I2P Integration

It should work for all hyperivsor platforms since this layer is transparent to the OS especially in this case.

Install Privoxy in the Gateway

Edit the firewall rules /etc/whonix_firewall.d/50_user.conf and add
SOCKS_PORT_PRIVOXY=8118


In the Workstation

i’m using socat to forward the Port

@nurmagoz could you please test the setup

sure, do u have the tested template/ova …etc available for download? or only instructions how to change whonix to work with i2p?

Here’s the problem. You need it on the WS to intercept and .i2p domains in TBB and transparently redirect them to the local (or in your case the GW IP of I2P)

Tried that also, with no success

only instructions atm

As per torrent clients, I2PSnark can be built standalone from the java router source code since a number of versions ago. Bobthebuilder.i2p offers compiled standalones as well.

The I2P torrent scene is dominated by Snark, any other bundled client would be conspicuous. Vuze/BiglyBT show up in swarms sometimes, but their only advantage is they have good performance.

2 Likes

OK obvious suggestion then - did you configure TBB to connect to local proxies?

yes

how did u split jetty,tahoe-lafs,… from i2p inside gw ?

1 Like

you can use tahoe-lafs like normal it will get forwarded to the gateway, i havent tested jetty yet.
have you tested it ?

1 Like

i tested that when i want to install i2p , it will install everything into one place. so whonix gw will contain jetty,susimail…etc.

1 Like

susimail is fine, we don’t need to have the files on the Workstation you can access it from the Workstation, jetty would need to be moved though.
But do we really need jetty ?
I think it would be easier to use another Blog/Website Software to run on the Workstation, what do you think ?

1 Like

im extremely agreeing with u. i would love to remove jetty or any eclips sucking service. might be even discourse or any open source website.

i2p inside GW should just and only i2p tunnels for connection. not for susi or jetty or tahoe or clearnet …etc.

1 Like

Plaese keep the I2P dependent applications on the WS to preserve isolation in case they are vulnerable and get rooted.

1 Like

Sure, that’s what i was trying to say.
I wouldn’t bother with Jetty on the WS, we don’t enable it by default on the GW and like i said other Software should be recommended for hosting Eepsites/Hidden Services.

About TBB and Privoxy

I was able to use privoxy with firefox to forward .i2p but i can’t get TBB to do the same… if you have a working config please let me know

I think the Whonix I2P Wiki Page is missing a few Settings at :

  1. Configure Tor Browser to connect to localhost.

.i2p isn’t forwarded to 4444 or am i missing something ?

I am not familiar with using Jetty for webhosting to give feedback but couldn’t an argument for it be made that its memory safe (because Java based)? Is it just plug and play instead of requiring a ton of configuration to avoid leaking info like Apache?

Unfortunately other steps on the page are broken at this point because of upstream changes to gpg verification commands. AFAIK port 4444 is the http not the https port right?t

I’m not that familiar with it either, looking into it

yes http, https is 4445

1 Like

Apparently the network.proxy.http_port pref in TBB is set to 0 which causes it to ignore http proxies. Looking at the settings documentation I am not sure if it accepts a port range for the value or just a single one. Try setting it to 8118 (privoxy’s port number) and hopefully we can use privoxy to multiplex this to redirect to multiple programs if needed.

EDIT: Only a single port number is accepted.
https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Mozilla_networking_preferences

1 Like