-p udp --sport 1024: --dport 1195"
match_vpn_in="-p udp --sport 1195 --dport 1024:"
match_tcp_new="-p tcp -m conntrack --ctstate NEW"
match_tcp_related="-p tcp -m conntrack --ctstate RELATED,ESTABLISHED"
match_dhcp_client="-p udp --dport 67 --sport 68"
match_dhcp_server="-p udp --dport 68 --sport 67"
match_dns_request="-p udp --sport 1024: --dport 53"
match_dns_reply="-p udp --sport 53 --dport 1024:"
# CLEAR IPTABLES
iptables -t filter -F
iptables -t filter -X
iptables -t nat -F
iptables -t nat -X
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# FORWARDING POLICIES
# forwarding for inet users
iptables -A FORWARD -i $inet -o $mgmt -j ACCEPT
iptables -A FORWARD -o $inet -i $mgmt -j ACCEPT
# forwarding for anon users
iptables -A FORWARD -i $anon -o $vpn -j ACCEPT
iptables -A FORWARD -o $anon -i $vpn -j ACCEPT
# ROUTER FIREWALL
# allow local communication
iptables -A INPUT  -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# allow icmp to router from everywhere
iptables -A INPUT  -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
# allow router access from mgmt
iptables -A INPUT  -i $mgmt -j ACCEPT
iptables -A OUTPUT -o $mgmt -j ACCEPT
# allow router access from vpn
iptables -A INPUT  -i $anon -j ACCEPT
iptables -A OUTPUT -o $anon -j ACCEPT
# allow vpn tunnel on inet
iptables -A INPUT  -i $inet $match_vpn -j ACCEPT
iptables -A OUTPUT -o $inet $match_vpn -j ACCEPT
# allow dhcp client on inet interface
iptables -A INPUT  -i $inet $match_dhcp_server -j ACCEPT
iptables -A OUTPUT -o $inet $match_dhcp_client -j ACCEPT
# allow dhcp server on vpn
iptables -A INPUT  -i $vpn $match_dhcp_client -j ACCEPT
iptables -A OUTPUT -o $vpn $match_dhcp_server -j ACCEPT
# allow dhcp server on mgmt
iptables -A INPUT  -i $mgmt $match_dhcp_client -j ACCEPT
iptables -A OUTPUT -o $mgmt $match_dhcp_server -j ACCEPT
# allow dns client on inet interface
iptables -A INPUT  -i $inet $match_dns_reply -j ACCEPT
iptables -A OUTPUT -o $inet $match_dns_request -j ACCEPT
# allow dns server on mgmt interface
iptables -A INPUT  -i $mgmt $match_dns_request -j ACCEPT
iptables -A OUTPUT -o $mgmt $match_dns_reply -j ACCEPT
# allow dns server on vpn interface
iptables -A INPUT  -i $vpn $match_dns_request -j ACCEPT
iptables -A OUTPUT -o $vpn $match_dns_reply -j ACCEPT
iptables -A OUTPUT -o $vpn -p tcp --sport 22 --dport 1024: -j ACCEPT
# allow router tcp connections
iptables -A OUTPUT $match_tcp_new     -j ACCEPT
iptables -A OUTPUT $match_tcp_related -j ACCEPT
iptables -A INPUT  $match_tcp_related -j ACCEPT
# reject disallowed tcp properly
iptables -A INPUT $match_tcp_new -j REJECT --reject-with tcp-reset
# NAT / MASQUERADING
# set up NAT for everything going through the uplink interfaces
iptables -t nat -A POSTROUTING -o $anon -j MASQUERADE
iptables -t nat -A POSTROUTING -o $inet -j MASQUERADE

/etc/config/qos

config interface 'anon'
        option classgroup 'Default'
        option enabled '1'
        option download '500' # actual UPload on the client in KBit/s
        option upload '2000' # actual DOWNload on the client in KBit/s
config classgroup 'Default'
        option classes 'Priority Express Normal Bulk'
        option default 'Normal'
config class 'Priority'
        option packetsize '400'
        option maxsize '400'
        option avgrate '10'
        option priority '20'
config class 'Priority_down'
        option packetsize '1000'
        option avgrate '10'
config class 'Express'
        option packetsize '1000'
        option maxsize '800'
        option avgrate '50'
        option priority '10'
config class 'Normal'
        option packetsize '1500'
        option packetdelay '100'
        option avgrate '10'
        option priority '5'
config class 'Normal_down'
        option avgrate '20'
config class 'Bulk'
        option avgrate '1'
        option packetdelay '200'

/etc/nodogsplash/htdocs/splash.html


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>$gatewayname</title>
<meta http-equiv="refresh" content="1; URL=$authtarget" />
</head>
<body style="background-color: black; font-family: Verdana">
<p align="center">
<img src="data:image/png;base64,
iVBORw0KGgoAAAANSUhEUgAAAfMAAAFnAgMAAADPlkiNAAAAAXNSR0IArs4c6QAAAAlQTFRFAABn
3ixn/8wsrIkrBwAAAAF0Uk5TAEDm2GYAAA2FSURBVHja1Z1LcuyoEobFiWDieW6iVsHdAR0h9lNL
8dDhVd62T5VK5IN8gOzoGtoSH5l/gsRDybat/LXv3779wi+316/8MDu1/vdrhv+4+dDor/4m/Mfw
PPyH8LlJv/Lz0f6zkT+AX9/xwIh+tfS5jX/l1/x+ue810y81PjX991shd3HgWUy/zngw0etvmn6V
8WCk1980/RrjwUyvv2n6FcaDg15/vIe/tLfPHvry3t4FX2188tHb78Xc+rhzwte6PnvpS+MO3PR6
ecwZ/nmZ45XKlSsdX30XrHV80b3zk3MF180ngKXgfJHrk61cuMb12diPXeN6MNqULnG92aR8QV/v
KPMC14O9yLze9Z4SYbXrk6cZpdVtLrucCYuFB5c1abHwzuJgqfDJKWRaKnz2ehJWCj8qDDj35pXC
yzJmgbFQ+CSaDpK+eZ3wYlHycy+tEx4EEUdvcbBMeMEOeP0lEYXzKuETX1DuzcVWrhI+s05M2Ke5
dw0sEh5YK6igubsgLRKedXxmCu3/tkZ43gi2TDgbD0uET1wpmS/yXKe0hJ4ZDyYhlLq/Lwk7YBwP
UiTlUxVhRdhxJsjOPF2VF4RdYsrIsi/TydAFwmfGfyNj4IWCeeEzLSKPSjsZn+fpQN031vFlfJoP
Oyp7Gpty+vd02DH1B6Ws1/9hNuwS1U7zYz5YeZZOC8hqUUf10mzYAZEO1BDKx7WzYQfkft2OdHgH
JsOO+C4bCjrck+foicgOBiceNUxzYUcrbyrnuGgu7MhIKZl8eDgIpujkbjBF7+H6PBX0RDejgHTV
YJ+h7x7Hf7mo8AXEQv5oQtUYL0T4BXQwRs/hoxl6xkFndiA0oYRQyD9NquZ6F957Efrel2lxfUVh
V+MhX3t/Wm7deQMm6I4inhWN0xMKmeRw31OkHA56fGd2BO6zpikc9Bl5DTz1f94UpmPNXNo9qxoO
euhvTK4CnjJBlI6cll3Oe9Y1R4Me0cEXtg9clJ5QyIPv/sflKdjk0kzQfRmNPDjV4JIzbp5hEmxy
uY/W7Lz9WVuI0QGHvDdod86IIB28TQam6Chc3N3Fw1kp1uR6egrQS5yecMh7HxMJB32IXmNBd2gF
ETqKFgjQ93iTy5Mhf1Q4L6AHXkrzBB1QyPuHAwkFff3P0PsGlyNzHw9epMH390CE/ojUGXqNhvxx
E/jpSK3Q1MdDrkB3k6YbHG1y0eaeQpNOj7sCDT5PNzja5IqhiVeGnmNz3H/LMtH7WY4+UHNsmhcq
03yUaZJvZE+HIH030vHWMESPTbBnIx1vXawLmjtp8PtY87KRHWoPegnRk4meus6A7ldJYXrX4He5
T995HcrJhkCTK3pnlwdbsstEc3/Gy5CeGKfAis6GdDdSvIsPmZnm/rxxRGf3MeRL6IU1vYrd7lRn
Q7qbwpq+KfTwEvYjYGQ6sA5B9BKkp6Z0tXwnACu6uqO7AYku7GPork+X0YX+D9G3baqzk+jSPgZY
0tHizq4Syq6/zedV9J1Qij5tkuN71GBEF/cxdE+ZGXrX2e3Y8VWh15mOVqFLju/X7SG+SSwPHjN5
/LLzdP1FdNHxh6u+13MnNsihjh45XhlD7t8bSCY2ByaZLi+nv8Lky/XX0OXl9FcD/bpmil6kR6w8
on7R05f3r6AP9jGcOubW0sxO6P4xUyyOP9Oh/e8S+mAfw4me5naBi/RBqedH4iS98vQ03hr66uWn
9t9D5V8vsmE0XzbbtjLrI7ZaZO/o6RL6qNBOpyvoyTKJU8JztP0DntCHa4uIHu/rHo/YKXpdTh/6
E9H35XRtN/Rp/Dz17UH3clMtQdc/j4f0z+P3bqDvFtkJXbz2z4t+d9DHzaijt39kP7296KMXO0Lf
7fQqx8jtgH+MXq0wvTnoRa6qJjtPVxa0EV0eRmqyS/Tiohc16DYHXRkUI7roqTdNdp6uDAwRXRzN
3DTZeXrz0aXKqrIL9GqhH/NlQu+gy44GM7ZdFJguhIku+xK6cL0uO0vX5oEovcZkZ+naXAiZJ2Xp
f36Kzt7wpgcdS9felWz0mx50a+hsoHzqQcfR1RG5iW6RnaNn/VsnROfqa5Fdpb8xvqNrAwzdIjtH
72LoD1MAQ68h2VX6xjiP0umMoUl2jt4bcqMlMPQ9JLtOZ4SndDpPbZKdpZdtLDx+vnPNxCQ783zH
zYe6j9LJtJlNdpbO+fCu0EtEdoaOvUiFp3TS4G2yc/SddaJCrxHZGTppPUQ+nW6U3UK/YRvQOG6j
3Y1RdmYUSfqtN6xfP4KuzAvJLUwnfTYRnqGjYPkc/O7D8Tt9XuG7OHoTZHfSmWc1Fh4uoleWjoXv
56yYheg3H72bcZde0cb0wgedk869V6HOtqcz2x8+rXSw099Zeqb0PxP0XbLgY0ivRtl7Op6jBpH+
OaKf+6jbJfS7kf45Qa9iIe/MqtCxQ3A3ys7QgVvQ/pSEV+hvdjpZk2oy/ZOjP/qHU0d/c9Dxetyr
6Yg3KvTPi+gfA3ozyh6nf/b084j3RX+z08kadDLQE7PFLMXo6Il9esiInh/T/1xFf2fp+BF7Ff3e
01tHL/4W17/WKfSPjaMD3uNn723Ifps8oL/b6H8m6INe486/VpIHvJlO9lmN6OSlVni9MD9hyQ63
Af1jTK9r6fIrNbeJ+0Q3v9s0B/3Ov9Smhl8vzO91/Rb2Kky54qEUt6fU/HJzlx4yAp1M3XD7ac0v
dnf8kAHuxWowe8HtJQbrS+0dd7QK/UZ7SNrRn280juPoLm6GTqdONPq2kE5mD9j9813A2GYP6P55
hk5mTthvBzq6beaEfjsA0mzzvZvs6b7a2MnshW3WCMhXG+Js8ybTmQ3NphmzZqBT2dGHFhzdNFtI
v5eh9Ju8OnH+Uqmn25bDCg5hSufKUOm2pUCdzi2NbMwXauKc2ft4sq77RqxVrZtlulqGbhA+k46W
0m+c+5gvExHdIDzzZSKhsyXodIPwBjorO/dFKn4t0YVnvkjFdFZ2C/22gi4FDPkWGNPVfQ/ct8A2
eqINXljSkMMuMR8mQoC+9fN8xo0P3DfgTnqV6Zrw3Pfvxm8w6Lf/hK4Jz33776S/NqkQuiY8l3XB
SAedrgnfmE/AnfRXk4PBQvC7ocHN0OtwEfyDDbo4neY58S7Bs3lOYvR/0d7tBzixkYeeSH4bcG69
wPlttgj9CHpxICAIj0Le91kxyWskDoJ44XFeI1/+BpLTSR4AssLzOZ1i9H9V5CQbCA9sPisrneTy
auLQmxWez+UVpGc2Y8RAeJw0xEcnOdy4jWmy8EION+u3tSR/HbstThReyF9npZPcfSxdFB743H3J
Sz9SjpbN8Wt83kLzx3ZTGSM3IWPkz9CTSC/OJrcyV6ef/lRwSZ5SKx1liM2tzQRdcdIToRe37DRV
p1W/hFOtLMnNay6k1yzvS/ISg5v+mKoM5GRucTqgUUg2e22Qjxp2L/0x/kuOTOAFhU5FE8eeJvcY
9zd7N8mV4KP3Nf8aTyzIwW5OntGnzv/+dMSZf545dMH+RfmZnr43Dszn3rfTz477fjzYurtEzx2o
5DXfQy9/65wXnLlgpp/v/o4W63kThdbeTz+H3d+WYnF9Ys7aoC89Hnp70BecM2LPHHJKOHIsLxlu
Gp6xYs/Zcjpf5sgCWMyOBzYBe4S+H0OTXb1nfLaOPVMQPbYvGc4VKkT2EqIneojZ9JlKjuQdjTnb
p9liTjpWyJG4hB6ElsbGZ/0sLTudOQ9r/Dk8nI/8Es4wrYGwK9Q6NlDUM9Ts3Q13et0o9Uh31pqQ
hdve4LmjDwcv9vmcXECi55mgV84NZDTbw3Tu6MMsJb6E/mBFIWmeo8mxJgzOixw6zU1PXCnyWZmV
66OFaQ2n8MFzQvc19P6MVC69p+2MVNgjYYdOn93Jdfvg4cgMcEMP2cM2kta1KHX2NznhXOCE8pZ4
zgX2pOcSzkTOr7KpZ8ZnIntmv0AoCacylv5XxZlEr/BtE/G7oBabmHUPCd9XWvKKfEC4P+gHJ5pL
5zVpZ6B7EmAOD5PnzFPPf0+RdOzWBPpNPQLdEXZJL02ubRtOqHmFN9QadF9BVPjmc5V0dPMWE141
HgxChcNOUx5drMxluj1vTE4zvtYRdqhDN54fMLwUWqzFjQMvGa/Mjpmr2pox8KwiuQ5/BKPvs7ma
noMvs833yR4hZuG/qtmaxaW2q1zCp7/5Qg0+NV2Ep7F12amgXMkEPjLPOt3dGtvqmMTajpZpPWb3
UUmm7H2oufZEsK1zZLQPnPes8u+w8IB3MDD2j/435/rWRFmVXzXO4m+G2MxuejFJqtSwymE1/O1W
u0zq5LWm2ybbd/lBO/453Gq5AlbGnG+y3e36YmlO2iviPu7OwjFnWecAtKax1HTN9WhnV1oZc/o6
BzDzUqtiTl/nwKWktaaP1zlo1WCp6eO4o5Gblpo+XOfg/gVLTR9P9e+Gcc2M6YN1Dv4feanpovFS
1vs13dymrHOAYENe0s3xSwqbsvxgCDxn2vAsnKVVrQPqaMi9pKR/Uo+DWOH3pzWkPsU6SJ/x+1Ec
qo0lTflkvHfF9evmvrmUqOhdcfUQtWwR/Bb7ZWfs5DURF5uP5PFheF9ccYg17XYUyf5tl8GmxvAj
5+dOGz6ll13w/wO2fsacnTJ/LAAAAABJRU5ErkJggg==" />
<br />
<br />
<br />
<br />
<a href="$authtarget">Continue...</a>
</p>
</body>
</html>

/etc/nodogsplash/nodogsplash.conf

GatewayInterface br-anon
FirewallRuleSet users-to-router {
 # Nodogsplash automatically allows tcp to GatewayPort,
 # at GatewayAddress, to serve the splash page.
 # Additional services:
    FirewallRule allow udp port 53 # DNS
    FirewallRule allow tcp port 53 # DNS
    FirewallRule allow udp port 67 # DHCP
}
EmptyRuleSetPolicy authenticated-users passthrough
EmptyRuleSetPolicy preauthenticated-users passthrough
EmptyRuleSetPolicy trusted-users-to-router passthrough
GatewayName freifunk
MaxClients 50
ClientIdleTimeout 720
ClientForceTimeout 1440
RedirectURL https://stoerhaftung.net?gw_name=:::GW_NAME:::
GatewayName :::GW_NAME:::

/etc/init.d/setdate

Ensure configured date and time is something reasonable, so e.g. SSL connections don't fail due to invalid certificates.

#!/bin/sh /etc/rc.common
START=90
start() {
    [ `date +%Y` -lt 2012 ] && date -s 20120101
}

/etc/uci-defaults/freifunk

Script which gets executed at first boot - make some device specific configurations (such as extracting MAC address and using it as part of the ESSID).

#!/bin/sh
# extract MAC address and store last 3 octets and use it as prefix for gateway name
gw_name=$(echo -n "$(uci get wireless.radio0.macaddr)" | tr '[a-z]' '[A-Z]' | sed -e 's#:##g' | tail -c 6).anon.freifunk.net
uci set wireless.radio0.disabled=0
# bridge WiFi with interface 'anon'
uci set wireless.@wifi-iface[0].network=anon
# set ESSID containing 
uci set wireless.@wifi-iface[0].ssid=${gw_name}
uci commit
sed -i "s/:::GW_NAME:::/${gw_name}/g" /etc/nodogsplash/nodogsplash.conf

Medienspiegel

Announcement auf freifunkstattangst.de

    http://freifunkstattangst.de/2012/06/14/aktion-gegen-storerhaftung-anonym-im-wlan-an-offentlichen-platzen-mit-freifunk/

Announcement http://blog.freifunk.net

    http://blog.freifunk.net/2012/freifunkfreedomfighterbox-gegen-st%C3%B6rerhaftung-und-abmahnwahn

Video in der TagesWEBschau (ab 1:29)

    http://www.tagesschau.de/multimedia/video/video1135426.html
      auf Grund des Rundfunkänderungsstaatsvertrag dort nicht mehr online, Kopie auf YouTube:
        http://www.youtube.com/watch?v=gECMLkq-0zI#t=1m29s

Artikel 1 auf taz.de

    http://www.taz.de/Freies-Netz-und-Stoererhaftung/!95330/

Artikel 2 auf taz.de

    http://www.taz.de/Internet-fuer-alle/!95396/

Artikel auf zeit.de

    http://www.zeit.de/digital/datenschutz/2012-06/freifunk-freedom-box/seite-1

Sendemanuskript des Interviews mit Mirko im DeutschlandRadio

    http://www.dradio.de/dlf/sendungen/computer/1799065/

Artikel auf Netzpolitik.org

    https://netzpolitik.org/2012/freifunk-freedom-fighter-box-gegen-storerhaftung/

Artikel auf dem IT-News-Portal "heise.de"

    http://www.heise.de/newsticker/meldung/Mit-der-Freifunk-Freedom-Fighter-Box-gegen-die-Stoererhaftung-1618782.html

Artikel auf dem IT-News-Portal "golem.de"

    http://www.golem.de/news/freifunk-berliner-verein-verschenkt-anonyme-netzzugaenge-1206-92628.html

Artikel auf dem IT-News-Portal "winfuture.de"

    http://winfuture.de/news,70330.html

Interview mit Mirko auf Radio Fritz

    http://trackback.fritz.de/2012/06/23/trb-284-totgesagt-tablets-leistungsschutzrecht-gratisrouter-milenskaya/