I set up I2P on the Whonix workstation by following the wiki documentation.
The tunnels are open. I can navigate the router console in Tor Browser, but I can’t access any eepsites because the servers are not found.
network.proxy.no_proxies_on is set to 0.
How can eepsites be accessed?
Something is wrong here. If network.no_proxies_on is set to 0(Which it should be), then you shouldn’t be able to access the router console when a proxy is set. My immediate suspicion is that the proxy is simply not set. First I need to know which wiki documentation you are talking about. Can I get a link?
Next I think I need to know what the rest of your proxy settings are. Type about:config into Tor Browser’s address bar, click through the warning, and type “prox” into the search at the top. You should see a number of bold that have been changed. They should all be pointing at the i2p router’s http proxy, which is on port 4444. Port 4445 is not used anymore, and the SOCKS proxy isn’t intended for use with browsing. You should also have use_nontor_proxy=true.
network.proxy.http = 127.0.0.1
network.proxy.http_port = 4444
network.proxy.no_proxies_on = 0
network.proxy.ssl = 127.0.0.1
network.proxy.port = 4444
network.proxy.socks = file///var/run/anon-ws-disable-stacked-tor/127.0.0.1_9150.sock
network.proxy.socks_port = 0
Rest are defaults.
I don’t see use_non_tor_proxy in about:config
I found extensions.torbutton.use_non_tor_proxy and set it to true.
Now I can access eepsites and the router console is working and can be navigated too.
Done. Thanks. Add to wiki documentation?
Set extensions.torbutton.use_non_tor_proxy = true
Oh crap, no wonder you’re having trouble. That documentation doesn’t reflect the most recent changes. In the next cycle, hopefully, it will all be pretty much automatic. I’m using the new version it already and it’s pretty nice. I’ll put updating those pages on my to-do list for tonight.
I’m still a little concerned about the router console being accessible though. That suggest an unlikely-but-real, and fairly simple, possibility that a page you visit could request a resource from your local machine(potentially requesting a resource from the router console itself) to fingerprint your machine or take up more malicious activity. Maybe have a look at it in the GUI network preferences menu (Firefox Menu -> Preferences -> Scroll to bottom -> Network Proxy). Has it got "Use this proxy for all connections checked? It should look exactly like this:
I set proxy 127.0.0.1:4444 for all protocols and router console is still accessible.
No Proxy for is 0
SOCKS V5 is checked
Proxy DNS when using SOCKS v5 is checked
Is my i2p running over Tor? Do you mean only the workstation can be fingerprinted and attacked?
That should not be happening and I have no idea how to reproduce the behavior. It’s not happening on the one from from stretch-testing, and it appears you have identical settings. I’m going through my about:config and nothing else should have that effect. I don’t know for sure what to do here, I could help you use the new one and configure apt to only update the required packages from stretch-testing. I’m sure that would solve the issue. But it would require mixing stable and testing repos which is usually a no-no. Or I could give you a user.js file to download and a command to run, as long as you know the path to the directory where you have your Tor Browser Bundle installed. If it’s installed by Whonix, the path is likely $HOME/.tb/ which I can also work with.
Personally I don’t think i2p-over-Tor is necessary(and it tends to make things quite difficult) but I’ll do my best to help. Should you decide to forgo i2p-over-tor, then https://github.com/mutedstorm/Whonix-I2P is the most current set of instructions. I’ve got to run out for a moment, I’ll be back shortly.
Edit: So sorry, those instructions for i2p-over-tor don’t look like they’ll actually work for i2p. i2p-over-tor is possible, but ws-tor-i2p-web as described for the other types of proxies here is not how you do it. The analogous thing to that would be using an i2p inproxy in regular Tor Browser, not modified for i2p. i2p can also have some of it’s low-level traffic proxied, and it’s possible to do that over Tor, which is why I was confused.
Also yes, only the workstation, and only services running in it. So the impact is minimized by Whonix’s procedures in that way. But it’s possible to do better.
