I2P Integration

Hi, I wrote the guide for putting I2P in a Qubes-ProxyVM Patrick just mentioned.

From the looks of it, the main difference with my approach is that I wanted everything to be happening in the ProxyVM, so there is no additional setup in the Workstation. However, because I couldn’t figure out how exactly the whonix iptables setup works, I based the proxyVM on plain debian. The trick was to have iptables NAT all DNS-requests to localhost and have dnsmasq started with a special rule for i2p and otherwise refer to tor:

dnsmasq --address=/.i2p/$TARGET_IP --server 127.0.0.1#$TOR_DNS_PORT

I wrote the post as detailed as possible about what I did, so the post should be pretty self-explanatory. I’ll try implementing some suggestions of adrelanos and what I have found here when I find time.

P.S.: Sadly, the javascript here is driving me nuts. Is there some kind of alternative discussion platform? IRC? I’m not sure the mailing-list is appropriate for this niche discussion.

1 Like

why did you choose Debian8 and not Debian 9?

Right, we need to change a few things in the WS to use the TBB with I2P

Mailing-list should be fine (@Patrick?)
there is also a Whonix’s IRC, but i’m rarely there, you could use my Bote Mail (@Goldstein Profile) if you want to message me directly.

I’m sorry for the current lack of progress and unresponsiveness, i’m traveling atm and only got flacky Internet, i’ll be back in 1-2 Weeks.

1 Like

Goldstein:

Mailing-list should be fine (@Patrick?)

Feel free to use whonix-devel. Just note that fewer users are active
there. No idea how many people who participate here are also signed up
for whonix-devel.

there is also a Whonix’s IRC, but i’m rarely there

Same for me.

I didn’t know where to upload these, so I put them on a filehost on I2P.
eepsite rulesets for HTTPS-Everywhere

2 Likes

development needed for Sdwdate to work properly with I2P. As i understand for current Sdwdate its only targeting onion router TCP, though in I2P we have both TCP & UDP garlic router.

@Goldstein

Using a i2p on a workstation with privoxy.
I followed the updated guide on github (top post). It was fine, and a i2p sites where visible.
When I rebooted the i2p site where not visible anymore. I got a 502 error.
“.…has been closed before Privoxy received any data for this request”.

The error from i2p is:
Network: ERR-Client Manager I2CP Error - Check logs

Logs:
[istener:7654] er.client.ClientListenerRunner: I2CP error listening to port 7654 - is another I2P instance running? Resolve conflicts and restart

Is the guide really up-to-date? Is there maybe another guide that is complete?
I see on different places guides that are not complete

Maybe a seriously stupid question, but what do you mean by:
Create a separate Gateway (TemplateVM&) ProxyVm and Workstation (TemplateVM&) AppVM Installing I2P

Cheers

Hi RED29

The instructions found on https://github.com/mutedstorm/Whonix-I2P are for use with Qubes OS:

1 Like

2 posts were split to a new topic: Using I2P inside Whonix-Workstation (Non-Qubes-Whonix)

https://github.com/mutedstorm/Whonix-I2P/issues/3

First of all sorry again for the lack of progress and updates (thank the Government)

Thanks, i’ll upload them to the Repo

Why would we need that in our current setup ? We can use Tor for that, no need for I2P.

I’ve hadn’t had this issue, but i’ll try to reproduce it.

The wiki entry is old and incomplete, the Guide in the Repository is the latest one (it’s also not finished due to the missing TBB part)

https://github.com/mutedstorm/Whonix-I2P/issues/3
Merged, going to test the other suggestion.

I’ll need some time to restore everything since i lost all of my Hardware and funds so bare with me.

2 Likes

I’m not sure what to do about the TBB thing. I don’t think the environment variable patch is getting much attention, I kind of see why they’d be hesitant even though it seems to me a minor change. So choices… I could package the script itself(Without the browser), or the profile(apt-get install tb-profile-i2p?) and copy select it at runtime ^with --profile, but then the reproducibility thing is still a concern. I kind of wonder how much, though. I mean hypothetically, if there was a way to pass a prefs.js at the terminal when starting tb-starter, and that prefs.js wasn’t actually added to the files used by TBB, then wouldn’t it still be reproducible in all the relevant ways?

2 Likes

Thanks for chiming in. OK so let’s proceed in directions that don’t depend on upstream.

Whichever direction makes the process easier as long as it doesn’t involve a TBB from outside the tb-updater. So whatever changes your profiles/scripts does to a preinstalled TBB are alright.

2 Likes

Yes i agree, depending on upstream isn’t something i would like to have with this

Right the easier the better, we can figure everything else out along the way…

OT:
You can remove the @Goldstein account since i can’t access it anytime soon.

1 Like

Related:

gk (Georg Koppen, TBB Developer):

I think using the prefs approach is the one you should pursue right now. Shipping an own profile with customizations won’t go away in the forseeable future.

3 Likes

We should use I2P to fix that not Tor , as I2P is the main connection inside whonix-i2p not Tor.

It would be nice to have but my focus is on the Install package, sorry but i got enough on my plate atm so either someone else does it or wait until whonix-i2p is ready.
It’s on my list though… :slight_smile:

3 Likes

My opinion is that Tor is the better choice for Sdwdate. Tor has more hosted services, more diverse sysops, and latency isn’t much of an issue. I2P isn’t very strong yet when it comes to web hosting.

4 Likes

Right, the only reason i can think of for Sdwdate with I2P would be if Tor is blocked or as a fallback if Tor fails (for whatever reason).
It wouldn’t hurt to have this failsafe with I2P but the “Cost” outweighs the Benefit atm…

4 Likes

@9jnc7 thats bad to use other networks to secure ur network while u can have that benefit from ur own network. so using Tor for I2P sake inside a distro for I2P i find it not really good thing. Tor has its own disadvantages like it can be blocked and many countries done that while I2P its harder to block (though it can be blocked) but until now no country blocked it afik. So time configurations should be with I2P to avoid time attacks on I2P.