I recently went on vacation for a week to a castle in Germany which is a bit off the beaten path. The castle and surroundings are beautiful but I knew from a previous trip that their Wifi Internet connectivity is not available in all rooms. However, I also knew that LTE coverage is quite o.k. in the area so I wasn’t particularly worried about connectivity and instead thought about how I could safely share my Internet connectivity with others while being there.
The answer is Freifunk!Secondary Liability – Störerhaftung
While I could have simply brought a Wifi access point with LTE connectivity and run an open Wifi network on site, the legal situation in Germany treats individuals acting as a telecommunication network provider in a different way than companies acting as telecommunication network providers. Under certain circumstances, individuals providing Internet access to others are liable for copyright infringements of their users. This is referred to as secondary liability (or ‘Störerhaftung’ in German) and has resulted in individuals acting as network operators ending up in court and paying fines. Störerhaftung only applies to individuals but not to companies offering the same service. Crazy. So as I wanted to offer the same service as a telecom company but like them, had no intention of finding myself in the crossfire for my generosity, my setup had to be a bit more complicated.
The legal mess around sharing Internet connectivity in Germany has given rise to a decentralized initiative in Germany referred to as ‘Freifunk’ which could perhaps be translated into something like ‘free radio communication’. Freifunk groups are associations and are as such treated as a telecommunications network provider to which secondary liability does not apply. Freifunk groups run backbone infrastructure to which Wifi access points can connect via an encrypted tunnel over which all traffic to and from the Wifi access points are exchanged with the Internet. In other words the data of all people using a Freifunk Wifi access point originates and terminates at a router that is governed by law that applies to telecommunication providers and not individual persons.
Setting Up a Freifunk Wifi Access Point
In theory setting up a Freifunk Wifi Access Point is straight forward. The Freifunk community offers their Wifi access point software on top of OpenWRT for many TP-Link and Ubiquity Wifi access point models. By using the built-in software update mechanism of the original firmware the access point can be converted to a Freifunk Access Point router in a couple of minutes. No special knowledge is necessary. The only tricky part is to understand that Freifunk is a decentralized community and each community offers its own software images that are preconfigured to connect to their decentralized backbone infrastructure.
This had me a bit puzzled at first but once I understood the concept I downloaded and installed the software of the local Freifunk association to the Ubiquiti Picostation 2HP I had bought for the purpose. Once done the router reboots into configuration mode so one can enter a name for the router and, optionally, geographical coordinates for the network map and also, optionally, an e-mail address. After that the Wifi Access point router reboots into its standard operating mode and establishes a VPN tunnel to a core VPN gateway over which all traffic is then routed.
On the air interface the Access Point broadcasts the Freifunk SSID of the local chapter and opens a second ad-hoc network with a pre-defined MAC address so other Freifunk routers in the neighborhood can connect to this access point to form a meshed network. This way, not all Freifunk Wifi access points require their own Internet connection. On the Freifunk map of the local chapter that is updated in real time clusters of routers can be seen that build a meshed network because they are in range to each other.
And that’s pretty much all there is to it, after that the Wifi Access point runs itself. Obviously I didn’t leave it at that and in a follow up post I’ll have a closer look at the performance of my mini-network and how my network was used for a week at the castle.