I2P Integration

prerequisite knowledge:
Qubes-Whonix ™ Overview chapter Qubes Persistence in Whonix wiki

Quote Invisible Internet Project (I2P) chapter Installation and Setup in Whonix wiki:

Before using I2P, it is recommended to access the I2P router configuration and make several adjustments for better performance.

The part of the usage instructions which are actually mandatory setup instructions (dpkg reconfigure; IP change seems required, not optional) should probably be moved to installation and setup.


I am not sure these two should be combined?
A) sudo systemctl start i2p is when starting I2P using the systemd daemon.
B) i2prouter start is when starting I2P as user without systemd.
Should probably not be combined for most users. Either option could be used if that works. But not both?

Right, it makes me feel naughty. I had tried both commands individually with no luck. Doesn’t make a ton of sense to me either, but it is what I ran that got me results. naturally, YRMV, but i’m hoping there is something simple i am overlooking so i can cut some of these unnecessary steps out.

Issue is fixe, as @eyedeekay said one need start I2P service first then after that stop it then configure the mentioned file.

1 Like

it shouldnt be combined, i2prouter start is the horrible one because it doesnt use I2P apparmor.

Yes just start i2p service from systemctl then stop it you will find the needed files in the mentioned path.

1 Like

Just found on reddit. Didn’t look into it.

2 Likes

Hello all, I’ve recently finished testing a setup of I2P in the Whonix GW and using TBB from the Whonix WS to browse I2P and Tor. It’s a pretty simple setup, good for using these networks for research, but I haven’t evaluated the overall security impact. I took information from the mutedstorm instructions on archive dot org and the geti2p dot net website. I’d be interested if anyone finds it useful, it’s on github under chrisbensch / I2P-Whonix-Integration
This installs I2P inside the gateway and pre-configures the options from mutedstorm and some of my own. Also this instructs a very simple way to get the workstation running on this setup.

1 Like

hey there eyedeekay. I was wondering if there was a reason why the official I2P documentation (geti2p (.) net/en/download/debian) says to start I2P through the command “i2prouter start” in the “post install” section. That is where I got the idea of starting I2P through that command, but according to the devs on this forum, that is a security risk as that starts your router without utilizing apparmour, and that the recommended way to run is “systemctl start i2p” Can you help clear my confusion here? Thanks.

IIRC that info is out-of-date actually, if you have a look at: debian/apparmor/usr.bin.i2prouter · master · I2P Developers / i2p.i2p · GitLab you will see our apparmor profile does include coverage for running as a user. It might be wrong, we’re not apparmor experts, and we welcome contributions, MR’s, suggestions, emails, whatever. There’s no reason that we shouldn’t have apparmor coverage for this mode as far as I know, so if something is really wrong let’s figure out how to fix it.

TODO:

Whonix should update GitHub - Whonix/anon-apps-config and use the conflagration files as suggested by @eyedeekay.

Help wanted!

Its one of the two for I2P to be properly working as it should:

  • Either run it as a user i2prouter start + working apparmor profile = this will resolve Qubes-Whonix issue with apparmor advantage.

  • Or make systemctl start i2p work offline, meaning configs files does exist but just the internet connection not there.

Both going to work properly with Qubes-Whonix.

Note: Non-Qubes-Whonix users (whonix-vbox , whonix-kvm…) the current I2P wiki does work for them without issues.

So if i2prouter command work with apparmor i just need conformation then i will change i2p instructions to use it.

These instructions for Non-Qubes-Whonix which is not an issue we are facing.

Using .d config style folders is a lot better than currently “start I2P, then edit” style instructions. That is independent from any issues.

1 Like

I2P now instructions are fixed except one problem im facing which i dont think there is a way to fix it within TB: (already known issue)

network.proxy.http if changed to 127.0.0.x = onion services wont connect

and only way to visit onion services by either removing this configuration or visiting them through the I2P inproxy (wont be through whonix-tor)

i shifted instructions to use i2p running within user space by using i2prouter start , but there is no current way (i know) i2p will start as a service if we choose to run it from user space and using i2prouter command

why i removed the instructions of running i2p as a service? (due to the arguments posted in previous conversations)

Notes:

  • Since I2P is not running as a service, it will not automatically adhere to Whonix’s automatic changes to I2P Console. Therefore, the user needs to establish the connectivity manually.
  • I have reverted the i2pconsole interface back to the original/default one, which is 127.0.0.1, as I discovered that there is no need to change it.

Sometimes i run into this message:

How to reproduce this issue?

Normal usage of turning on/off i2p and TB (but yeah no specific sequence i can point out)

You’ve probably started Tor Browser using command line using:

torbrowser http://127.0.0.1:7657/

?

Important detail as this might help with investigation.


The first (upper) error popup I don’t know yet why this is happening but it’s minor.


The second (lower) error popup has the wrong error message. The error message should actually be:

ERROR: Tor Browser ended with non-zero (error) exit code!

Tor Browser was started with:

/home/user/.tb/tor-browser/Browser/start-tor-browser --verbose --allow-remote http://127.0.0.1:7657/

Tor Browser exited with code: 141

To see this for yourself, you could try:
Start Menu → System → Xfce Terminal
Then run:
/home/user/.tb/tor-browser/Browser/start-tor-browser --verbose --allow-remote http://127.0.0.1:7657/
See online documentation:
https://www.whonix.org/wiki/Tor_Browser#Tor_Browser_Crash_Errors

Improved error messages are now in the Whonix 17 testers repository.

Why Tor Browser however exists with non-zero exit code 141 I don’t know, see: https://www.whonix.org/wiki/Tor_Browser#Tor_Browser_Crash_Errors

1 Like

This is how i2p operate once you run it by i2prouter start it will request to open i2p console in your browser.

1 Like