It’s a modified TBB, but if it works it’s going to be easy to see what he has changed and put the needed changes into a script.
I will take a close look when i’m back at my work PC.
Great, so we can eliminate another error source, the less software we have to keep an eye on the better and easier to maintaine
Well, the modified TBB works and AFAICT the only important changed setting is the Proxy setting and there is no Torbutton.
Torbutton is the problem, when i disable it the stock TBB uses the set Proxy.
@HulaHoop did you disable it when you tested Privoxy? How did you get TBB to use the Proxy without disabling it, i tried every mentioned setting and only disabling Torbutton has worked now.
I did also test disabling Tor Launcher like Mark Smith suggested with no effect, it still ignores the set Proxy when Torbutton is Enabled.
I’m confused
Tested this to be working. Please update top post. I can connect to zzz.i2p with Tor Browser. Visiting 127.0.01:8118 will still give a 500 internal error but who cares as long as it does what we need it to do?
These settings for privoxy MUST be defined in this file /etc/privoxy/config. user.action, config.d and others have no effect. Also you must forward to 127.0.0.1 and not localhost.
Privoxy:
forward .i2p 127.0.0.1:4444
accept-intercepted-requests 1
max-client-connections 512
TBB about:config:
extensions.torbutton.use_nontor_proxy;true
network.proxy.no_proxies_on;0
network.proxy.http;127.0.0.1
network.proxy.http_port;8118
@Goldstein please configure the auxiliary packages setup (like the I2P monitoring GUI and others) for the I2P on the WS as well for users who want to use the instance in the WS independently.
Valid reasons are stacking with Tor for censorship circumvention or as defense in depth.
I can confirm that, finally… thank you so much 
you made my day
Updating top Post now
Edit:
Updated top Post, there are still some problems regarding the gpg key import and adding the Repo, but i’ll get to that tomorrow
gpg verification command is broken but this updated one should do the trick: Posted the new working instructions for adding the key but it must be templatized for ease of changes in the future:
scurl https://geti2p.net/_static/i2p-debian-repo.key.asc
gpg -n --import --import-options import-show i2p-debian-repo.key.asc
gpg --no-default-keyring --keyring ./i2p-pubkey.gpg --import i2p-debian-repo.key.asc
sudo cp i2p-pubkey.gpg /etc/apt/trusted.gpg.d/i2p-pubkey.gpg
sudo su -c “echo -e ‘deb http://deb.i2p2.de/ stretch main\ndeb-src http://deb.i2p2.de/ stretch main’ > /etc/apt/sources.list.d/i2p-release.list”
Update:
To blackhole any clearnet connections set the variable below to nothing (blank) in about:config. That will stop users from mistakenly surfing the clearnet with a browser that has a modified fingerprint.
network.proxy.socks;
Good Point, i guess we could also use privoxy’s black- and whitelist, what do you think ?
Tried that however the documentation is non existent and going by the instructions of someone who dug it out on his own, it seems broken.
This should be more foolproof
I think it won’t hurt to use the blacklist feature (if it works ) https://www.privoxy.org/user-manual/actions-file.html#BLOCK
Requests for URLs to which this action applies are blocked, i.e. the requests are trapped by Privoxy and the requested URL is never retrieved, but is answered locally with a substitute page or image, as determined by the handle-as-image, set-image-blocker, and handle-as-empty-document actions.
If i understand this correct it would enable us to give the user a hint that he should use the standart TBB for clearnet sites
Going to test this later
For this I suggest shipping another custom homepage for this TBB instance, that explains it won’t connect to the clearnet for privacy reasons. The page would have the Whonix ASCII but none of the other clearnet links. Something along the line of “Attention: This browser is configured to connect to local proxies only. Please check bookmarks for possible destinations. Make sure you have installed/enabled the corresponding software”
Ticket: https://phabricator.whonix.org/T795
@iry it would be awesome if you could throw together this page whenever you have time 
great job , going to test these steps now. but i have some comments:
why r u using the non-https repos of i2p ?
also splitting steps for Template and Appvm leading to horrible results of modifications. u need to make these only inside the Templates as that will ease the creation of “Standalone VMs” from the templates. but working on these steps is eliminating this possibility to get a complete standalone VM based on whonix-i2p.
Sure, but i think it would also be helpful to redirect the user to said warning if he mistakes the localonlyTBB with the stock one and tries to access clearnet sites, it would certainly be better than an error message from a failed connection attempt.
Yeah it’s a bit hacked together, going to fix that soon
fixed, good call
New command for the Repo (cant edit top Post atm)
echo -e ‘deb https://deb.i2p2.de/ stretch main\ndeb-src https://deb.i2p2.de/ stretch main’ | sudo tee /etc/apt/sources.list.d/i2p-release.list > /dev/null
echo -e ‘deb https://deb.i2p2.de/ jessie main\ndeb-src https://deb.i2p2.de/ jessie main’ | sudo tee /etc/apt/sources.list.d/i2p-release.list > /dev/null
please test again
Updated top Post
trusted.gpg.d still a big issue because u cant install i2p after doing that step.
check this website for separated packages of i2p:
skank.i2p
Just be careful with it. I pulled a bunch of disparate pieces from other projects together and disabled a couple of things. I just re-enabled TorButton, for instance, I don’t know if it might cause any kind of trouble by connecting(accidentally?) to an available Tor Control Port on a configuration where it’s enabled. I don’t yet know how to keep it from doing so or even if it would be an issue. I think it would be best, for now, if I found a way to disable to communication with the control port while leaving the rest of the functionality intact, and I am looking into what TorButton does with the control port to see if it would be worth trying to implement something compatible with TorButton in si-i2p-plugin. No matter what though, Javascript is not my strong suit and I’m very busy this week, it may take me a few days to get the control port disabled and I really don’t know what TorButton does with the control port yet.
Edit: I must have missed your other post the first time I read through the thread. I’m going to revert the change I just made for now but it seemed to be working when I tried it with TorButton added back in before. Could it have been tor-launcher instead? I kind of hope so, I’m reading through the TorButton spec and I’d really like to be able to make them work together without issues. I’m working on it right now.
Yes there is definitely a key problem from the instructions.
I keep getting the issue of an untrusted public key not found after the instructions of:
To import asc key files into trusted.gpg.d they must be converted into a .gpg keychain file first.
user@host:~$ gpg --no-default-keyring --keyring ./i2p-pubkey.gpg --import i2p-debian-repo.key.asc
So I tried to instead install the deb packages… the i2p-keyring, privoxy, killyourtv-keyring and i2prouter… no such luck…
Yes, i’ll try to fix this asap, but i’m unable to test atm because i’m in hospital for the next days 
You could use apt-key add after verifiyng the key (not recommended though)
