I can confirm this users problem. In a fresh whonix-ws template, i follow steps 1-4 with success. If i then run “sudo dpkg-reconfigure i2p” and then run “sudoedit /var/lib/i2p/i2p-config/clients.config.d/00-net.i2p.router.web.RouterConsoleRunner-clients.config”, i get the same error : “no such file or directory”. However, if i start from scratch and follow steps 1-4 in a newly cloned template, shut that template down, build and start an appvm based off of that same template, configure the tor browser by changing the various parameters in “about:config” and then close tor browser, i can run the “dpkg-reconfigure” and “sudoedit /var/lib…” commands IN the appvm successfully. And, only once. If i close the sudoeditor and try to edit that file again, i get the same error “no such file or directory”. If i run those two commands in the template first, i get the same error, and trying to then re-run them in the appvm fails.
TLDR key problems:
command “sudoedit /var/lib…config” only works for a moment in the appvm when ran at a certain time
this would only work for standalonevms because appvms do not persist changes to the root directory
there is no “.i2p” in the home directory to try to edit as an alternative
So, after some more poking around, this is what i have found.
If i run steps 1-4 in a template, shut that template down, start a fresh appvm and configure the tor browser, shut the tor browser down and run “sudo dpkg-reconfigure i2p” and “sudoedit /var/lib…” inside of the appvm, i can change the 127.0.0.1 to 127.0.0.2. After saving and closing, I ran “sudo service i2p restart”, and then “sudo systemctl status i2p” to see that I2P was inactive(dead). So, i then ran “sudo systemctl start i2p” and then “i2prouter start”. “sudo systemctl status i2p” shows I2P is running and then torbrowser pops up to the router-console (except it opens to 127.0.0.1 instead of 127.0.0.2). So after manually changing the .1 to .2, the java router-console displays perfectly, and i can access ‘notbob’. I then checked the home directory and “.i2p” is now available. I can only edit the correct file as root though (even if i change the permissions), but at least i can edit that file while it is in the home directory so it persists.
TLDR again:
in a fresh template, ran steps 1-4
closed template, built and ran appvm and configured TorBrowser
closed TB, “sudo dpkg-reconfigure i2p” and “sudoedit /var/lib…” is successful
ran “sudo systemctl start i2p” and then “i2prouter start”. The router console starts but using the wrong proxy. manually switching to 127.0.0.2:7657 is successful, and i can access other eepsites
as root, run “nano /.i2p/clients.config.d/00-net.i2p.router.web.RouterConsoleRunner-clients.config” and edit parameter. run “sudo service i2p restart”
poweroff appvm, start it back up, “sudo systemctl start i2p && i2prouter start” gets i2p going nicely
router-console still opens to the wrong proxy, but at least its working otherwise
The part of the usage instructions which are actually mandatory setup instructions (dpkg reconfigure; IP change seems required, not optional) should probably be moved to installation and setup.
I am not sure these two should be combined?
A) sudo systemctl start i2p is when starting I2P using the systemd daemon.
B) i2prouter start is when starting I2P as user without systemd.
Should probably not be combined for most users. Either option could be used if that works. But not both?
Right, it makes me feel naughty. I had tried both commands individually with no luck. Doesn’t make a ton of sense to me either, but it is what I ran that got me results. naturally, YRMV, but i’m hoping there is something simple i am overlooking so i can cut some of these unnecessary steps out.
Hello all, I’ve recently finished testing a setup of I2P in the Whonix GW and using TBB from the Whonix WS to browse I2P and Tor. It’s a pretty simple setup, good for using these networks for research, but I haven’t evaluated the overall security impact. I took information from the mutedstorm instructions on archive dot org and the geti2p dot net website. I’d be interested if anyone finds it useful, it’s on github under chrisbensch / I2P-Whonix-Integration
This installs I2P inside the gateway and pre-configures the options from mutedstorm and some of my own. Also this instructs a very simple way to get the workstation running on this setup.
hey there eyedeekay. I was wondering if there was a reason why the official I2P documentation (geti2p (.) net/en/download/debian) says to start I2P through the command “i2prouter start” in the “post install” section. That is where I got the idea of starting I2P through that command, but according to the devs on this forum, that is a security risk as that starts your router without utilizing apparmour, and that the recommended way to run is “systemctl start i2p” Can you help clear my confusion here? Thanks.
IIRC that info is out-of-date actually, if you have a look at: debian/apparmor/usr.bin.i2prouter · master · I2P Developers / i2p.i2p · GitLab you will see our apparmor profile does include coverage for running as a user. It might be wrong, we’re not apparmor experts, and we welcome contributions, MR’s, suggestions, emails, whatever. There’s no reason that we shouldn’t have apparmor coverage for this mode as far as I know, so if something is really wrong let’s figure out how to fix it.
I2P now instructions are fixed except one problem im facing which i dont think there is a way to fix it within TB: (already known issue)
network.proxy.http if changed to 127.0.0.x = onion services wont connect
and only way to visit onion services by either removing this configuration or visiting them through the I2P inproxy (wont be through whonix-tor)
i shifted instructions to use i2p running within user space by using i2prouter start , but there is no current way (i know) i2p will start as a service if we choose to run it from user space and using i2prouter command
why i removed the instructions of running i2p as a service? (due to the arguments posted in previous conversations)
Notes:
Since I2P is not running as a service, it will not automatically adhere to Whonix’s automatic changes to I2P Console. Therefore, the user needs to establish the connectivity manually.
I have reverted the i2pconsole interface back to the original/default one, which is 127.0.0.1, as I discovered that there is no need to change it.
To see this for yourself, you could try:
Start Menu → System → Xfce Terminal
Then run:
/home/user/.tb/tor-browser/Browser/start-tor-browser --verbose --allow-remote http://127.0.0.1:7657/
See online documentation: https://www.whonix.org/wiki/Tor_Browser#Tor_Browser_Crash_Errors
Improved error messages are now in the Whonix 17 testers repository.