Frequently Asked Questions

1. GENERAL INTRODUCTION

1.1. What is FreedomBox?

  • FreedomBox is a personal server that protects your privacy. It uses a free software stack, a subset of the Debian universal operating system, that can be installed on a variety of cheap and power-efficient hardware. FreedomBox is designed for simple set-up and operation, similar to that of a smart phone.

Continue reading on the Introduction page.

1.2. What does FreedomBox do?

  • FreedomBox is intended to protect your private life against advertising companies and protect your anonymity while browsing the Internet or local network. It allows you to provide services to family and friends (such as hosting files and bookmarks, remote storage, chat, wiki/blog). FreedomBox sets and upgrades automatically the security of these services. You can connect to FreedomBox when you are outside your home in a secure manner to access services and reach other personal computers or electronic devices. You can choose to route your mobile phone traffic via your FreedomBox using your internet connection at home. You can also do group audio chats and BitTorrent, even on very simple hardware.

1.3. Can FreedomBox provide a secure email server?

  • Future applications include secure email server, distributed social networking, password-less single sign on, browser assistant. Active contributors are working on it. They are also working on supporting more hardware.

1.4. Do I need technical expertise to start using FreedomBox?

  • No, technical expertise is not required to operate FreedomBox at a high level. A turnkey FreedomBox system is available for purchase by Olimex.

1.5. What is the relationship between Debian and FreedomBox?

  • FreedomBox is a “pure blend” (i.e. a packaged subset) of Debian - available for some boards as a pre-installed image and generally available as a Debian package to be installed on top of an existing Debian system.

1.6. How can I ask a question?

  • Feel free to add your question on this page (and answer if you have it) by signing up and using the edit feature. Answers mostly come from the FreedomBox discussion list archives. Please read also live help page.

1.7. How do I communicate with users outside of my local FreedomBox?

  • The messaging applications and social networks on FreedomBox are federated systems; if you have an account on one server, you can talk to anyone on any server. The most common federated system is email. Just as you can send an email to users on other email servers, you can do instant messaging and social media interactions with users on other servers. For example, ejabberd and Matrix Synapse are federated instant messaging systems, while diaspora*, Pleroma, Mastodon etc. are federated social networking systems.

2. HARDWARE

2.1. Single Board Computer (SBC)

2.1.1. Which single board computer (SBC) do you recommend?

2.1.2. What is a single board computer (SBC)?

  • A single board computer (SBC) is a “mini pc” based on a single circuit board that allows a reduction of overall cost. Most of them are cheap with low energy consumption. FreedomBox is developed towards Open Source SBCs providing plug-in cards.

You can check Single-board computers page on from the the Free Software Foundation (FSF)'s hardware database.

2.1.3. Do I need a single board computer such as Cubietruck or Raspberry Pi?

  • Not necessarilly. FreedomBox may be used on any computer which you can install Debian; it may be installed via the freedombox package. But don’t worry - the FreedomBox team provides images for some of the more common single board computers and for VirtualBox to make it easier for people to get up and running.

2.1.4. What level of performance should be expected with FreedomBox on SBCs?

Performance is not the only consideration with FreedomBox on single-board computers. The “high performance” computers may also consume much more energy and operate much hotter, require a fan, and therefore be noisier and potentially have a shorter operational lifespan. Different ARM devices may perform differently given the same amount of energy. For example, Allwinner-based boards of the same grade (e.g. Cubietruck and LIME2 both built around Allwinner A20) roughly perform the same, whereas Sitara-based boards (like the BeagleBone Black) are rumored to operate more efficiently in certain bases even if superficial specs may appear lower. Performance may be less important on a server than on a desktop system. The FreedomBox team believes that the Olimex A20-OLinuXino-LIME2 is currently the best option, based on its balance between performance, memory, openness and other factors. If price is more of a concern, consider the Olimex A20-OLinuXino-LIME; it has similar but slightly lower specifications of the LIME2 at a reduced price point.

If you’re looking to compare the LIME and MICRO performance, both being Allwinner A20 board from OLIMEX, see this technical benchmark (it seems to mostly depend on whether you’re willing to pay 20 EUR for an extra 512 MB RAM.)

In my experience running on a BeagleBone Black, it is capable of running most day to day needs (mail, website, PHP…) except for big PHP applications like Apache+WordPress or ownCloud. They can run but are a bit sluggish. Apache and MySQL will definitely need to be tuned to use less CPU/memory.

Although a bit pricer than others, the APU 1D is probably the fastest single board computer tested so far. It has an AMD G series dual core APU, 3 Gigabit Ethernet controllers and uses Coreboot firmware.

See discussion on the FreedomBox list.

2.2. WiFi

2.2.1. Can you recommend a WiFi adapter that leverages free firmware?

  • You can take a look at the wiki page USB WiFi for separate devices that do not require non-free firmware.

The MOD-WIFI-R5370-ANT from Olimex works really well, but needs a non-free firmware blob. The antenna is a bit fragile and on the MICRO, so you ought to connect it to an extension cable as the plug is quite large. If you are willing to pay more, take a look at: fsf.org, tehnoetic.com and thinkpenguin.com

The MOD-WIFI-AR9271-ANT from Olimex appears to employ a Free Software driver without the need for non-free firmware.

2.2.2. FreedomBox reports my WiFi device as ‘unmanaged’ state due to ‘now-managed’. How do I make FreedomBox be in control of the WiFi?

  • Remove any configuration for the WiFi done outside FreedomBox. FreedomBox uses Network Manager and it will say the device is unmanaged if it is configured by other means.

2.3. Other

2.3.1. What makes Open Hardware open? Anything in particular that I should be aware of?

  • Please use the more specific term “Open Source Hardware” or OSHW. OSHW is a definition intended to ensure your ability to “fork” a piece of hardware - i.e. pay a different factory to produce identical or derived hardware. Imagine a certain antenna vendor going bankrupt but you’ve created a business soldering their very particular antenna onto spaceships - when you have the “source code” for their hardware, you can pay a different vendor to produce identical antennas - and even modify them (e.g. if some particular chip inside has gone out of fashion and you want to replace it with another than requires different wiring).

“Open Hardware” is a vague term (ab)used to mean several different things related to openness of hardware. Some hardware vendors promote their boards as “open” and provide a PDF of their board design - which may be good enough to make an identical copy but not enough to fork (it is complex to rewire when you don’t have the source for computing the layout of electrical wiring).
See discussion on the FreedomBox list.

3. DOWNLOAD & INSTALL

3.1. General

3.1.1. What does “flashing an SD card” mean?

  • A Secure Digital (SD) card is a portable memory/flash card used for storage and transfer of data. An SD card uses flash memory (NOR and NAND types) that can be erased and reprogrammed. In our case, flashing an SD or microSD card means reading a binary file from your host computer and writing the file out to the card. The binary file that is written to the card will be read automatically by the bootloaded on the target computer in which the card is inserted.

3.1.2. Is FreedomBox a system in itself or must I first install Debian on a single-board computer?

  • The FreedomBox image is a full system image for most computer architectures. It may be installed post-Debian-install if desired.

3.1.3. What would be the benefit of first installing Debian, then FreedomBox packages?

  • A typical use case could be using hardware as a desktop/laptop and having FreedomBox run on the side. In this case, installing FreedomBox on Debian is a good fit. It is recommended that you install FreedomBox on a fresh Debian installation instead of an existing setup.

3.1.4. What should I know about installing FreedomBox on SBCs?

  • You should know that you should gather and read a lot of documentation about a first boot on your hardware. You can find documentation on the FreedomBox wiki or searching the net. Single Board Cards (SBC) have their own booting system, similar to the BIOS in x86-based computers. You should then study pre-requirements in addition to the use of FreedomBox image file. Some SBCs suffer from a lack of official documentation.

3.1.5. The SD card is not detected through USB or OTG on a Cubietruck SSD edition. Did I miss something?

  • Cubietruck SSD has a TransFlash (TF) slot meant to insert microSD cards on the device. SD cards will not be detected when inserted into USB based SD card readers. Cubietruck SSD with metal is tricky: please use your finger nail or any sharp object to insert the microSD card that will then latch in and lock. To release it, press again the same way.

3.1.6. How well is the Olimex A20-OLinuXino-LIME2 officially supported?

3.1.7. Where can I find some documentation about a Cubietruck first boot?

  • You can find a document called “Cubieboard/FirstSteps” on linux-sunxi.org. The Linux-sunxi community is “an open source software community dedicated to providing open source operating system support for Allwinner SoC based devices.” A system-on-a-chip (SoC) is a microchip that handle computer memory used (like RAM) to store information for immediate use. Allwinner is a particular brand of SoC processors.

3.1.8. The image I downloaded from the website seems to be broken. Can I build an image myself?

  • Yes, you can build your own FreedomBox images using the tool called freedom-maker. Please refer to the README.md file on how to build images yourself. Freedom-maker builds unstable images by default. You can pass your desired distribution by adding the command-line option --distribution (e.g. --distribution=testing).

3.1.9. Default username and password

  • FreedomBox doesn’t come with a default user account. You have to connect to your FreedomBox over the network by typing the address “freedombox.local” into your web browser and create your user account from the web interface.

3.2. HowTo

3.2.1. Uninstall FreedomBox

  • To uninstall FreedomBox, you need to remove the freedombox package and other programs you have setup using FreedomBox. However this may not remove every thing that was installed.

3.2.2. Configuring a router to use dynamic DNS

  1. Find out the mac address and current local IP of your device running
  2. Open your router admistration web interface.
  3. Set Up an exception for your device as a static local IP.
  4. Create a port forwarding for 80 (http server) and 443 (https secure server) ports to your FreedomBox IP (made static).
  5. Leave the router interface; your public IP should now provide a direct access to your FreedomBox (use https://ddns.freedombox.org/ip to find out your public IP).

3.2.3. Create a DNS name with GnuDIP

3.2.4. Upgrade FreedomBox from stable to testing

  • FreedomBox is a Debian pure blend. The process for upgrading FreedomBox from stable to testing is the same as that for Debian Steps: Login to your FreedomBox via ssh as a user who has administrative privileges.

    $ sudo apt edit-sources

Choose an editor among the options provided. Replace all instances of stable or stretch (or buster) with testing. Save and exit.

 $ sudo apt update
    $ sudo apt dist-upgrade

3.3. Troubleshooting

3.3.1. After the installation, I can only login via ssh with the account I had before running the FreedomBox setup script. How do I fix it?

  • You will need to edit /etc/security/access.conf either remove or comment out the line with “-:ALL EXCEPT root fbx (admin):ALL”.

3.3.2. I’m trying to install FreedomBox on my Raspberry Pi 2B and FreedomBox’s web interface (Plinth) does not install correctly.

  • You are running on Debian oldstable (jessie) which is too old to support FreedomBox. Also no one has tested FreedomBox on Raspbian yet. You have two options to run FreedomBox: Use the FreedomBox image for Raspberry Pi 2 or Upgrade your existing image to Debian testing or unstable and then follow the FreedomBox installation process for Debian.

3.3.3. http://freedombox.local/ gives “server not found” and nmap (0 hosts up). What did I miss?

  • If you are logged into FreedomBox machine, you can find out the IP address directly by typing ‘ip addr list’. Then connect to http:///. Further more, I hope you have followed the instructions in FreedomBox/Hardware/Debian - Debian Wiki. Pay particular attention to the troubleshooting item 2.

3.3.4. Why can I not login to my user? I followed the instructions on installing freedombox on Debian sid and I’m stuck with a tty login denied permission to my user account.

  • After running freedombox setup, it will lock out all users except: root, sudo users (in latest version), and users belonging to admin user. You can remove this restriction by removing the last line of /etc/security/access.conf No need to run some update command after editing /etc/security/access.conf

3.3.5. Is there any reason Raspberry Pi 1 is not listed in https://www.freedombox.org/download/stable/ even though the FreedomBox images are available for Raspberry Pi 1 on the FreedomBox FTP server?

  • We could list the Raspberry Pi 1 image, but there are a few problems to be aware of:
    • There isn’t a Debian-packaged kernel for the Raspberry Pi 1. Users must run the rpi-firmware-update script on a regular basis.
    • It’s armel, so it’s slow compared to e.g. Raspbian.
    • Snapshots won’t be usable, so Raspbian is recommended for running FreedomBox rather than the Raspberry Pi 1 FreedomBox image.

3.3.6. I messed up the installation of an application. Can I reinstall it somehow?

  • There are two parts to uninstalling an application.
    • Removing the application.
    • Convince FreedomBox that the application is not installed.

An example with ejabberd

Remove the application first.

 $ sudo apt remove ejabberd 

You can add a --purge before the ejabberd argument if you want to drop the database.

Then install the utility sqlite3 to edit Plinth database file.

    $ sudo apt install sqlite3

Remove the application’s record from FreedomBox’s database.

 $ sudo echo "delete from plinth_module where name='ejabberd';" | sudo sqlite3 /var/lib/plinth/plinth.sqlite3 
Now, go back to the FreedomBox web interface and install the application. 

3.3.7. A FreedomBox application has been removed from testing/stable. How do I manually install it?

You can temporarily switch to Debian unstable, install your application and go back to your previous Debian version.

SSH into your FreedomBox and run the following command to edit apt configuration.
    $ sudo apt edit-sources 

Replace testing or stable in the file with unstable. Comment out the lines containing testing-updates or stretch-backports.

    $ sudo apt update 

Now install the application from FreedomBox web interface. Going back

    $ sudo apt edit-sources 

Replace unstable with whatever Debian version you had before. Don’t forget to uncomment the updates or backports lines that were commented earlier.

    $ sudo apt update

Done.

3.3.8. I forgot the password for my admin account. Can I reset it?

  • FreedomBox hasn’t implemented a password reset feature yet.

If you have a second administrator account, you can set a new password for this account. Otherwise, follow these instructions.

  • FreedomBox stores each password in two places:
    • The web application’s user database
    • LDAP database

Your password must be changed in both the places. This guide assumes that you still have SSH access to your FreedomBox.
First change the LDAP password:

 LDAPSCRIPTS_CONF=/etc/ldapscripts/freedombox-ldapscripts.conf ldapsetpasswd <username>  $(slappasswd)
  • To change the application password, you need to create a Python script “change_plinth_password.py”
import subprocess
    import sys

    from django.contrib.auth.hashers import PBKDF2PasswordHasher as Hasher

    hasher = Hasher()
    salt = hasher.salt()
    encoded_password = hasher.encode(sys.argv[2], salt)
    query = 'UPDATE auth_user SET password="{}" WHERE username="{}"'.format(encoded_password, sys.argv[1])
    subprocess.run(['sqlite3', '/var/lib/plinth/plinth.sqlite3'], check=True, input=query.encode())

Install sqlite3

 apt install sqlite3

Then run the script

 python3 change_plinth_password.py <username> <password>

Your password has been reset.

4. USE & APPLICATIONS

4.1. General

4.1.1. Display the FreedomBox version through the User Interface

  • Click “?” (Help), then About.

4.2. Network Admin

4.2.1. Access your FreedomBox from the Internet

  • You can access your FreedomBox from the Internet after activating the Tor application. Use the given .onion address and a Tor browser for computer or a Tor app for mobile phones. You can also access your FreedomBox outside of the Tor network by using a standard IP address (http). To configure the access from a regular http address, you need some additional setup. From your FreedomBox administration interface, go to “System Configuration” page, then “Configure” page to enter a “Domain Name”. Your domain name has to be a static IP address. If your ISP does not provide you a static IP address, activate and configure “Dynamic DNS Client” in FreedomBox apps. Read the Q&A related to setting up your router and a DNS name.

4.2.2. Access FreedomBox’s web interface (Plinth) from outside the local network

  • Access to FreedomBox’s web interface (Plinth) is restricted to LAN IP addresses by default. (Note: This restriction does not apply when using a Pagekite or .onion address.) The list of restricted addresses can be found in /etc/apache2/sites-available/plinth.conf. If needed, you can add an IP address block to the section, and then reload the apache2 service for it to take effect.

4.2.3. How to have a homepage on https://freedombox.local/ or the public IP

  • The default page is set on your machine in /etc/apache2/conf-available/freedombox.conf (the RedirectMatch. You can can configure this file to make freedombox.local direct to a specific landing page. It will redirect any connections that don’t specify a /path.

4.2.4. I would like to configure my network statically for now. How do I do that in the “Networks”-Setting?

  • If you want LAN side to be configured statically, you can add a connection and choose: 1 IPv4 Addressing Method, see the manual. 2 If you want WAN side to be configured statically, you can do same but settings for default gateway and DNS Server are missing.

A page showing the current network-settings will be available in the future, see here.

4.2.5. Changing the default IP range and class

  • Give the following command to the network device which is configured as ‘shared’.

  • #nmcli connection modify $CONNECTION_ID ipv4.addresses “192.168.1.0/16”. $CONNECTION_ID is the id allocated to the device and to check the ID give this command. #nmcli con. IP range is determined by first IP that we allocate to the device and one can adjust the subnet too.

4.2.6. Display leased IP addresses

  • /var/lib/misc/dnsmasq.leases is the location to find all the IP addresses leased by FreedomBox.

4.2.7. Command-line interface: Port Forwarding in FreedomBox

  • The two steps which are required for enabling port forward in FreedomBox. [To make these changes permanent add --permanent to the end of both the commands.]

firewall-cmd --zone=external --add-port=2233/tcp

firewall-cmd --zone=external --add-forward-port=port=2233:proto=tcp:toport=22:toaddr=192.168.1.4

For a detailed described check this link: “Configure Port Forwarding using the CLI”.

4.3. Chat Server (XMPP)

4.3.1. Adding a new XMPP user

  • Entering a standard user in FreedomBox’s web interface (Plinth) (not part of wiki nor admin group) makes the user ready to use his username@domain and password to start in any XMPP client.

4.3.2. Changing the password of a XMPP user

  • That is done through FreedomBox’s web interface (Plinth) (Users → select user → Change Password form). Users will be able to connect to Plinth from an external IP address from FreedomBox version 1.0.

5. ABOUT FREEDOMBOX COMMUNITY

5.1. Contacting FreedomBox contributors

  • By writing to the mailing list or connecting to the IRC channel, you are addressing all the people contributing to FreedomBox. If you wish to talk to the active contributors, I suggest joining the monthly VOIP progress calls.

5.2. What is the difference between progress calls and hack calls?

  • The original idea was that the hack call would be less formal than progress calls. So we might have a topic of interest during hack calls, but it doesn’t need to follow a set agenda.

5.3. How can I help FreedomBox get translated into my language?

FreedomBox’s user interface (UI) translation process is held on Weblate platform. The manual is created on english wiki pages and you can translate it from these documents creating local pages linked to these global pages.

6. BUSINESS

6.1. Can I use the FreedomBox logo?

  • Certification by the Foundation to distribute FreedomBox software is not ready yet. Please ask your question on discussion list or attending team calls. Technically speaking, you can read the documentation “FreedomBox-Identity-Manual.pdf”.
1 Like