The same in other words: network.proxy.socks_remote_dns set to true is now hardcoded directly by Tor Browser and it always reverts to Tor Browser default after Tor Browser restart.
i2p inside Whonix-Workstation instructions - both old and new - require network.proxy.socks_remote_dns set to false.
Unless the user re-applies these Tor Browser settings all the time which is very bad usability, I don’t think we currently have a good solution with or without privoxy.
One way to see it that a lot of time was spent on this with meager results (?) that should be spend on more worthwhile things.
A different way to see this would be interpreting the number of users ever active in this forum thread (or generally on I2P) as a high user interest in I2P.
well if there is no easy way to have it maintained then it wont make it as default thats for sure, mostly as well @eyedeekay gonna help with that otherwise also no future for i2p by default (left to users to install it).
Though at the moment in whonix-workstation there is already script automatically configure i2p once installed to be compatible with Tor connections (like disabling upnp, ntp time check, inbound connection…etc)
Changing network.proxy.http value in Tor Browser about:config will break the connection to onion hidden services URLs (dunno if there is a way to make this work from within TB)
Solutions: (But not really)
Usage of extensions like foxyproxy can solve the issue but is not real solution here as it will change TB fingerprint and put a trust into external extension… harm more than benefit.
Privoxy or tinyproxy usage within Tor Browser in Whonix cant be done because about:preferences#connection doesnt exist in TB within whonix which has an option to modify connection of Tor to certain proxy IP and Port (maybe easy solvable through other ways?).
I2P default outproxies in HTTP tunnel support onion connections, meaning you can surf the onion hidden services from I2P tunnels but the problem you will loose all the security benefits/design of Tor within whonix and shift the trust to the outproxy operator.
@eyedeekay said there is a way to make this working, hope he can be able to share it with us.
Well I’ve got… maybe good news, maybe bad news. I don’t think there’s a perfect way to do this, but I do think there might be a few “good” ways to do this. Speaking specifically in the Whonix context, I think option 4 is probably using the “SOCKS Outproxy Plugin” for I2P which zzz wrote a while ago. zzz / i2p.plugins.socksoutproxy · GitLab This satisfies two important things:
It does not use extensions in Tor Browser to add the ability to switch from I2P to Tor, instead it acts as an add-on to the HTTP proxy that I2P already uses and routes non-I2P requests to a configured SOCKS proxy.
It does not shift trust onto the outproxy operator, it uses the Tor Network directly
The bad news is that there’s no Debian-style package for this yet, but I could easily turn it into one in the coming weeks if there is interest and one of us is willing to host it.
There are a few other ways, all of which I think are probably worse for Whonix. That’s the one I would recommend.
Clearnet traffic and Onion traffic(basically, any traffic that is not recognized as I2P traffic) would be routed to Tor, and Tor would take over entirely from there. It essentially functions as alternative to the regular outproxy system and would take over that role entirely. I2P traffic would still go directly over I2P as well.
I don’t think that it would, on it’s own, allow access to the I2P webUI normally available on localhost:7657, however. It should still be possible by overriding proxy settings in user.js or similar, though.
I can confirm this users problem. In a fresh whonix-ws template, i follow steps 1-4 with success. If i then run “sudo dpkg-reconfigure i2p” and then run “sudoedit /var/lib/i2p/i2p-config/clients.config.d/00-net.i2p.router.web.RouterConsoleRunner-clients.config”, i get the same error : “no such file or directory”. However, if i start from scratch and follow steps 1-4 in a newly cloned template, shut that template down, build and start an appvm based off of that same template, configure the tor browser by changing the various parameters in “about:config” and then close tor browser, i can run the “dpkg-reconfigure” and “sudoedit /var/lib…” commands IN the appvm successfully. And, only once. If i close the sudoeditor and try to edit that file again, i get the same error “no such file or directory”. If i run those two commands in the template first, i get the same error, and trying to then re-run them in the appvm fails.
TLDR key problems:
command “sudoedit /var/lib…config” only works for a moment in the appvm when ran at a certain time
this would only work for standalonevms because appvms do not persist changes to the root directory
there is no “.i2p” in the home directory to try to edit as an alternative