Hi, I wrote the guide for putting I2P in a Qubes-ProxyVM Patrick just mentioned.
From the looks of it, the main difference with my approach is that I wanted everything to be happening in the ProxyVM, so there is no additional setup in the Workstation. However, because I couldn’t figure out how exactly the whonix iptables setup works, I based the proxyVM on plain debian. The trick was to have iptables NAT all DNS-requests to localhost and have dnsmasq started with a special rule for i2p and otherwise refer to tor:
I wrote the post as detailed as possible about what I did, so the post should be pretty self-explanatory. I’ll try implementing some suggestions of adrelanos and what I have found here when I find time.
P.S.: Sadly, the javascript here is driving me nuts. Is there some kind of alternative discussion platform? IRC? I’m not sure the mailing-list is appropriate for this niche discussion.
Right, we need to change a few things in the WS to use the TBB with I2P
Mailing-list should be fine (@Patrick?)
there is also a Whonix’s IRC, but i’m rarely there, you could use my Bote Mail (@Goldstein Profile) if you want to message me directly.
Feel free to use whonix-devel. Just note that fewer users are active
there. No idea how many people who participate here are also signed up
for whonix-devel.
there is also a Whonix’s IRC, but i’m rarely there
development needed for Sdwdate to work properly with I2P. As i understand for current Sdwdate its only targeting onion router TCP, though in I2P we have both TCP & UDP garlic router.
Using a i2p on a workstation with privoxy.
I followed the updated guide on github (top post). It was fine, and a i2p sites where visible.
When I rebooted the i2p site where not visible anymore. I got a 502 error.
“.…has been closed before Privoxy received any data for this request”.
The error from i2p is: Network: ERR-Client Manager I2CP Error - Check logs
Logs: [istener:7654] er.client.ClientListenerRunner: I2CP error listening to port 7654 - is another I2P instance running? Resolve conflicts and restart
Is the guide really up-to-date? Is there maybe another guide that is complete?
I see on different places guides that are not complete
Maybe a seriously stupid question, but what do you mean by: Create a separate Gateway (TemplateVM&) ProxyVm and Workstation (TemplateVM&) AppVM Installing I2P
I’m not sure what to do about the TBB thing. I don’t think the environment variable patch is getting much attention, I kind of see why they’d be hesitant even though it seems to me a minor change. So choices… I could package the script itself(Without the browser), or the profile(apt-get install tb-profile-i2p?) and copy select it at runtime ^with --profile, but then the reproducibility thing is still a concern. I kind of wonder how much, though. I mean hypothetically, if there was a way to pass a prefs.js at the terminal when starting tb-starter, and that prefs.js wasn’t actually added to the files used by TBB, then wouldn’t it still be reproducible in all the relevant ways?
Thanks for chiming in. OK so let’s proceed in directions that don’t depend on upstream.
Whichever direction makes the process easier as long as it doesn’t involve a TBB from outside the tb-updater. So whatever changes your profiles/scripts does to a preinstalled TBB are alright.
I think using the prefs approach is the one you should pursue right now. Shipping an own profile with customizations won’t go away in the forseeable future.
It would be nice to have but my focus is on the Install package, sorry but i got enough on my plate atm so either someone else does it or wait until whonix-i2p is ready.
It’s on my list though…
My opinion is that Tor is the better choice for Sdwdate. Tor has more hosted services, more diverse sysops, and latency isn’t much of an issue. I2P isn’t very strong yet when it comes to web hosting.
Right, the only reason i can think of for Sdwdate with I2P would be if Tor is blocked or as a fallback if Tor fails (for whatever reason).
It wouldn’t hurt to have this failsafe with I2P but the “Cost” outweighs the Benefit atm…
@9jnc7 thats bad to use other networks to secure ur network while u can have that benefit from ur own network. so using Tor for I2P sake inside a distro for I2P i find it not really good thing. Tor has its own disadvantages like it can be blocked and many countries done that while I2P its harder to block (though it can be blocked) but until now no country blocked it afik. So time configurations should be with I2P to avoid time attacks on I2P.