Differences between revisions 1 and 2
Revision 1 as of 2015-09-13 14:43:38
Size: 1375
Comment: Initial page for FreedomBox aggregated manual
Revision 2 as of 2015-09-13 14:45:33
Size: 1437
Comment: Add FreedomBox category and portal
Deletions are marked like this. Additions are marked like this.
Line 44: Line 44:

<<Include(FreedomBox/Portal)>>

----
CategoryFreedomBox

Contents

  1. What you need to get started
  2. How to get started
  3. Finding your way around
    1. Front page
    2. Apps menu
    3. Help menu
    4. System menu
    5. User menu
    6. Burger menu
  4. Tor (Anonymity Network)
    1. What is Tor?
    2. Using Tor to browse anonymously
    3. Using Tor Onion Service to access your FreedomBox
    4. Apps accessible via Tor
    5. Running a Tor relay
    6. (Advanced) Usage as a SOCKS proxy
      1. Example with Firefox
    7. Circumventing Tor censorship
    8. External links
  5. Deluge (Distributed File Sharing via BitTorrent)
    1. What is Deluge?
    2. Screenshot
    3. Initial Setup
    4. External links
  6. Transmission (Distributed File Sharing via BitTorrent)
    1. What is Transmission ?
    2. Screenshot
    3. Using Transmission
    4. Tips
      1. Transferring Downloads from the FreedomBox
    5. Port Forwarding
    6. Using Remote Apps
    7. External Links
  7. Shaarli (Bookmarks)
    1. What is Shaarli?
    2. External links
  8. Dynamic DNS Client
    1. What is Dynamic DNS?
    2. GnuDIP vs. Update URL
    3. Using the GnuDIP protocol
    4. Using an Update URL
    5. Checking If It Works
    6. Recap: How to create a DNS name with GnuDIP
  9. Roundcube (Email Client)
    1. What is Roundcube?
    2. Email privacy
    3. Using Roundcube
    4. Using Gmail with Roundcube
    5. External links
  10. ownCloud
    1. What is ownCloud?
    2. Installation
      1. External Storage
  11. PageKite (Public Visibility)
    1. What is PageKite?
    2. Using PageKite
  12. Mumble (Voice Chat) Server
    1. What is Mumble?
    2. Using Mumble
    3. Port Forwarding
    4. Managing Permissions
    5. External links
  13. Privoxy (Web Proxy)
    1. Screencast
    2. Setting up
    3. Advanced Users
    4. External links
  14. Ikiwiki (Wiki and Blog)
    1. What is Ikiwiki?
    2. Creating a wiki or blog
    3. Accessing your wiki or blog
    4. User login through SSO
    5. Adding FreedomBox users as wiki admins
    6. Avoiding Spam
    7. Theming
    8. External links
  15. Configure
    1. Hostname
    2. Domain Name
    3. Webserver Home Page
  16. Users and Groups
  17. Networks
    1. Default setup
      1. Single ethernet interface
      2. Multiple ethernet interface
      3. Wi-Fi configuration
    2. Internet Connection Sharing
    3. Customization
      1. PPPoE connections
      2. Connect to Internet via Wi-Fi
        1. Problems with Privacy Feature
      3. Adding a new network device
      4. Configuring a mesh network
        1. Joining a mesh network
        2. Creating a mesh network
    4. Advanced Network Operations
    5. Manual Network Operation
  18. Software Updates
    1. When Will I Get the Latest Features?
    2. Manual Updates from Web Interface
    3. Manual Updates from Terminal
    4. Auto-Update to Next Stable Release
    5. Manual Update to Next Stable Release
  19. Diagnostics
  20. Firewall
    1. Interfaces
    2. Opening Custom Ports
    3. FreedomBox Ports/Services
    4. Manual operation
      1. Enable/disable firewall
      2. Modifying services/ports
      3. Modifying the zone of interfaces
  21. Date & Time
  22. Recommended Hardware
  23. Supported Hardware
    1. Hardware Comparison
  24. Additional Hardware
    1. Hardware Supported with Generic Images
    2. Adding Hardware Support
    3. Deprecated Hardware
  25. Common Hardware Information
    1. Wi-Fi
    2. Power Supply
    3. Firmware
    4. Storage
      1. Secure Digital (SD) Card
      2. Embedded MultiMediaCard (eMMC)
      3. USB Disk Drive
      4. SATA disk drive
      5. NVMe disk drive
  26. Building Your Own Images
    1. Status of Software Used
  27. Cubietruck
    1. FreedomBox Danube Edition
    2. Cubietruck / Cubieboard3
    3. Download
    4. Availability
    5. Hardware
    6. Non-Free Status
    7. Known Issues
  28. Beagle Bone Black
    1. Download
    2. Availability
    3. Hardware
    4. Non-Free Status
  29. VirtualBox
    1. Download
    2. Creating a Virtual Machine
    3. First Boot
    4. Using
    5. Build Image
    6. Tips & Troubleshooting
      1. Network Configuration
      2. Finding out the IP address of the virtual machine
      3. Networking Problems with macchanger
      4. Mounting Images Locally
      5. Fixing the time after suspend and resume
      6. UUID collision in VB
  30. Debian
    1. Installing on Debian 11 (Bullseye) or newer
    2. Tips and Troubleshooting
  31. Raspberry Pi 2 Model B
    1. Download
    2. Availability
    3. Hardware
    4. Non-Free Status
  32. Discussion Forum
  33. Matrix
  34. IRC #freedombox
  35. Email
  36. Help Back

Deutsch - English - Español - Français - Русский - Українська - (+)

Quick Start

1. What you need to get started

The easy way is to buy a FreedomBox kit.

Alternatively you may choose to build it yourself, by gathering all the components:

  • A supported device (including any device that can run Debian). We will call that the FreedomBox in the rest of this manual.

  • A power cable for your device.
  • An ethernet cable.
  • A microSD card (or equivalent storage media for your device), prepared according to the instructions on the Download page.

2. How to get started

  1. Plug one end of your ethernet cord into your FreedomBox's ethernet port, and plug the other end into your router.

  2. Power on the FreedomBox.

    • Note: On most single board computers, don't expect any output on a monitor connected via HDMI as the support may not exist in the kernel. See below to access and control your FreedomBox via network.

  3. On first boot, FreedomBox will perform its initial setup (older versions of FreedomBox reboot after this step). This process may take several minutes on some machines. After giving it about 10 minutes, proceed to the next step.

  4. After the FreedomBox has finished its initial setup, you can access its web interface through your web browser.

    • If your computer is connected directly to the FreedomBox through a second (LAN) ethernet port, you can browse to: http://freedombox/ or http://10.42.0.1/.

    • If your computer supports mDNS (GNU/Linux, Mac OSX or Windows with mDNS software installed), you can browse to: http://freedombox.local/ (or http://the-hostname-you-entered-during-install.local/)

    • If you know your way around the router's web interface, you can look up the IP address of the FreedomBox there, and browse to that address.

    • If none of these methods are available, then you will need to figure out the IP address of your FreedomBox. You can use the "nmap" program from your computer to find its IP address:

           nmap -p 80 --open -sV 192.168.0.0/24 (replace the ip/netmask with the one the router uses)
      In most cases you can look at your current IP address, and change the last digits with zero to find your home network, like so: XXX.XXX.XXX.0/24

      Your FreedomBox will show up as an IP address with an open tcp port 80 using Apache httpd service on Debian, such as the example below which would make it accessible at http://192.168.0.165:

           Nmap scan report for 192.168.0.165
           Host is up (0.00088s latency).
           PORT   STATE SERVICE VERSION
           80/tcp open  http    Apache httpd 2.4.17 ((Debian))
      If nmap does not find anything with the above command, you can try replacing 192.168.0.0/24 with 10.42.0.255/24.
           nmap -n -sP 10.42.0.255/24
      The scan report will show something similar to the following:
           Nmap scan report for 10.42.0.1
           Host is up (0.00027s latency).
           Nmap scan report for 10.42.0.50
           Host is up (0.00044s latency).

      In this example, the FreedomBox is accessible at http://10.42.0.50. (10.42.0.1 is my laptop.)

  5. On accessing FreedomBox's web interface your browser will warn you that it communicates securely but that it regards the security certificate for doing so as invalid. This is a fact you need to accept because the certificate is auto generated on the box and therefore "self-signed" (the browser might also use words such as "untrusted", "not private", "privacy error" or "unknown issuer/authority"). Telling your browser that you are aware of this might involve pressing buttons such as "I understand the Risks", "proceed to ... (unsafe)" or "Add exception". After installation this certificate can be changed to a normal one using the Let's Encrypt option.

    • Self-signed certificate warning

    • Add Security Exception

    • If the domain name you are using already has a valid certificate from a recognised Certificate Authority, such as from Let's Encrypt, you may not be able to access the web interface. This means that the option to continue will not be offered. This might occur, for example, if you are reinstalling your FreedomBox or are otherwise reusing a domain name that has an associated certificate. This is normal, because your browser has a record of having visited the site and knows about the valid official certificate. The browser will not subsequently accept a self-signed certificate and you will be blocked. There are two ways to get beyond this hurdle.

      The first method is to access your FreedomBox by its IP address instead of by its domain name. So, instead of using something https://example.com, you would use something like https://198.51.100.2 (substitute your own IP address).

      The second method is to create a fresh profile for your browser and access your FreedomBox from the new profile. The new profile will have no memory of having visited the site nor memory of an official certificate. Once your FreedomBox has a new Let's Encrypt certificate, you can go back to using the old browser profile.

  6. The first time you access the FreedomBox web interface, you will see a welcome page. Click the "Start Setup" button to continue.

    • Welcome

      If you have installed FreedomBox using a Debian package, you will be asked for a secret key. This secret was generated during the installation of the Debian package. It can be read from the file /var/lib/plinth/firstboot-wizard-secret.

  7. The next page asks you to provide a user name and password. Fill in the form, and then click "Create Account."
    • Note: The user that you create here has Admin privileges and can also log in using ssh. For additional security, you may want to use a separate account for administrative tasks and for your normal, daily use. You can add more users later.

    • Account

  8. After completing the form, you will be logged in to FreedomBox's web interface and able to access apps and configuration through the interface.

    • Complete

Now you can try any of the Apps that are available on FreedomBox.

3. Finding your way around

3.1. Front page

The front page is the page that you will see when accessing the web root of your FreedomBox. You can also access it by clicking the FreedomBox logo in the top-left corner of the FreedomBox's web interface.

The front page includes shortcuts to apps that have been installed and are enabled. For web apps, clicking the shortcut will take you directly to the app's web page. For other services, clicking the shortcut will show more information about the service.

Front page

Front page

3.2. Apps menu

The Apps menu can be accessed by clicking the grid icon, next to the FreedomBox logo. This page lists all of the apps that are available for installing on FreedomBox. Click the name of an app to visit its page, where you can install and configure it.

Apps

3.3. Help menu

The Help menu can be accessed by clicking the question mark icon in the top-right corner. It includes helpful links and the FreedomBox manual.

Help

3.4. System menu

The System menu can be accessed by clicking the gear icon in the top-left corner. It includes a number of pages related to system configuration.

System

3.5. User menu

In the top-right corner, the name of the currently logged-in user is shown. A drop-down menu includes options for editing the current user or logging out of the user interface.

User

3.6. Burger menu

FreedomBox's web interface is responsive. When the display or browser window is very narrow, menu options may be hidden.

User

That is because the top menu options are collapsed into the burger icon shown at the top right corner of the window. Click on it to display a drop-down menu.

User

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Apps

Deutsch - English - Español - (+)

1. Tor (Anonymity Network)

Tor icon

Available since: version 0.3

1.1. What is Tor?

Tor is a network of servers operated by volunteers. It allows users of these servers to improve their privacy and security while surfing on the Internet. You and your friends are able to access to your FreedomBox via Tor network without revealing its IP address. Activating Tor application on your FreedomBox, you will be able to offer remote services (chat, wiki, file sharing, etc...) without showing your location. This application will give you a better protection than a public web server because you will be less exposed to intrusive people on the web.

1.2. Using Tor to browse anonymously

Tor Browser is the recommended way to browse the web using Tor. You can download the Tor Browser from https://www.torproject.org/projects/torbrowser.html and follow the instructions on that site to install and run it.

1.3. Using Tor Onion Service to access your FreedomBox

Tor Onion Service provides a way to access your FreedomBox, even if it's behind a router, firewall, or carrier-grade NAT (i.e., your Internet Service Provider does not provide a public IPv4 address for your router).

To enable Tor Onion Service, first navigate to the Anonymity Network (Tor) page. (If you don't see it, click on the FreedomBox logo at the top-left of the page, to go to the main Apps page.) On the Anonymity Network (Tor) page, under Configuration, check "Enable Tor Onion Service", then press the Update setup button. Tor will be reconfigured and restarted.

After a while, the page will refresh and under Status, you will see a table listing the Onion Service .onion address. Copy the entire address (ending in .onion) and paste it into the Tor Browser's address field, and you should be able to access your FreedomBox. (You may see a certificate warning because FreedomBox has a self-signed certificate.)

Tor Configuration - FreedomBox

Currently only HTTP (port 80), HTTPS (port 443), and SSH (port 22) are accessible through the Tor Onion Service configured on the FreedomBox.

1.4. Apps accessible via Tor

The following apps can be accessed over Tor. Note that this list is not exhaustive.

1.5. Running a Tor relay

When Tor is installed, it is configured by default to run as a bridge relay. The relay or bridge option can be disabled through the Tor configuration page in FreedomBox.

At the bottom of the Tor page in FreedomBox, there is a list of ports used by the Tor relay. If your FreedomBox is behind a router, you will need to configure port forwarding on your router so that these ports can be reached from the public Internet.

The requirements to run a relay are listed in the Tor Relay Guide. In short, it is

  • recommended that a relay has at least 16 Mbit/s (Mbps) upload and download bandwidth available for Tor. More is better.
  • required that a Tor relay be allowed to use a minimum of 100 GByte of outbound and of incoming traffic per month.
  • recommended that a <40 Mbit/s non-exit relay should have at least 512 MB of RAM available; A relay faster than 40 Mbit/s should have at least 1 GB of RAM.

1.6. (Advanced) Usage as a SOCKS proxy

FreedomBox provides a Tor SOCKS port that other applications can connect to, in order to route their traffic over the Tor network. This port is accessible on any interfaces configured in the internal firewall zone. To configure the application, set SOCKS Host to the internal network connection's IP address, and set the SOCKS Port to 9050.

1.6.1. Example with Firefox

Your web browser can be configured to use the Tor network for all of your browsing activity. This allows for censorship circumvention and also hides your IP address from websites during regular browsing. For anonymity, using tor browser is recommended.

Configure your local FreedomBox IP address and port 9050 as a SOCKS v5 proxy in Firefox. There are extensions to allow for easily turning the proxy on and off.

Configuring Firefox with Tor SOCKS proxy

With the SOCKS proxy configured, you can now access any onion URL directly from Firefox. FreedomBox itself has an onion v3 address that you can connect to over the Tor network (bookmark this for use in emergency situations).

1.7. Circumventing Tor censorship

If your ISP is trying to block Tor traffic, you can use tor bridge relays to connect to the tor network.

1. Get the bridge configuration from the Tor BridgeDB

Tor BridgeDB

2. Add the lines to your FreedomBox Tor configuration as show below.

Tor Configuration Page

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Deutsch - English - Español - Magyar - (+)

2. Deluge (Distributed File Sharing via BitTorrent)

Deluge icon

Available since: version 0.5

2.1. What is Deluge?

Deluge is a BitTorrent node (both, client and server at the same time).

BitTorrent is a communications protocol for peer-to-peer (P2P) file sharing.

  • It is not anonymous; you should assume that others can see what files you are sharing.

  • This technology works best for big, popular files.

There are two BitTorrent web nodes available in FreedomBox: Transmission and Deluge. They have similar features, but you may prefer one over the other.

Deluge is a lightweight BitTorrent client that is highly configurable. Additional functionality can be added by installing plugins.

2.2. Screenshot

Deluge Web UI

2.3. Initial Setup

After installing Deluge, it can be accessed by pointing your browser to https://<your freedombox>/deluge. You will need to enter a password to login:

Deluge Login

The initial password is "deluge". The first time that you login, Deluge will ask if you wish to change the password. You should change it to something that is harder to guess.

Next you will be shown the connection manager. Click on the first entry (Offline - 127.0.0.1:58846). Then click "Start Daemon" to start the Deluge service that will run in the background.

Deluge Connection Manager (Offline)

Now it should say "Online". Click "Connect" to complete the setup.

Deluge Connection Manager (Online)

At this point, you are ready to begin using Deluge. You can make further changes in the Preferences, or add a torrent file or URL.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

English - Español - (+)

3. Transmission (Distributed File Sharing via BitTorrent)

Transmission icon

Available since: version 0.5

3.1. What is Transmission ?

Transmission is a BitTorrent node (both, client and server at the same time).

BitTorrent is a communications protocol for peer-to-peer (P2P) file sharing.

  • It is not anonymous; you should assume that others can see what files you are sharing.

  • This technology works best for big, popular files.

There are two BitTorrent web nodes available in FreedomBox: Transmission and Deluge. They have similar features, but you may prefer one over the other.

Transmission is a lightweight BitTorrent client that is well known for its simplicity and a default configuration that "Just Works".

3.2. Screenshot

Transmission Web Interface

3.3. Using Transmission

After installing Transmission, it can be accessed at https://<your freedombox>/transmission. Transmission uses single sign-on from FreedomBox, which means that if you are logged in on your FreedomBox, you can directly access Transmission without having to enter the credentials again. Otherwise, you will be prompted to login first and then redirected to the Transmission app.

3.4. Tips

3.4.1. Transferring Downloads from the FreedomBox

  1. Transmission's downloads directory can be added as a shared folder in the Sharing app. You can then access your downloads from this shared folder using a web browser.

  2. (Advanced) If you have the ssh access to your FreedomBox, you can use sftp or scp to browse the downloads directory using a suitable file manager or web browser:

3.5. Port Forwarding

If your FreedomBox is behind a router you optionally might want to set up port forwarding on your router in order to improve communication with other peers. You should forward the following ports for Transmission:

  • TCP 51413 (or your configured peer listening port)

3.6. Using Remote Apps

In addition to using the web interface to control Transmission on FreedomBox, desktop and mobile apps may also be used. List of tested clients and their platforms are listed on the app page in FreedomBox web interface. When configuring these clients the URL to connect must be /transmission-remote/rpc and the port must be 443.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

English - Español - Українська - (+)

4. Shaarli (Bookmarks)

Shaarli icon

Available since: version 21.15

4.1. What is Shaarli?

Shaarli is personal (single-user) bookmarking application to install on your FreedomBox. It can also be used for micro-blogging, pastebin, online notepad and snippet archive. Shaarli is designed as a no-database delicious clone. As such, it provides very fast services, easy backup and import/export links as desktop or mobile browser bookmarks. Links stored can be public or private. Shaarli delivers ATOM and RSS feeds from its minimalist interface.

Shaarli screenshot

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Translation(s): English - Español

5. Dynamic DNS Client

5.1. What is Dynamic DNS?

In order to reach a server on the Internet, the server needs to have permanent address also known as the static IP address. Many Internet service providers don't provide home users with a static IP address or they charge more providing a static IP address. Instead they provide the home user with an IP address that changes every time the user connects to the Internet. Clients wishing to contact the server will have difficulty reaching the server.

Dynamic DNS service providers assist in working around a problem. First they provide you with a domain name, such as 'myhost.example.org'. Then they associate your IP address, whenever it changes, with this domain name. Then anyone intending to reach the server will be to contact the server using the domain name 'myhost.example.org' which always points to the latest IP address of the server.

For this to work, every time you connect to the Internet, you will have to tell your Dynamic DNS provider what your current IP address is. Hence you need special software on your server to perform this operation. The Dynamic DNS function in FreedomBox will allow users without a static public IP address to push the current public IP address to a Dynamic DNS Server. This allows you to expose services on FreedomBox, such as ownCloud, to the Internet.

5.2. GnuDIP vs. Update URL

There are two main mechanism to notify the Dynamic DNS server of your new IP address; using the GnuDIP protocol and using the Update URL mechanism.

If a service provided using update URL is not properly secured using HTTPS, your credentials may be visible to an adversary. Once an adversary gains your credentials, they will be able to replay your request your server and hijack your domain.

On the other hand, the GnuDIP protocol will only transport a salted MD5 value of your password, in a way that is secure against replay attacks.

5.3. Using the GnuDIP protocol

  1. Register an account with any Dynamic DNS service provider. A free service provided by the FreedomBox community is available at https://ddns.freedombox.org .

  2. In FreedomBox UI, enable the Dynamic DNS Service.

  3. Select GnuDIP as Service type, enter your Dynamic DNS service provider address (for example, ddns.freedombox.org) into GnuDIP Server Address field.

    Dynamic DNS Settings

  4. Fill Domain Name, Username, Password information given by your provider into the corresponding fields.

5.4. Using an Update URL

This feature is implemented because the most popular Dynamic DNS providers are using Update URLs mechanism.

  1. Register an account with a Dynamic DNS service provider providing their service using Update URL mechanism. Some example providers are listed in the configuration page itself.
  2. In FreedomBox UI, enable the Dynamic DNS service.

  3. Select other Update URL as Service type, enter the update URL given by your provider into Update URL field.

  4. If you browse the update URL with your Internet browser and a warning message about untrusted certificate appears, then enable accept all SSL certificates. WARNING: your credentials may be readable here because man-in-the-middle attacks are possible! Consider choosing a better service provider instead.

  5. If you browse the update URL with your Internet browser and the username/password box appears, enable use HTTP basic authentication checkbox and provide the Username and Password.

  6. If the update URL contains your current IP address, replace the IP address with the string <Ip>.

5.5. Checking If It Works

  1. Make sure that external services you have enabled such as /jwchat, /roundcube and /ikiwiki are available on your domain address.
  2. Go to the Status page, make sure that the NAT type is detected correctly. If your FreedomBox is behind a NAT device, this should be detected over there (Text: Behind NAT). If your FreedomBox has a public IP address assigned, the text should be "Direct connection to the Internet".

  3. Check that the last update status is not failed.

5.6. Recap: How to create a DNS name with GnuDIP

  1. Access to GnuIP login page (answer Yes to all pop ups)

  2. Click on "Self Register"
  3. Fill the registration form (Username and domain will form the public IP address [username.domain])
  4. Take note of the username/hostname and password that will be used on the FreedomBox app.

  5. Save and return to the GnuDIP login page to verify your username, domain and password (enter the datas, click login).
  6. Login output should display your new domain name along with your current public IP address (this is a unique address provided by your router for all your local devices).
  7. Leave the GnuDIP interface and open the Dynamic DNS Client app page in your FreedomBox.

  8. Click on "Set Up" in the top menu.
  9. Activate Dynamic DNS
  10. Choose GnuDIP service.
  11. Add server address (ddns.freedombox.org)
  12. Add your fresh domain name (username.domain, ie [username].freedombox.rocks)
  13. Add your fresh username (the one used in your new IP address) and password
  14. Add your GnuDIP password
  15. Fill the option with https://ddns.freedombox.org/ip/ (try this url in your browser, you will figure out immediately)

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

English - Español - Українська - (+)

6. Roundcube (Email Client)

Roundcube icon

Available since: version 0.5

6.1. What is Roundcube?

Roundcube is a browser-based multilingual email client with an application-like user interface. Roundcube is using the Internet Message Access Protocol (IMAP) to access e-mail on a remote mail server. It supports MIME to send files, and provides particularly address book, folder management, message searching, and spell checking.

Roundcube app can be used to read and send emails in one of the two ways: using an email account you have elsewhere (other than FreedomBox), like in Riseup or in Gmail, or an account on FreedomBox. The latter is possible if an email server app, such as Postfix/Dovecot/Rspamd, is setup and enabled on FreedomBox. At present, Roundcube can only be setup for one of these two ways. This is controlled by the Use only the local mail server option in Roundcube app configuration page.

6.2. Email privacy

In the first case, you only get privacy over your drafts. Once you send the email, a copy will reside in the external services (Riseup, Gmail, etc) unless you explicitly remove it. In any case, your traffic transits through them.

In the second (self-hosted) case, your mail copies reside on your FreedomBox server. But you only keep privacy as long as the recipient also uses a private system and doesn't disclose your content.

6.3. Using Roundcube

After Roundcube is installed, it can be accessed at https://<your freedombox>/roundcube. Enter your username and password. The username for many mail services will be the full email address such as exampleuser@example.org and not just the username like exampleuser. Enter the address of your email service's IMAP server address in the Server field. You can try providing your domain name here, such as example.org for email address exampleuser@example.org and if this does not work, consult your email provider's documentation for the address of the IMAP server. Using encrypted connection to your IMAP server is strongly recommended. To do this, prepend 'imaps://' at the beginning of your IMAP server address. For example, imaps://imap.example.org.

Logging into your IMAP server

6.4. Using Gmail with Roundcube

If you wish to use Roundcube with your Gmail account, you need to first enable support for password based login in your Google account preferences. This is because Gmail won't allow applications to login with a password by default. To do this, visit Google Account preferences and enable Less Secure Apps. After this, login to Roundcube by providing your Gmail address as Username, your password and in the server field use imaps://imap.gmail.com.

Logging into Gmail

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

7. ownCloud

ownCloud was removed from Debian

ownCloud was removed from Debian, so it is not available in the FreedomBox any more. Existing installations however are still working for time being. We are working on finding an adequate alternative.

Migrate to the official owncloud repository can be done in following this post

7.1. What is ownCloud?

ownCloud is a self-hosted file sync and share server. It provides access to your data through a platform to view, sync and share across devices. Calendars and Contacts feature will help you keeping google at a nice distance. ownCloud's functionalities are native or available via plugins (Collaborative Editing, Play Music, Watch Movies, Store Passwords, Dashboard, Mozilla Sync...) via https://apps.owncloud.com/

7.2. Installation

Clicking on the ownCloud application in Plinth will show an installation prompt. Proceed to install. After the installation, visit the /owncloud link provided in the ownCloud page. First time installation wizard will show up asking for administrator username and password to setup (no additional details such as database configuration are requested). After providing the details, you will be logged. You will be able to start using the ownCloud and create more users.

7.2.1. External Storage

ownCloud's external storage plugin allows you to expose the contents of a hard drive or those of an online storage account as a folder. Following are the steps required to setup such storage.

  1. Mount your hard drive or external storage to any fixed directory on the system.
  2. Install two packages needed via the 'apt-get' on the SSH command line shell (this step will not be needed in future):
    • $ sudo apt-get install php-google-api-php-client php-dropbox  
  3. Goto ownCloud Apps section and enable 'External Storage Support' plugin.
  4. Goto 'Admin' section and add your hard drive mount path in the external storage section. This folder will now show up in your folders list to access and sync across devices.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Translation(s): English - Español

8. PageKite (Public Visibility)

8.1. What is PageKite?

PageKite makes local websites and services publicly accessible immediately without creating yourself a public IP address. It does this by tunneling protocols such as HTTPS or SSH through firewalls and NAT. Using PageKite requires an account on a PageKite relay service. One such service is https://pagekite.net.

A PageKite relay service will allow you to create kites. Kites are similar to domain names, but with different advantages and drawbacks. A kite can have a number of configured services. PageKite is known to work with HTTP, HTTPS, and SSH, and may work with some other services, but not all.

8.2. Using PageKite

  1. Create an account on a PageKite relay service.

  2. Add a kite to your account. Note your kite name and kite secret.
  3. In FreedomBox, go to the "Configure PageKite" tab on the Public Visibility (PageKite) page.

  4. Check the "Enable PageKite" box, then enter your kite name and kite secret. Click "Save settings".

  5. On the "Standard Services" tab, you can enable HTTP and HTTPS (recommended) and SSH (optional).
    • HTTP is needed to obtain the Let's Encrypt certificate. You can disable it later.
  6. On the Certificates (Let's Encrypt) page, you can obtain a Let's Encrypt certificate for your kite name.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Deutsch - English - Español - (+)

9. Mumble (Voice Chat) Server

Mumble icon

Available since: version 0.5

9.1. What is Mumble?

Mumble is a voice chat software. Primarily intended for use while gaming, it is suitable for simple talking with high audio quality, noise suppression, encrypted communication, public/private-key authentication by default, and "wizards" to configure your microphone for instance. A user can be marked as a "priority speaker" within a channel.

9.2. Using Mumble

FreedomBox includes the Mumble server. Clients are available for desktop and mobile platforms. Users can download one of these clients and connect to the server.

9.3. Port Forwarding

If your FreedomBox is behind a router, you will need to set up port forwarding on your router. You should forward the following ports for Mumble:

  • TCP 64738
  • UDP 64738

9.4. Managing Permissions

A super user in Mumble has the ability to create administrator accounts who can in turn manage groups and channel permissions. This can be done after logging in with the username "SuperUser" using the super user password. See Mumble Guide for information on how to do this. The SuperUser password can be set through the FreedomBox interface.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

English - Español - (+)

10. Privoxy (Web Proxy)

Privoxy icon

Available since: version 0.1

A web proxy acts as a filter for incoming and outgoing web traffic. Thus, you can instruct any computer in your network to pass internet traffic through the proxy to remove unwanted ads and tracking mechanisms.

Privoxy is a software for security, privacy, and accurate control over the web. It provides a much more powerful web proxy (and anonymity on the web) than what your browser can offer. Privoxy "is a proxy that is primarily focused on privacy enhancement, ad and junk elimination and freeing the user from restrictions placed on his activities" (source: Privoxy FAQ).

10.1. Screencast

Watch the screencast on how to setup and use Privoxy in FreedomBox.

10.2. Setting up

  1. In FreedomBox, install Web Proxy (Privoxy)

    Privoxy Installation

  2. Adapt your browser proxy settings to your FreedomBox hostname (or IP address) with port 8118. Please note that Privoxy can only proxy HTTP and HTTPS traffic. It will not work with FTP or other protocols.

    Privoxy Browser Settings

  3. Go to page http://config.privoxy.org/ or http://p.p. If Privoxy is installed properly, you will be able to configure it in detail; if not you will see an error message.

  4. If you are using a laptop that occasionally has to connect through other routers than yours with the FreedomBox and Privoxy, you may want to install a proxy switch add-on that allows you to easily turn the proxy on or off.

10.3. Advanced Users

The default installation should provide a reasonable starting point for most. There will undoubtedly be occasions where you will want to adjust the configuration, that can be dealt with as the need arises.

  1. Plan first:
    • While using Privoxy, you can see its configuration details and documentation at http://config.privoxy.org/ or http://p.p.

    • The Quickstart is a good starting point to read on how to define own blocking and filtering rules.

    • Read carefully the manual, especially this security warning:

      • Access to the editor can not be controlled separately by "ACLs" or HTTP authentication, so that everybody who can access Privoxy can modify its configuration for all users. This option is not recommended for environments with untrusted users. Note that malicious client side code (e.g Java) is also capable of using the actions editor and you shouldn't enable this options unless you understand the consequences and are sure your browser is configured correctly.

  2. Only when you are ready, perform the changes:
    1. To enable changing these configurations, you first have to change the value of enable-edit-actions in /etc/privoxy/config to 1.

    2. Now you find an EDIT button on the configuration screen in http://config.privoxy.org/.


Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Deutsch - English - Español - Magyar - (+)

11. Ikiwiki (Wiki and Blog)

Ikiwiki icon

Avaiable since: version 0.5

11.1. What is Ikiwiki?

Ikiwiki converts wiki pages into HTML pages suitable for publishing on a website. It provides particularly blogging, podcasting, calendars and a large selection of plugins.

11.2. Creating a wiki or blog

You can create a wiki or blog to be hosted on your FreedomBox through the Wiki & Blog (Ikiwiki) page in FreedomBox. The first time you visit this page, it will ask to install packages required by Ikiwiki.

After the package install has completed, select the "Create Wiki or Blog" button. ikiwiki: Manage

You can select the type to be Wiki or Blog. Also type in a name for the wiki or blog, and the username and password for the wiki's/blog's admin account. Then click Update setup and you will see the wiki/blog added to your list. Note that each wiki/blog has its own admin account. ikiwiki: Manage

11.3. Accessing your wiki or blog

Your wikis and blogs are listed in the Ikiwiki app. Clicking on your site's name will bring you to its start page.

ikiwiki: Manage

From here, if you click Edit or Preferences, you will be taken to a login page. To log in with the admin account that you created before, select the Other tab, enter the username and password, and click Login.

11.4. User login through SSO

Besides the wiki/blog admin, other FreedomBox users can be given access to login and edit wikis and blogs. However, they will not have all the same permissions as the wiki admin. They can add or edit pages, but cannot change the wiki's configuration.

To add a wiki user, go to the Users and Groups page in FreedomBox (under System configuration, the gear icon at the top right corner of the page). Create or modify a user, and add them to the wiki group. (Users in the admin group will also have wiki access.)

To login as a FreedomBox user, go to the wiki/blog's login page and select the Other tab. Then click the "Login with HTTP auth" button. The browser will show a popup dialog where you can enter the username and password of the FreedomBox user.

11.5. Adding FreedomBox users as wiki admins

  1. Login to the site, using the admin account that was specified when the site was created.
  2. Click "Preferences", then "Setup".
  3. Under "main", in the "users who are wiki admins", add the name of a user on the FreedomBox.

  4. (Optional) Under "auth plugin: passwordauth", uncheck the "enable passwordauth?" option. (Note: This will disable the old admin account login. Only SSO login using HTTP auth will be possible.)
  5. At the bottom of the page click "Save Setup".
  6. Click "Preferences", then "Logout".
  7. Login as the new admin user using "Login with HTTP auth".

11.6. Avoiding Spam

By default, every wiki page also has a "Discussion" page, which can be edited anonymously, without logging in. To avoid spam, you may want to disable the Discussion feature all together, by unchecking the "enable Discussion pages?" option in the setup.

11.7. Theming

  1. Login to the site, using the admin account that was specified when the site was created.
  2. Click "Preferences", then "Setup".
  3. Under "web plugin: theme", check "enable theme?"
  4. Right under the checkbox, type in the name of the desired theme. You can choose from the following officially supported themes:
    • actiontabs - mobile friendly
    • blueview - non-mobile friendly
    • goldtype - non-mobile friendly
    • monochrome - mobile friendly
  5. At the bottom of the page click "Save Setup".

For your changes to become visible, you might have to delete your browser's cache or wait a few minutes and refresh your ikiwiki's page.

It is also possible to install user-contributed themes from ikiwiki's Theme Market. Please note, that this requires additional technical knowledge.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

System

Translation(s): English - Español - Українська

1. Configure

Configure has some general configuration options:

1.1. Hostname

  • Hostname is the local name by which other devices on the local network can reach your FreedomBox. The default hostname is freedombox.

1.2. Domain Name

1.3. Webserver Home Page

Once some other app is set as the home page, you can only navigate to the FreedomBox Service by typing https://myfreedombox.rocks/plinth/ into the browser.
/freedombox can also be used as an alias to /plinth

  • You can set any web application, Ikiwiki wikis and blogs or Apache's default index.html page as the web server home page. Since release 20.20 you can also select a user's website among those users who have created their public_html directory.

  • Tip: Bookmark the URL of FreedomBox Service before setting the home page to some other app.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Translation(s): English - Español

2. Users and Groups

You can grant access to your FreedomBox for other users. Provide the Username with a password and assign a group to it. Currently the groups

  • admin
  • bit-torrent
  • calibre
  • ed2k
  • feed-reader
  • freedombox-share
  • git-access
  • i2p
  • minidlna
  • syncthing
  • web-search
  • wiki

are supported.

The user will be able to log in to services that support single sign-on through LDAP, if they are in the appropriate group.

Users in the admin group will be able to log in to all services. They can also log in to the system through SSH and have administrative privileges (sudo).

A user's groups can also be changed later.

It is also possible to set an SSH public key which will allow this user to securely log in to the system without using a password. You may enter multiple keys, one on each line. Blank lines and lines starting with # will be ignored.

The interface language can be set for each user individually. By default, the language preference set in the web browser will be used.

A user's account can be deactivated, which will temporarily disable the account.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Translation(s): English - Español

3. Networks

This section describes how networking is setup by default in FreedomBox and how you can customize it. See also the Firewall section for more information on how firewall works.

3.1. Default setup

In a fresh image of FreedomBox, network is not configured at all. When the image is written to an SD card and the device boots, configuration is done. During first boot, FreedomBox setup package detects the networks interfaces and tries to automatically configure them so that FreedomBox is available for further configuration via the web interface from another machine without the need to connect a monitor. Automatic configuration also tries to make FreedomBox useful, out of the box, for the most important scenarios FreedomBox is used for.

There are two scenarios it handles: when is a single ethernet interface and when there are multiple ethernet interfaces.

3.1.1. Single ethernet interface

When there is only single ethernet interface available on the hardware device, there is not much scope for it to play the role of a router. In this case, the device is assumed to be just another machine in the network. Accordingly, the only available interface is configured to be an internal interface in automatic configuration mode. This means that it connects to the Internet using the configuration provided by a router in the network and also makes all (internal and external) of its services available to all the clients on this network.

network_single.png

3.1.2. Multiple ethernet interface

When there are multiple ethernet interfaces available on the hardware device, the device can act as a router. The interfaces are then configured to perform this function.

The first network interface is configured to be an WAN or external interface in automatic configuration mode. This means that it connects to the Internet using network configuration provided by the Internet Service Provider (ISP). Only services that are meant to be provided across the entire Internet (external services) will be exposed on this interface. You must plug your Internet connection into the port of this ethernet interface. If you wish to continue to have your existing router manage the Internet connection for you, then plug a connection from your router to the port on this interface.

The remaining network interfaces are configured for the clients of a router. They are configured as LAN or internal interfaces in shared configuration mode. This means that all the services (both external and internal) services are provided to who ever connects on this interface. Further, the shared mode means that clients will be able to receive details of automatic network connection on this interface. Specifically, DHCP configuration and DNS servers are provided on this interface. The Internet connection available to the device using the first network interface will be shared with clients using this interface. This all means that you can connect your computers to this network interface and they will get automatically configured and will be able to access the Internet via the FreedomBox.

Currently, it is not very clear which interface will be come the WAN interface (and the remaining being LAN interfaces) although the assignment process is deterministic. So, it take a bit of trail and error to figure out which one is which. In future, for each device, this will be well documented.

3.1.3. Wi-Fi configuration

All Wi-Fi interfaces are configured to be LAN or internal interfaces in shared configuration mode. They are also configured to become Wi-Fi access points with following details.

  • Name of the access point will be FreedomBox plus the name of the interface (to handle the case where there are multiple of them).

  • Password for connecting to the interface will be freedombox123.

3.2. Internet Connection Sharing

Although the primary duty of FreedomBox is to provide decentralized services, it can also act like a home router. Hence, in most cases, FreedomBox connects to the Internet and provides other machines in the network the ability to use that Internet connection. FreedomBox can do this in two ways: using a shared mode connection or using an internal connection.

When an interface is set in shared mode, you may connect your machine directly to it. This is either by plugging in an ethernet cable from this interface to your machine or by connecting to a Wi-Fi access point. This case is the simplest to use, as FreedomBox automatically provides your machine with the necessary network configuration. Your machine will automatically connect to FreedomBox provided network and will be able to connect to the Internet given that FreedomBox can itself connect to the Internet.

Sometimes the above setup may not be possible because the hardware device may have only one network interface or for other reasons. Even in this case, your machine can still connect to the Internet via FreedomBox. For this to work, make sure that the network interface that your machine is connecting to is in internal mode. Then, connect your machine to network in which FreedomBox is present. After this, in your machine's network configuration, set FreedomBox's IP address as the gateway. FreedomBox will then accept your network traffic from your machine and send it over to the Internet. This works because network interfaces in internal mode are configured to masquerade packets from local machines to the Internet and receive packets from Internet and forward them back to local machines.

3.3. Customization

The above default configuration may not be fit for your setup. You can customize the configuration to suit your needs from the Networks area in the 'setup' section of the FreedomBox web interface.

3.3.1. PPPoE connections

If your ISP does not provide automatic network configuration via DHCP and requires you to connection via PPPoE. To configure PPPoE, remove any network connection existing on an interface and add a PPPoE connection. Here, optionally, provide the account username and password given by your ISP and activate the connection.

3.3.2. Connect to Internet via Wi-Fi

By default Wi-Fi devices attached during first boot will be configured as access points. They can be configured as regular Wi-Fi devices instead to connection to a local network or an existing Wi-Fi router. To do this, click on the Wi-Fi connection to edit it. Change the mode to Infrastructure instead of Access Point mode and IPv4 Addressing Method to Automatic (DHCP) instead of Shared mode. Then the SSID provided will mean the Wi-Fi network name you wish to connect to and passphrase will be the used to while making the connection.

3.3.2.1. Problems with Privacy Feature

NetworkManager used by FreedomBox to connect to the Wi-Fi networks has a privacy feature that uses a different identity when scanning for networks and when actually connecting to the Wi-Fi access point. Unfortunately, this causes problems with some routers that reject connections from such devices. Your connection won't successfully activate and disconnect after trying to activate. If you have control over the router's behaviour, you could also turn off the feature causing problem. Otherwise, the solution is to connect with a remote shell using SSH or Cockpit, editing a file /etc/NetworkManager/NetworkManager.conf and adding the line wifi.scan-rand-mac-address=no in the [device] section. This turns off the privacy feature.

Edit a file:

$ sudo nano /etc/NetworkManager/NetworkManager.conf

Add the following:

[device]
wifi.scan-rand-mac-address=no

Then reboot the machine.

3.3.3. Adding a new network device

When a new network device is added, network manager will automatically configure it. In most cases this will not work to your liking. Delete the automatic configuration created on the interface and create a new network connection. Select your newly added network interface in the add connection page.

  • Then set firewall zone to internal and external appropriately.

  • You can configure the interface to connect to a network or provide network configuration to whatever machine connects to it.
  • Similarly, if it is a Wi-Fi interface, you can configure it to become a Wi-FI access point or to connect to an existing access points in the network.

3.3.4. Configuring a mesh network

FreedomBox has rudimentary support for participating in BATMAN-Adv based mesh networks. It is possible to either join an existing network in your area or create a new mesh network and share your Internet connection with the rest of the nodes that join the network. Currently, two connections have to be created and activated manually to join or create a mesh network.

3.3.4.1. Joining a mesh network

To join an existing mesh network in your area, first consult the organizers and get information about the mesh network.

  1. Create a new connection, then select the connection type as Wi-Fi. In the following dialog, provide the following values:

    Field Name

    Example Value

    Explanation

    Connection Name

    Mesh Join - BATMAN

    The name must end with 'BATMAN' (uppercase)

    Physical Interface

    wlan0

    The Wi-Fi device you wish to use for joining the mesh network

    Firewall Zone

    External

    Since you don't wish that participants in mesh network to use internal services of FreedomBox

    SSID

    ch1.freifunk.net

    As provided to you by the operators of the mesh network. You should see this as a network in Nearby Wi-Fi Networks

    Mode

    Ad-hoc

    Because this is a peer-to-peer network

    Frequency Band

    2.4Ghz

    As provided to you by the operators of the mesh network

    Channel

    1

    As provided to you by the operators of the mesh network

    BSSID

    12:CA:FF:EE:BA:BE

    As provided to you by the operators of the mesh network

    Authentication

    Open

    Leave this as open, unless you know your mesh network needs it be otherwise

    Passphrase

    Leave empty unless you know your mesh network requires one

    IPv4 Addressing Method

    Disabled

    We don't want to request IP configuration information yet

    Save the connection. Join the mesh network by activating this newly created connection.
  2. Create a second new connection, then select the connection type as Generic. In the following dialog, provide this following values:

    Field Name

    Example Value

    Explanation

    Connection Name

    Mesh Connect

    Any name to identify this connection

    Physical Interface

    bat0

    This interface will only show up after you successfully activate the connection in first step

    Firewall Zone

    External

    Since you don't wish that participants in mesh network to use internal services of FreedomBox

    IPv4 Addressing Method

    Auto

    Mesh networks usually have a DHCP server somewhere that provide your machine with IP configuration. If not, consult the operator and configure IP address setting accordingly with Manual method

    Save the connection. Configure your machine for participation in the network by activating this connection. Currently, this connection has to be manually activated every time you need to join the network. In future, FreedomBox will do this automatically. You will now be able reach other nodes in the network. You will also be able to connect to the Internet via the mesh network if there is an Internet connection point somewhere in mesh as setup by the operators.

3.3.4.2. Creating a mesh network

To create your own mesh network and share your Internet connection with the rest of the nodes in the network:

  1. Follow the instructions as provided above in step 1 of Joining a mesh network but choose and fix upon your own valid values for SSID (a name for you mesh network), Frequency Band (usually 2.4Ghz), Channel (1 to 11 in 2.4Ghz band) and BSSID (a hex value like 12:CA:DE:AD:BE:EF). Create this connection and activate it.

  2. Follow the instructions as provided above in step 2 of Joining a mesh network but select IPv4 Addressing Method as Shared. This will provide automatic IP configuration to other nodes in the network as well as share the Internet connection on your machine (achieved using a second Wi-Fi interface, using Ethernet, etc.) with other nodes in the mesh network.

Spread the word about your mesh network to your neighbors and let them know the parameters you have provided when creating the network. When other nodes connect to this mesh network, they have to follow steps in Joining a mesh network but use the values for SSID, Frequency Band and Channel that you have chosen when you created the mesh network.

3.4. Advanced Network Operations

Cockpit provides many advanced networking features over those offered by FreedomBox. Both FreedomBox and Cockpit operate over Network Manager and are hence compatible with each other. Some of the functions provided by Cockpit include:

  • Set the maximum transmission unit (MTU) for a network connection
  • Change the hardware address (MAC address) of a network interface
  • Add more DNS servers and configure routing of a network connection
  • Creating bonded devices for highly available network interfaces
  • Creating bridge devices to join network interfaces for aggregating separate networks
  • Manage VLAN for creating virtual partitions in the physical network

networks-cockpit.png

3.5. Manual Network Operation

FreedomBox automatically configures networks by default and provides a simplified interface to customize the configuration to specific needs. In most cases, manual operation is not necessary. The following steps describe how to manually operate network configuration in the event that a user finds FreedomBox interface to insufficient for task at hand or to diagnose a problem that FreedomBox does not identify.

On the command line interface:

For text based user interface for configuring network connections:

nmtui

To see the list of available network devices:

nmcli device

To see the list of configured connections:

nmcli connection

To see the current status of a connection:

nmcli connection show '<connection_name>'

To see the current firewall zone assigned to a network interface:

nmcli connection show '<connection_name>' | grep zone

or

firewall-cmd --zone=internal --list-all
firewall-cmd --zone=external --list-all

To create a new network connection:

nmcli con add con-name "<connection_name>" ifname "<interface>" type ethernet
nmcli con modify "<connection_name>" connection.autoconnect TRUE
nmcli con modify "<connection_name>" connection.zone internal

To change the firewall zone for a connection:

nmcli con modify "<connection_name>" connection.zone "<internal|external>"

For more information on how to use nmcli command, see its man page. Also for a full list of configuration settings and type of connections accepted by Network Manager see:

https://developer.gnome.org/NetworkManager/stable/ref-settings.html

To see the current status of the firewall and manually operate it, see the Firewall section.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Translation(s): English - Español

4. Software Updates

FreedomBox can automatically install security updates. On the Update page of the System section in FreedomBox web interface you can turn on automatic updates. This feature is enabled by default and there is no manual action necessary. It is strongly recommended that you have this option enabled to keep your FreedomBox secure.

Updates are performed every day at night according to you local time zone. You can set the time zone with Date & Time. If you wish to shutdown FreedomBox every day after use, keep it running at night once a week or so to let the automatic updates happen. Alternatively, you can perform manual updates as described below.

Note that once the updates start, it may take a long time to complete. During automatic update process that runs every night or during manual update process, you will not be able to install apps from FreedomBox web interface.

update.png

4.1. When Will I Get the Latest Features?

Although updates are done every day for security reasons, latest features of FreedomBox will not propagate to all the users. The following information should help you understand how new features become available to users.

Stable Users: This category of users include users who bought the FreedomBox Pioneer Edition, installed FreedomBox on a Debian stable distribution or users who downloaded the stable images from freedombox.org. As a general rule, only security updates to various packages are provided to these users. One exception to this rule is where FreedomBox service itself is updated when a release gains high confidence from developers. This means that latest FreedomBox features may become available to these users although not as quickly or frequently as testing users. If an app is available only in testing distribution but not in stable distribution, then that app will show up in the web interface but will not be installable by stable users. Some apps are also provided an exception to the rule of "security updates only" when the app is severely broken otherwise. Every two years, a major release of Debian stable happens with the latest versions of all the software packages and FreedomBox developers will attempt to upgrade these users to the new release without requiring manual intervention.

Testing Users: This category of users include users who installed FreedomBox on a Debian testing distribution or users who downloaded the testing images from freedombox.org. Users who use Debian testing are likely to face occasional disruption in the services and may even need manual intervention to fix the issue. As a general rule, these users receive all the latest features and security updates to all the installed packages. Every two weeks, a new version of FreedomBox is released with all the latest features and fixes. These releases will reach testing users approximately 2-3 days after the release.

Unstable Users: This category of users include users who installed FreedomBox on a Debian unstable distribution or users who downloaded the unstable images from freedombox.org. Users who use Debian unstable are likely to face occasional disruption in the services and may even need manual intervention to fix the issue. As a general rule, these users receive all the latest features to all the installed packages. Every two weeks, a new version of FreedomBox is released with all the latest features and fixes. Theses releases will reach unstable users on the day of the release. Only developers, testers and other contributors to the FreedomBox project should use the unstable distribution and end users and advised against using it.

4.2. Manual Updates from Web Interface

To get updates immediately and not wait until the end of the day, you may want to trigger updates manually. You can do this by pressing the Update now button in Manual update tab for Update page in System section. Note that this step is not necessary if you have enabled Auto-updates as every night this operation is performed automatically.

When installing apps you may receive an error message such as

Error installing packages: E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem

This is typically caused by shutting down FreedomBox while it is installing apps, while performing daily updates or during some other operations. This situation can be rectified immediately by running manual update.

4.3. Manual Updates from Terminal

Some software packages may require manual interaction for updating due to questions related to configuration. In such cases, FreedomBox updates itself and brings in new knowledge necessary to update the package by answering configuration questions. After updating itself, FreedomBox acts on behalf of the user and updates the packages by answering the questions. Until FreedomBox has a chance to update the package, such packages should not be be updated manually. The manual update triggered from the web interface is already mindful of such packages and does not update them.

In some rare situations, FreedomBox itself might fail to update or the update mechanism might fall into a situation that might need manual intervention from a terminal. To perform manual upgrades on the terminal, login into FreedomBox on a terminal (if you have monitor and keyboard connected), via a web terminal (using FreedomBox/Manual/Cockpit) or using a remote secure shell (see Secure Shell section). Then run the following commands:

$ sudo su -
Password: <enter user password here>
# dpkg --configure -a
# apt update
# apt -f install
# unattended-upgrade --debug
# apt install freedombox
# apt update

If apt update asks for a confirmation to change Codename or other release information, confirm yes. If during update of freedombox package, if a question about overwriting configuration files is asked, answer to install new configuration files from the latest version of the package. This process will upgrade only packages that don't require configuration file questions (except for freedombox package). After this, let FreedomBox handle the upgrade of remaining packages. Be patient while new releases of FreedomBox are made to handle packages that require manual intervention.

If you want to go beyond the recommendation to upgrade all the packages on your FreedomBox and if you are really sure about handling the configuration changes for packages yourself, run the following command:

$ apt full-upgrade

4.4. Auto-Update to Next Stable Release

FreedomBox can automatically update itself when there is a new stable release of Debian. This update feature is recommended, and enabled by default for stable systems. Note that it also requires "Enable auto-update" to be enabled, and that there is 5 GB free space on the root partition.

In some special cases, such as advanced customization made to the system, the automatic update could fail. If you wish, you can disable it on the System -> Update page, by clearing the “Enable auto-update to next stable release” checkbox.

If you decide to stay on an older release, you should check DebianReleases#Production_Releases to see how long it will be supported by Debian security team. Note that older releases will not have new versions of FreedomBox, even through backports.

4.5. Manual Update to Next Stable Release

Auto-update is recommended for most users. However if you want to do the update manually, here are some tips:

  • Take backups of your apps' data before performing the update.
  • Create a system snapshot before you begin.
  • General instructions for upgrading Debian distribution are available.

  • Some packages are known to have prompts during upgrade, due to modified conffiles. It is recommended not to upgrade these packages manually, but rather to allow FreedomBox to handle their upgrade automatically. This applies to the following packages:

    • bind9
    • firewalld
    • janus
    • minetest-server
    • minidlna
    • mumble-server
    • radicale
    • roundcube-core
    • tt-rss

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Translation(s): English - Español

Contents

  1. Diagnostics

5. Diagnostics

The system diagnostic test will run a number of checks on your system to confirm that applications and services are working as expected.

Just click Run Diagnostics. This may take some minutes.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

English - Español - Українська - (+)

6. Firewall

Firewall is a network security system that controls the incoming and outgoing network traffic. Keeping a firewall enabled and properly configured reduces risk of security threat from the Internet.

The operation of the firewall in FreedomBox web interface is automatic. When you enable a service it is automatically permitted in the firewall and when you disable a service it is automatically disabled in the firewall. For services which are enabled by default on FreedomBox, firewall ports are also enabled by default during the first run process.

Firewall

Firewall management in FreedomBox is done using FirewallD.

6.1. Interfaces

Each interface is needs to be assigned to one (and only one) zone. If an interface is not assigned any zone, it is automatically assigned external zone. Whatever rules are in effect for a zone, those rules start to apply for that interface. For example, if HTTP traffic is allowed in a particular zone, then web requests will be accepted on all the addresses configured for all the interfaces assigned to that zone.

There are primarily two firewall zones used. The internal zone is meant for services that are provided to all machines on the local network. This may include services such as streaming media and simple file sharing. The external zone is meant for services that are provided publicly on the Internet. This may include services such as blog, website, email web client etc.

For details on how network interfaces are configured by default, see the Networks section.

6.2. Opening Custom Ports

Cockpit app provides advanced management of firewall. Both FreedomBox and Cockpit operate over firewalld and are hence compatible with each other. In particular, Cockpit can be used to open custom services or ports on FreedomBox. This is useful if you are manually running your own services in addition to the services provided by FreedomBox on the same machine.

firewalld-cockpit.png

6.3. FreedomBox Ports/Services

The following table attempts to document the ports, services and their default statuses in FreedomBox. If you find this page outdated, see the Firewall status page in FreedomBox interface.

Service

Port

External

Enabled by default

Status shown in FreedomBox

Managed by FreedomBox

Minetest

30000/udp

{*}

{X}

(./)

(./)

XMPP Client

5222/tcp

{*}

{X}

(./)

(./)

XMPP Server

5269/tcp

{*}

{X}

(./)

(./)

XMPP Bosh

5280/tcp

{*}

{X}

(./)

(./)

NTP

123/udp

{o}

(./)

(./)

(./)

FreedomBox Web Interface (Plinth)

443/tcp

{*}

(./)

(./)

{X}

Quassel

4242/tcp

{*}

{X}

(./)

(./)

SIP

5060/tcp

{*}

{X}

(./)

(./)

SIP

5060/udp

{*}

{X}

(./)

(./)

SIP-TLS

5061/tcp

{*}

{X}

(./)

(./)

SIP-TLS

5061/udp

{*}

{X}

(./)

(./)

RTP

1024-65535/udp

{*}

{X}

(./)

(./)

SSH

22/tcp

{*}

(./)

(./)

{X}

mDNS

5353/udp

{o}

(./)

(./)

(./)

Tor (Socks)

9050/tcp

{o}

{X}

(./)

(./)

Obfsproxy

<random>/tcp

{*}

{X}

(./)

(./)

OpenVPN

1194/udp

{*}

{X}

(./)

(./)

Mumble

64378/tcp

{*}

{X}

(./)

(./)

Mumble

64378/udp

{*}

{X}

(./)

(./)

Privoxy

8118/tcp

{o}

{X}

(./)

(./)

JSXC

80/tcp

{*}

{X}

{X}

{X}

JSXC

443/tcp

{*}

{X}

{X}

{X}

DNS

53/tcp

{o}

{X}

{X}

{X}

DNS

53/udp

{o}

{X}

{X}

{X}

DHCP

67/udp

{o}

(./)

{X}

{X}

Bootp

67/tcp

{o}

{X}

{X}

{X}

Bootp

67/udp

{o}

{X}

{X}

{X}

Bootp

68/tcp

{o}

{X}

{X}

{X}

Bootp

68/udp

{o}

{X}

{X}

{X}

LDAP

389/tcp

{o}

{X}

{X}

{X}

LDAPS

636/tcp

{o}

{X}

{X}

{X}

6.4. Manual operation

See FirewallD documentation for more information on the basic concepts and comprehensive documentation.

6.4.1. Enable/disable firewall

To disable firewall

service firewalld stop

or with systemd

systemctl stop firewalld

To re-enable firewall

service firewalld start

or with systemd

systemctl start firewalld

6.4.2. Modifying services/ports

You can manually add or remove a service from a zone.

To see list of services enabled:

firewall-cmd --zone=<zone> --list-services

Example:

firewall-cmd --zone=internal --list-services

To see list of ports enabled:

firewall-cmd --zone=<zone> --list-ports

Example:

firewall-cmd --zone=internal --list-ports

To remove a service from a zone:

firewall-cmd --zone=<zone> --remove-service=<service>
firewall-cmd --permanent --zone=<zone> --remove-service=<interface>

Example:

firewall-cmd --zone=internal --remove-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --remove-service=xmpp-bosh

To remove a port from a zone:

firewall-cmd --zone=internal --remove-port=<port>/<protocol>
firewall-cmd --permanent --zone=internal --remove-port=<port>/<protocol>

Example:

firewall-cmd --zone=internal --remove-port=5353/udp
firewall-cmd --permanent --zone=internal --remove-port=5353/udp

To add a service to a zone:

firewall-cmd --zone=<zone> --add-service=<service>
firewall-cmd --permanent --zone=<zone> --add-service=<interface>

Example:

firewall-cmd --zone=internal --add-service=xmpp-bosh
firewall-cmd --permanent --zone=internal --add-service=xmpp-bosh

To add a port to a zone:

firewall-cmd --zone=internal --add-port=<port>/<protocol>
firewall-cmd --permanent --zone=internal --add-port=<port>/<protocol>

Example:

firewall-cmd --zone=internal --add-port=5353/udp
firewall-cmd --permanent --zone=internal --add-port=5353/udp

6.4.3. Modifying the zone of interfaces

You can manually change the assignment of zones of each interfaces after they have been autuomatically assigned by the first boot process.

To see current assignment of interfaces to zones:

firewall-cmd --list-all-zones

To remove an interface from a zone:

firewall-cmd --zone=<zone> --remove-interface=<interface>
firewall-cmd --permanent --zone=<zone> --remove-interface=<interface>

Example:

firewall-cmd --zone=external --remove-interface=eth0
firewall-cmd --permanent --zone=external --remove-interface=eth0

To add an interface to a zone:

firewall-cmd --zone=<zone> --add-interface=<interface>
firewall-cmd --permanent --zone=<zone> --add-interface=<interface>

Example:

firewall-cmd --zone=internal --add-interface=eth0
firewall-cmd --permanent --zone=internal --add-interface=eth0

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Translation(s): English - Español

Contents

  1. Date & Time

7. Date & Time

This network time server is a program that maintains the system time in synchronization with servers on the Internet.

You can select your time zone by picking a big city nearby (they are sorted by Continent/City) or select directly the zone with respect to GMT (Greenwich Mean Time).

DateTime.png

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Hardware

Deutsch - English - Español - Русский - (+)

FreedomBox is designed to be the software for a consumer electronics device that is easy to setup, maintain and use. The project does not aim to create a custom hardware device ourselves, but instead we intend to partner with hardware vendors to build FreedomBox devices and also support existing hardware. Typically, it is run on single board computers because of their small form factor, low power consumption and favourable price. Some users also run it on old/refurbished desktop or laptop computers or even on virtual machines running on their primary computers.

In addition to supporting various single board computers and other devices, any Debian machine can be turned into a FreedomBox by installing the freedombox package. Debian, the universal operating system, supports a much wider range on hardware. After installing Debian, see the manual page for installing FreedomBox on Debian.

1. Recommended Hardware

On April 22nd, 2019, the FreedomBox Foundation announced the sales of the Pioneer Edition FreedomBox Home Server Kits. This is the recommended pre-installed hardware for all users who don't wish to build their own FreedomBox by choosing the right components, downloading the image and preparing an SD card with FreedomBox.

The kit includes all the hardware needed for launching a FreedomBox home server on an Olimex A20-OLinuXino-LIME2 board. This product provides the perfect combination of open source hardware and free and open source software. By purchasing this product, you also support the FreedomBox Foundation's efforts to create and promote its free and open source server software.

Pioneer Edition FreedomBox Home Server Kits
Pioneer Edition FreedomBox Home Server Kits

2. Supported Hardware

Use these hardware if you are able to download FreedomBox images and prepare an SD card by following the manual. If you wish for simper setup process, please buy the FreedomBox kits from recommended hardware instead. Look at the list of known issues with a hardware before buying it.

A20 OLinuXino Lime2
A20 OLinuXino Lime2

A20 OLinuXino MICRO
A20 OLinuXino MICRO

PC Engines APU
PC Engines APU

Cubietruck
Cubietruck

Cubieboard 2
Cubieboard2

BeagleBone Black
BeagleBone Black

pcDuino3
pcDuino3

Debian
Debian

VirtualBox
VirtualBox

Pine A64+
Pine A64+

Banana Pro
Banana Pro

Orange Pi Zero
Orange Pi Zero

Raspberry Pi 2
Raspberry Pi 2

Raspberry Pi 3 Model B
Raspberry Pi 3 Model B

Raspberry Pi 3 Model B+
Raspberry Pi 3 Model B+

Raspberry Pi 4 B
Raspberry Pi 4 B

RockPro64
RockPro64

Rock64
Rock64

2.1. Hardware Comparison

Name

Speed (GHz)

Debian arch

Ram (GB)

disk (GB)

battery

SATA

Ethernet speed

OSHW

APU.1D

1x2

amd64

2

-

-

(./)

1000x3

{X}

APU.1D4

1x2

amd64

4

-

-

(./)

1000x3

{X}

BeagleBone Black C

1

armhf/omap

½

4

-

-

100

(./)

Cubieboard2

1x2

armhf/sunxi

1

4

(./)

(./)

100

{X}

Cubieboard2-Dual

1x2

armhf/sunxi

1

-

(./)

(./)

100

{X}

Cubieboard3/Cubietruck

1x2

armhf/sunxi

2

8

(./)

(./)

1000

{X}

OLinuXino A20 LIME

1x2

armhf/sunxi

½

-

(./)

(./)

100

(./)

OLinuXino A20 LIME2

1x2

armhf/sunxi

1

-

(./)

(./)

1000

(./)

OLinuXino A20 MICRO

1x2

armhf/sunxi

1

-

(./)

(./)

100

(./)

pcDunino3

1x2

armhf/sunxi

1

4

(./)

(./)

100

{X}

Pine A64+

1.2x4

arm64/sunxi

½,1,2

-

-

-

1000

{X}

Banana Pro

1.2x2

armhf/sunxi

1

-

-

(./)

1000

{X}

Orange Pi Zero

?x4

armhf/sunxi

¼,½

-

-

-

100

{X}

RockPro64

1.4x4+1.8x2

arm64

2,4

16,32,64,128

-

(USB3 or via PCIe card)

1000

{X}

Rock64

1.5x4

arm64

1,2,4

16,32,64,128

-

(USB3)

1000

{X}

3. Additional Hardware

3.1. Hardware Supported with Generic Images

If you already have hardware that you wish turn into a FreedomBox, don't let the limited list of supported hardware discourage you. If you are using AMD or Intel architecture machines, you can download the generic images of that specific architecture that image will work on any machine of that architecture. For ARM 32-bit or ARM 64-bit architectures, we have a similar solution.

Starting with August 2020, we started building generic images that would work for all single board computers based on a solution involving UEFI standards and u-boot firmware. In this approach, a small board specific firmware resides on an SPI flash or an SD card. It is responsible for loading a generic FreedomBox image that is placed in an SD card, a USB drive, a SATA drive or an NVMe drive. So, for your hardware, find and get a u-boot based firmware from your board manufacturer and place it on an SPI flash or an SD card. Next, ensure that that kernel in FreedomBox has support for your board and place it on any of the other storage disks. This approach should work well for a lot of boards that are not listed as specifically supported. See firmware section for more details.

We continue to build images specific to some hardware as we used to earlier. These images have the slight advantage that they are easier to setup because of less step involved. We intend, however, to phase out these images because they can't be booted from all the storage devices and involve development overhead limiting the number of boards we support.

3.2. Adding Hardware Support

If your hardware is not listed above but you were able to get it working using the above described method of using a generic image, drop us a line and we will list it as supported. Further, take a look at the list of targeted hardware for boards to support.

3.3. Deprecated Hardware

This hardware was supported earlier but is no longer supported. If you downloaded an earlier image and are running FreedomBox on one of these hardware, you will keep getting software updates. However, no new images will be provided for these hardware. It is recommended that you migrate to newer, supported hardware using backup and restore.

  • DreamPlug

  • Raspberry Pi

Note: Supported Hardware means that FreedomBox images are built for said hardware and at least one developer has reported the basic functions to be working.

4. Common Hardware Information

The following sections document common advice related to hardware and peripherals when using them with FreedomBox.

4.1. Wi-Fi

FreedomBox can use Wi-Fi hardware for two separate purposes. It can be used to provide internet connectivity or it can be used to share internet connectivity already available to FreedomBox (via Ethernet, 3G/4G or another Wi-Fi interface) with devices on the network. See the Networks manual page for instructions on how to configure FreedomBox for these two cases.

Unfortunately, most built-in Wi-Fi adapters and add-on Wi-Fi adapters require firmware that is not free software. So, FreedomBox recommends attaching a USB Wi-Fi device that does not require non-free firmware. Supported devices automatically show up in the network interface list when configuring networks.

If you have a Wi-Fi device, either built-in or as an add-on, that requires non-free firmware and you are willing to install non-free firmware to get it working, see the Debian wiki page. Once the firmware is installed and the device shows up, it can be configured and used by FreedomBox.

4.2. Power Supply

On single board computers, one can easily encounter situations where the board and its peripherals are not provided sufficient power and malfunction in unpredictable ways. To avoid this, use a power adapter that can supply the minimum current recommended by the hardware manufacturer. When additional peripherals such as USB drives, Wi-Fi devices, SATA drives or NVMe drives are attached, the power requirements increase. A power supply that can provide higher current than needed is preferable but voltage should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.

4.3. Firmware

Desktops, laptops and virtual machines have software that runs during machine start-up called UEFI/BIOS. This software, sometimes called firmware, can load and hand over control to the operating system (in our case FreedomBox), when it is present on any of the storage devices. This is not the case with most single board computers.

Single board computers ship with very small amount of software that is typically limited to booting OS from SD cards or eMMCs. They usually can't boot from USB disks, SATA disks or NVMe disks. To remedy this situation, hardware manufacturers started adding a special storage device called SPI flash which is only a few MiB in size. A special software, which we call firmware here, typically based on free and open source boot loader called u-boot is placed in this SPI flash. When the computer starts up, it starts the boot-loader from SPI flash which will in turn load the operating system. Since the firmware is much more powerful, it has the ability to load the OS from any of the storage media. Examples of single board computers with SPI flash include A20-OLinuXino-Lime2 and RockPro64.

This firmware approach can be used even when SPI flash is not available. Say, one wants to boot from a USB drive and the board does not support booting from it. Firmware can be installed on an SD card (a very tiny one is sufficient) and inserted into the board. Then USB disk will contain FreedomBox as we wish it. When the board starts, it boots the firmware from SD card which in turn boots the operating system from USB drive or any other storage.

This firmware approach also allows us to use generic download images that work for a large number of hardware boards. While increasing the effort for the user a bit more, it has the advantage of allowing us to support a lot more hardware and allow the OS to be present on any storage media.

When special firmware is needed for a single board computer, FreedomBox manual for the board discusses how to to obtain and install the firmware before proceeding with installation of FreedomBox.

4.4. Storage

FreedomBox can run from various storage media supported by your computer. Choosing the storage is about balancing reliability, capacity and speed against cost. A minimum storage capacity of 8GB is recommended for running FreedomBox.

4.4.1. Secure Digital (SD) Card

SD cards are common on single board computers. Most single board computers can boot directly from an SD card without any additional tweaks.

SD cards are typically slowest among the available storage media. Expect your FreedomBox to perform certain operations slower on these disks. Not all SD cards perform similarly and some perform much better than others. When buying an SD card, pick a card with a speed class of at least 10 (written on the card as a circle around the number 10) or UHS speed class 1 (written on the card as a number 1 inside a bucket). UHS speed class 3 (written on the card as number 3 inside a bucket) or application speed class 1 or above (written as A1 and A2) will perform much better. Finally, users of FreedomBox have reported cases where SD cards have failed. So, other storage media should be preferred for higher reliability.

4.4.2. Embedded MultiMediaCard (eMMC)

Many recently released single board computers support eMMC cards. Most single board computers can boot directly from an eMMC without any additional tweaks.

eMMC is sometimes soldered onto the board and you will need to choose the size of eMMC when buying the board. An example of this is the Olimex's A20-OLinuXino-Lime2 board. Other times, a manufacturer will provide eMMC as pluggable peripheral. With this approach, you can add eMMC after you buy the board or upgrade existing one with higher capacity. Do not detach and reattach such pluggable eMMCs too often. They have a very limited number of wear cycles (< 100).

eMMC are much faster than SD cards and spinning disk HDDs but are significantly slower than SSDs. They have much better random write speeds which are needed for many FreedomBox operations. In general, they should be preferred over SD cards.

FreedomBox image can be setup on an eMMC in two ways. For a detachable eMMC, there are eMMC to USB converters available. Detach the eMMC from the board, attach it to the USB converter and plug it into your machine and proceed with writing FreedomBox on it as one would for an SD card. In case the eMMC is not detachable, boot the computer with a media other than the eMMC such as an SD card or USB disk. It could be any operating system. After booting, the eMMC will show up as an additional disk. Download and write FreedomBox image onto it as one would for an SD card.

4.4.3. USB Disk Drive

Most computers and single board computers have USB ports. These ports accept storage media such as USB flash drives, SSDs or HDDs.

A USB flash drive can also serve as a storage medium for running FreedomBox. USB 2.0 flash drives are much slower and comparable to SD cards in their performance. USB 3.0 flash drives yield much better performance. Both USB flash drives and SD cards use similar technology so the read/write cycles and hence the reliability as similarly limited.

Apart from USB flash drives, solid state drives (SSDs) and hard disk drives (HDDs) can be inserted into USB ports. This is possible either by buying drives with USB interface or by using convertors such as USB to SATA or USB to M.2 interface. Both SSDs and HDDs have much higher reliability compared to SD cards, eMMC or USB flash drives. These should be preferred whenever possible. In addition, SSDs provide excellent performance when connected via USB 3.0 interface.

When connecting SSDs and HDDs to USB ports on single board computers, care should be taken about the power supply to the drive. If the drive has an extra power supply there is nothing to worry about. Otherwise, ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. For the board, always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but the voltage supplied should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.

Setting up a FreedomBox image on a USB (flash, SSD or HDD) drive can be straight forward as most computers have USB ports. Plug-in the USB drive to your computer, download and write the FreedomBox image to the USB drive. While laptops, desktops and virtual machines can boot from a USB drive without intervention, many single board computers can't boot from USB drives. To address this, a separate firmware is needed. See firmware section for setting this up.

4.4.4. SATA disk drive

Some desktops, laptops and single board computers support a SATA interface to connect a solid state drive (SSD) or a hard disk drive (HDD). An example of a single board computer supporting SATA interface is the Olimex's A20-OLinuXino-Lime2. SATA protocol is also used for mSATA ports or M.2 slots (with a B-Key or an M-key). Both SSDs and HDDs have much higher reliability compared to SD cards, eMMC or USB flash drives. SATA interface provides very good data transfer rates (but not as good as NVMe drives based on PCIe). These should be preferred over SD cards, eMMCs or USB flash drives whenever possible.

When connecting SSDs and HDDs to SATA ports on single board computers, care should be taken about the power supply to the drive. If the drive has an extra power supply there is nothing to worry about. Otherwise, ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. Always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but voltage should match the recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.

To setup FreedomBox image on a SATA disk drive, boot the computer with a media other than the SATA disk such as an SD card. It could be any operating system. After booting, the SATA disk will show up as an additional disk. Download and write FreedomBox image onto it as one would for an SD card. While laptops, desktops and virtual machines can boot from a SATA drives without additional intervention, many single board computers can't boot from SATA drives. To address this, a separate firmware disk is needed. See firmware section for setting this up.

4.4.5. NVMe disk drive

Most desktops, laptops and some single board computers support an NVMe interface to connect a solid state drive (SSD). This support is provided either with an M.2 slot (with a B-key or an M-key) or by providing a PCIe expansion slot. If a PCIe expansion slot is provided, a PCIe to M.2 convertor can be used to accommodate an NVMe drive. An example of a single board computer supporting an M.2 slot is the Radxa's Rock Pi 4 board. An example of single board computer providing PCIe slot is the Pine64's RockPro64 board. NVMe based SSD have much higher reliability compared to SD cards, eMMC or USB flash drives. NVMe drives provide the fastest data transfer rates. These should be preferred over all other types of drives whenever possible.

When connecting NVMe drives to single board computers, care should be taken about the power supply to the drive. Ensure that the single board computer is able to power the drive by checking the power requirements of the drive and what the board supports. Always use a power adapter that can supply the minimum current recommended by the hardware manufacturer. Power supply that can provide higher current than needed is preferable but voltage should match the manufacturer recommendation exactly. Keep in mind that some cheap power supplies don't supply the current they promise to.

To setup FreedomBox image on an NVMe disk drive, boot the computer with a media other than the NVMe disk such as an SD card. It could be any operating system. After booting NVMe disk will show up as an additional disk. Download and write FreedomBox image onto it as one would for an SD card. While laptops, desktops and virtual machines can boot from NVMe drives without intervention, many single board computers can't boot from NVMe drives. To address this a separate firmware disk is needed. See firmware section for setting this up.

5. Building Your Own Images

All FreedomBox disk images for different hardware is built by the project using a tool known as Freedom Maker. If for some reason, you wish to build your own images instead of downloading the provided images, use this tool. The README file in the project provides information about the list of hardware build targets available and how to build images.

5.1. Status of Software Used

  • All the software present in FreedomBox images is from Debian repositories. There are some minor tweaks done by the Freedom Maker script.

  • All images use the Linux kernel from Debian which is in turn based on the mainline Linux kernel.
  • A few images include non-free firmware from Debian's non-free-firmware component (see Firmware). Other than firmware, all software present in the images is DFSG compliant free software. The table below lists the components included in each image. (Note: this work is in progress, planned for images built after Debian 12 (bookworm) release.)

Image

Includes main?

Includes non-free-firmware?

Non-free firmware included

32-bit ARM (armhf)

(./)

32-bit x86 (i386)

(./)

(./)

amd64-microcode, intel-microcode (see Microcode)

64-bit ARM (arm64)

(./)

64-bit x86 (amd64)

(./)

(./)

amd64-microcode, intel-microcode (see Microcode)

A20 OLinuXino Lime

(./)

A20 OLinuXino Lime 2

(./)

A20 OLinuXino MICRO

(./)

Beagle Bone Black

(./)

Cubieboard 2

(./)

Cubietruck (Cubieboard 3)

(./)

Lamobo R1

(./)

LeMaker Banana Pro

(./)

LinkSprite pcDuino3S

(./)

Orange Pi Zero

(./)

PC Engines APU 1D

(./)

Pine A64 LTS

(./)

Pine A64+

(./)

Pioneer Edition FreedomBox

(./)

QEMU/KVM amd64

(./)

QEMU/KVM i386

(./)

Raspberry Pi 2

(./)

(./)

raspi-firmware

Raspberry Pi 3 Model B

(./)

(./)

raspi-firmware, firmware-brcm80211

Raspberry Pi 3 Model B+

(./)

(./)

raspi-firmware, firmware-brcm80211

Raspberry Pi 4 Model B

(./)

(./)

raspi-firmware, firmware-brcm80211

Rock64

(./)

RockPro64

(./)

VirtualBox for amd64

(./)

VirtualBox for i386

(./)


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Images are licensed under various creative commons licenses. See individual linked pages for attribution information.

6. Cubietruck

6.1. FreedomBox Danube Edition

FreedomBox Danube Edition

FreedomBox Danube Edition is a custom casing around Cubietruck and an SSD-hard drive.

6.2. Cubietruck / Cubieboard3

Cubietruck (Cubieboard3) is a single board computer with very good performance compared to many other boards. FreedomBox images are built for this device.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

6.3. Download

FreedomBox SD card images are provided for this hardware. These SD card images are meant for use with the on-board SD card slot and do not work when used with a separate SD card reader connected via USB.

An alternative to downloading these images is to install Debian on the Cubietruck and then install FreedomBox on it.

6.4. Availability

Cubietruck / Cubieboard3

6.5. Hardware

  • Open Hardware: No
  • CPU: Allwinner A20, ARM Cortex-A7 @ 1GHz dual-core
  • RAM: 2 GiB DDR3 @ 480 MHz
  • Storage: 8 GB NAND flash built-in, 1x microSD slot
  • Architecture: armhf
  • Ethernet: 10/100/1000, RJ45
  • WiFi: Broadcom BCM4329/BCM40181 (no free WiFi drivers + firmware available)

  • SATA: 1x 2.0 port

6.6. Non-Free Status

  • Non-free blobs required: ?
  • WiFi: no free WiFi drivers + firmware available

6.7. Known Issues

  • The on-board WiFi does not work with free software. A separate USB WiFi device is recommended.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

FreedomBox Danube Edition image is copyright Markus Sabadello, used here with permission.

7. Beagle Bone Black

Beagle Bone Black

Beagle Bone Black (Revision C.1) is an Open Source Hardware (OSHW) single board computer. This means that the designer is actively helping people using the platform for their own designs, and supports them in adding hardware functionality and production advice. This is a part of freedom that is often overlooked, but very much aligned with the FreedomBox goals. FreedomBox images are built and tested for this device.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

7.1. Download

FreedomBox SD card images are available for this device. Follow the instructions on the download page to create a FreedomBox SD card and boot the device.

Note: This image is for BeagleBone Black (Revision C.1) only. It will not work on the BeagleBone Green, and also not on the Revisions A & B.

An alternative to downloading these images is to install Debian on the BeagleBone and then install FreedomBox on it.

7.2. Availability

7.3. Hardware

  • Open Source Hardware (OSHW): Yes

  • CPU: AM335x 1GHz ARM Cortex-A8

  • RAM: 512MB DDR3L 800 Mhz
  • Storage: Onboard 4GB, 8bit Embedded MMC and microSD
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: None

7.4. Non-Free Status

  • Non-free blobs required: No
  • WiFi: Not available


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Beagle Bone Black image is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License by Circuitco.

8. VirtualBox

VirtualBox

This page will help you get started with using FreedomBox on a virtual machine using VirtualBox. While VirtualBox images are primarily used for testing and development, they can also be used for regular use if you have spare resources on one of your machines. This setup is useful if:

  • You don't own one of the supported hardware devices.

  • You don't use Debian GNU/Linux as your operating system.
  • You don't want to disturb your Debian installation to try out FreedomBox.

Prebuilt FreedomBox images for VirtualBox are routinely made available in VirtualBox's own VDI image file format. They contain a Debian GNU/Linux operating system and an installation of FreedomBox with all dependencies ready to run on any OS supported by VirtualBox (Windows, Linux, Macintosh, and Solaris).

A more adventurous alternative to downloading one of these images is to install Debian on VirtualBox and then install FreedomBox on it.

VirtualBox itself is available from https://www.virtualbox.org/ (or your distribution's package manager).

8.1. Download

Follow the instructions on the download page to download and verify a VirtualBox image. The latest images are available on freedombox.org.

8.2. Creating a Virtual Machine

  1. Decompress the downloaded VDI image (tool for Windows, Mac).

  2. Create a new VM in the VirtualBox UI with OS type Linux and Version Debian (32/64-bit according to the downloaded image).

VirtualBox Name and OS dialog

  1. In the Hard disk dialog choose Use an existing virtual hard disk file and select the .vdi file you extracted in step 1.

VirtualBox Hard disk dialog

  1. When created, go to the virtual machine's Settings -> [Network] -> [Adapter 1]->[Attached to:] and choose the network type your want the machine to use according to the explanation in Network Configuration below. The recommended type is the Bridged adapter option, but be aware that this exposes the FreedomBox's services to your entire local network.

VirtualBox recommended network setting

Note: It is important to make sure that you have provided the correct network interface in the above step. For example, if the virtual machine is running on a laptop connected to a Wi-Fi network, then the wireless interface (starts with wlp) must be chosen as shown in the screenshot.

8.3. First Boot

When satisfied with the VM settings click the start button in the VirtualBox UI and your new FreedomBox will boot.

The console of the VM will show the textual screen below when finished booting, from here most interaction with FreedomBox will be through the web interface in a browser.

FreedomBox console after booting successfully

If everything went well so far, you should be able to access the web interface of FreedomBox by pointing a browser on the host machine to https://freedombox.local.

In case freedombox.local cannot be resolved, you need to find out your FreedomBox's IP address as described in Finding out the IP address of the virtual machine. Then access this IP from a web browser which is on the same network as the VM (for example, the host). If all is well, you are now presented with a welcome message and invited to complete the first boot process.

FreedomBox welcomes you to the first boot

This mainly consist of creating an administrative user for the system.

8.4. Using

See the FreedomBox usage page for more details.

You can log in to the Debian GNU/Linux system as the user created during FreedomBox first boot on the VirtualBox console or remotely via ssh.

After logging in, you can become root with the command sudo su.

8.5. Build Image

If you wish to build your own images instead of downloading available images, it can be done using Freedom Maker.

8.6. Tips & Troubleshooting

8.6.1. Network Configuration

VirtualBox provides many types of networking options. Each has its advantages and disadvantages. For more information about how various networking types work in VirtualBox, see VirtualBox's networking documentation. https://www.virtualbox.org/manual/ch06.html

For a simple setup, it is recommended that you use a single network interface in your guest machine. This will make the first boot script automatically configure that interface as an internal network with automatic network configuration. Inside the guest machine, the networking is configured automatically and all the services are made available on this network interface. For more information on how networks are configured by default in FreedomBox, see Networks section.

What remains is to make those services available to the host machine or to other machines in the network. You must then choose one of the following types of networking for the network interface on your guest machine. To set a particular type of network for the guest's network adapter, go to the guest VM's settings then the network options and then select the adapter you wish to configure. There, set the network type from the available list of networks.

  1. First and the recommended option is to use the Bridged type of network. This option exposes the guest machine to the same network that host network is connected to. The guest obtains network configuration information from a router or DHCP server on the network. The guest will appear as just another machine in the network. A major advantage of this of setup is that the host and all other machines in the network will be able to access the services provided by guest without requiring any further setup. The only drawback of this approach is that if the host is not connected to any network, the guest's network will remain unconfigured making it inaccessible even from the host.

  2. Second method is Host only type of networking. With a guest's network interface configured in this manner, it will only be accessible from the host machine. The guest will not able access any other machine but the host, so you do not have internet access on the guest. All services on the guest are available to the host machine without any configuration such as port forwarding.

  3. The third option is to use the NAT type of network. This the networking type that VirtualBox assigns to a freshly created virtual machine. This option works even when host is not connected to any network. The guest is automatically configured and is able to access the internet and local networks that host is able to connect to. However, the services provided by the guest require port forwarding configuration setup to be available outside.

    To configure this go to VM settings -> [Network] -> [Adapter] -> [Port Forwarding]. Map a port such as 2222 from host to guest port 22 and you will be able to ssh into FreedomBox from host machine as follows:

     ssh -p 2222 fbx@localhost

    Map 4443 on host to 443 on the guest. This make FreedomBox HTTPS service available on host using the URL https://localhost:4443/ You will need to add a mapping for each such services from host to guest.

  4. The final option is to create two network interfaces, one host only and one NAT type. This way you can access the guest without any additional configuration, and you have internet access on the guest. The guest will be invisible to any other machines on the network.

Summary of various network types:

-

Guest accessible from other machines

Guest accessible from host

Works without port forwarding

Works without host connected to network

Guest has internet access

Bridged

(./)

(./)

(./)

{X}

(./)

Host only

{X}

(./)

(./)

(./)

{X}

NAT

(./)

(./)

{X}

(./)

(./)

NAT and Host

{X}

(./)

(./)

(./)

(./)

8.6.2. Finding out the IP address of the virtual machine

This depends on the network configuration you chose. With a bridged adapter, your virtual machine gets its IP address from the DHCP server of your network, most likely of your Router. You can try the first couple of IP addresses or check your router web interface for a list of connected devices.

If you chose host-only adapter, the IP address is assigned by the DHCP server of your VirtualBox network. In the VirtualBox Manager, go to File -> Preferences -> Network -> Host-only Networks. You can see and edit the DHCP address range there, typically you get assigned addresses close to the Lower Address Bound.

Another possibility of finding the IP address is to login via the VirtualBox Manager (or similar software). The FreedomBox images do not have any default user accounts, so you need to set an initial user and password using the passwd-in-image script.

See also QuickStart for instructions on how to scan your network to discover the IP of the VM.

8.6.3. Networking Problems with macchanger

The package macchanger can cause network problems with VirtualBox. If you have a valid IP address on your guest's host network adapter (like 192.168.56.101) but are not able to ping or access the host (like 192.168.56.1), try uninstalling macchanger:

$ dpkg --ignore-depends=freedombox-setup --remove macchanger 

You might have to manually remove the script /etc/network/if-prep-up/macchanger. If Debian complains about unmet dependencies when you use a package manager (apt-get, aptitude, dpkg), try to remove 'macchanger' from the dependencies of 'freedombox-setup' in the file /var/lib/dpkg/status.

8.6.4. Mounting Images Locally

If you want to mount images locally, use the following to copy built images off the VirtualBox:

$ mkdir /tmp/vbox-img1 /tmp/vbox-root1
$ vdfuse -f freedombox-unstable_2013.0519_virtualbox-i386-hdd.vdi /tmp/vbox-img1/
$ sudo mount -o loop /tmp/vbox-img1/Partition1 /tmp/vbox-root1
$ cp /tmp/vbox-root1/home/fbx/freedom-maker/build/freedom*vdi ~/
$ sudo umount /tmp/vbox-root1
# $ sudo umount /tmp/vbox-img1 # corruption here.

8.6.5. Fixing the time after suspend and resume

The virtual machine loses the correct time/date after suspending and resuming. One way to fix this is to create a cron-job that restarts the time service ntp. You can add a crontab entry as root to restart ntp every 15 minutes by typing 'crontab -e' and adding this line:

*/15 * *   *   *     /etc/init.d/ntp restart

Do not restart this service too often as this increases the load of publicly and freely available NTP servers.

8.6.6. UUID collision in VB

Whenever this happens VirtualBox shows following error message: Cannot register the hard disk A with UUID ... because a hard disk B with UUID ... already exists in the media registry

Creating several VMs from the same image causes collisions due to ID's (hostname, IP, UUID, etc) that are expected to be universally unique. Most can be handeled operating the running VM. But VirtualBox complains before that (at the very creation of the VM) about the hard disk's UUID. This is usual stuff when you develop/test e.g. FreedomBox.

You can change a clone's UUID in the terminal as follows:

$ VBoxManage internalcommands sethduuid path/to/the/hd/vdi/file


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Translation(s): Deutsch - English - Español - Українська

9. Debian

FreedomBox is a pure blend of Debian. This means that all the work on FreedomBox is available in Debian as packages. It also means that any machine running Debian can be turned into a FreedomBox.

This page describes the process of installing FreedomBox on a Debian system. Currently, FreedomBox works in Debian Stable (Bullseye), Testing (Bookworm), and Unstable (Sid).

Important: Read general advice about hardware before building a FreedomBox with this approach.

Use a fresh Debian installation

Installing FreedomBox changes your Debian system in many important ways. This includes installing a firewall and regenerating server certificates. It is hence recommended that you install FreedomBox on a fresh Debian installation instead of an existing setup.

Console/GUI logins for non-admin users will be disabled

After FreedomBox is fully setup, your system will no longer allow users not belonging to the admin group to log in to the system via console, secure shell (SSH) or graphical login. This behaviour can be disabled from the Security page. Use the administrator account created during FreedomBox first boot for console logins and add further user accounts to admin group, if necessary.

9.1. Installing on Debian 11 (Bullseye) or newer

Check the Troubleshooting section below, for any tips or workarounds that might help during the install.

  1. Install Debian 11 (Bullseye), or Unstable (Sid) on your hardware.

  2. Update your package list.
    $ sudo apt-get update
  3. Install freedombox package.

    $ sudo DEBIAN_FRONTEND=noninteractive apt-get install freedombox
    • The "DEBIAN_FRONTEND=noninteractive" will avoid several configuration prompts that would otherwise appear during the install.
  4. During the installation, you will be provided a secret key that needs to be entered during the initial configuration process. Note this down. The secret can also be read at a later time from the file /var/lib/plinth/firstboot-wizard-secret.

  5. You can start using FreedomBox. During initial wizard, you will need to enter the secret noted above.

9.2. Tips and Troubleshooting

  1. FreedomBox uses NetworkManager to manage network configuration. If you have configured your network interfaces using Debian installer or by editing /etc/network/interfaces, FreedomBox will not manage those interfaces. (See bug #797614.) To let FreedomBox/NetworkManager manage your network interfaces, edit the /etc/network/interfaces manually and ensure that it contains only the following:

    auto lo
    iface lo inet loopback

    If you have already completed the setup process without doing this step, you will need to clear out the /etc/network/interfaces file keeping only the above lines. Then perform a reboot. Network interfaces will then be in the internal or external firewall zone. This is essential for the FreedomBox's web interface to be reachable from other machines in the network. You can tweak network manager connections with the nmtui command if you wish.

  2. FreedomBox will use an automatically configured IP address by default. You can assign a static IP address if necessary. Network configuration changes can be done using FreedomBox web interface or by using the nmtui or nmcli commands. nmcli can be used as follows:

      nmcli con mod "Ethernet connection 1"  \
      ipv4.addresses A.A.A.A/X  \
      ipv4.gateway G.G.G.G  \
      ipv4.dns N.N.N.N  \
      ipv4.dns-search somedomain.com  \
      ipv4.method "manual"  \
      ipv4.ignore-auto-dns yes  \
      ipv6.method ignore
  3. ..with the block capitals and somedomain.com replaced with your actual address, mask description, gateway and dns server details.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

See the Debian logo page for information on its copyright.

10. Raspberry Pi 2 Model B

Raspberry Pi 2

Raspberry Pi 2 (Model B ) is a popular single board computer developed with the intention of promoting teaching of basic computer science in schools. It is a successor to Raspberry Pi Model B+ with much faster processor and more RAM. FreedomBox images are built and tested for it.

Please do not expect any output on a monitor connected via HDMI to this device as it does not display anything beyond the message 'Starting kernel...'. See the Quick Start page to access and control your FreedomBox from network.

Important: Read general advice about hardware before building a FreedomBox with this single board computer.

10.1. Download

FreedomBox SD card images for this hardware are available. Follow the instructions on the download page to create a FreedomBox SD card and boot into FreedomBox.

10.2. Availability

10.3. Hardware

  • Open Hardware: No
  • CPU: 900 MHz quad-core ARM Cortex-A7
  • RAM: 1 GB
  • Storage: MicroSD card slot
  • Architecture: armhf
  • Ethernet: 10/100, RJ45
  • WiFi: None, use a USB WiFi device

  • SATA: None

10.4. Non-Free Status

  • Non-free blobs required: boot firmware
  • WiFi: Not available


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

Raspberry Pi 2 image is licensed under Creative Commons Attribution-ShareAlike 4.0 International license by Multicherry.

Deutsch - English - Español - Français - Українська - (+)

Getting Help

The FreedomBox community provides live help via forum, chat and email. Feel free to join and ask anything you like. If you receive help, please consider to report your solution to the Questions and Answers page, so others can benefit in the future.

1. Discussion Forum

The easiest way to get support is by using the discussion forum. You can browse solutions to known problems or request help from community contributors by asking a question. This is also the best way to provide community contributors with feedback about your FreedomBox experience.

To post new content, you will need to register for an account with name and email address (but you can provide pseudonym and non-primary email address). By watching topics and categories or by enabling 'mailing list mode' in your account preferences, you can interact with the forum by just sending and receiving emails similar to a mailing list.

2. Matrix

You can join our Matrix room #freedombox:matrix.org. The room is federated with the IRC channel and remembers the chat history. If you do not yet have a client installed, you can use your web browser to join. For more options, see this matrix client overview page.

3. IRC #freedombox

Providing you are familiar with Internet Relay Chat (IRC) and IRC client, you can get an instant online help from the community on irc.debian.org, channel #freedombox. Potentially it takes some time before some member is answering you, be patient, a reaction will come later.

4. Email

FreedomBox users and contributors can be reached by email via a discussion list. In order to ask a question and get an answer from the community, please register from the mailing list page providing your email adress and creating a password. You can also read discussions archives. This list gathers about 700 readers.

5. Help Back

Once you've got your solution, don't forget to add it to the Questions and Answers page and tell which features do you use from the box on Use Cases page. It could help others to use FreedomBox in a way they would have not imagined.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox

= Developer =

The FreedomBox Developer Manual provides a step by step tutorial for writing apps for FreedomBox and an API reference. It is available from docs.freedombox.org.

Back to Features introduction or manual pages.


HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox


Intro

Information

Support

Contribute

Reports

Promote

Vision

Hardware

Live Help

Where To Start

Translate

Calls

Talks

Overview

Download

Q&A

To Do

Design

Releases

Press

Features

Manual

Contributors

Code

Blog

FreedomBox for Communities

FreedomBox Developer Manual

HELP & DISCUSSIONS: Discussion Forum - Matrix - Mailing List - #freedombox irc.debian.org | CONTACT Foundation | JOIN Project

Next call: Sunday, March 24 at 17:00 UTC

This page is copyright its contributors and is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.


CategoryFreedomBox