As far as Tor/outside internet bound connections are concerned, (for the localhost TBB instance) we can black hole them by redirecting to an inactive port/address. Using the example below but modified for our purposes.
Hi Goldstein. It’s eyedeekay from Github, and I think I have a few things you might be interested in for a Whonix-i2p integration. In particular, I wrote an apt transport for i2p, aptly called apt-transport-i2p, which uses the SAM bridge to download pacakges instead of the HTTP proxy and is, in my opinion, easier to configure than using apt.conf.d. I keep it on github at https://github.com/eyedeekay/apt-transport-i2p.
Secondly, and this is much less straightforward and will probably require more review than the other, a standalone HTTP proxy which generates a new destination for every eepSite that you visit. That way somebody running say, a malicious social-networking instance can’t collect personal data on you linked to an HTTP proxy destination, and use it to link your activity to other sites run by the malicious instance owner. It’s got a few other useful features too but that’s what it’s designed to do. I keep it at https://github.com/eyedeekay/si-i2p-plugin. I look forward to hearing what you think.
Hi @eyedeekay ,
great to see you here, i’m quite familiar with your Repository and i really like your work.
Great, i’ll take a look and try it out. Thank you for your contributions to the I2P Space
I really like the Idea behind that, but i haven’t had the time to really dig into it and test it properly.
I’m going to test and review all of them (hopefully) this Weekend and report back what i think.
What do you think about a cli I2P Monitor like Tor’s Arm/Nyx?
Are you using Qubes and/or Whonix ?
I’m glad you like my work, I enjoyed putting it together. I’ve been using Qubes on my desktop machine, but these were developed on a netbook running Debian Sid.
I was considering writing an arm/nyx analog for i2p soon while I learn about i2pcontrol, it’s just been a low-ish priority for me personally because i2pd’s web interface renders quite well in lynx. There’s an existing python interface for it, so it should be pretty easy to put together. I’ll give it a shot.
since Tor going to handle the outproxy. consider deleting false.i2p and tor.meeh.i2p from I2P HTTP/HTTPS Proxies.
also turn off these things:- (it will save resources and useless traffic)
- inside 127.0.0.1:7657/configwebapps
** turn off imagegen since its for hidden services sake.
- inside 127.0.0.1:7657/configstats
** turn off all statistics since they r just used locally and for interested users so make it off by default but if the user know what r these about then he will turn it on by himself
- inside 127.0.0.1:7657/configclients
** turn off webserver (eepsite) because its only usable for hidden services
- inside 127.0.0.1:7657/confignet
** disable UPNP since its security risk, and make it optional to the user need if he wants to enable it.
thanks for reminding me of these Settings, i missed them in the first Post, going to add them.
Have you tried the Setup yet ? I want to be sure its working before i start adding custom Settings.
I need to wait for some new Hardware to finally upgrade to Qubes 4 and test everything there, i think i need to change a couple of steps for that.
It would be great if someone could test the Setup and confirm that its working.
i will do it tomorrow and after.
The good news is that Debian stable next (with all the I2P packages) will come early next year. The bad news is that stretch based Whonix isn’t ready yet but its getting there
second command showing this error:
user@host:~$ gpg --keyid-format long --with-fingerprint i2p-pubkey.asc gpg: WARNING: no command supplied. Trying to guess what you mean ... gpg: can't open 'i2p-pubkey.asc'
also why would u install iceweasel instead of firefox-esr ?
No particular reason, since its only used for debugging and accessing the Console from the Gateway. It’s going to get replaced by I2PControl or something similar.
Need to fix that, thanks
Does everything else work ?
not sure because i can not install i2p when add the key + repos. it shows that deb.i2p2.de host cant resolve.
maybe if u can upgrade ur steps so i can make it work.
Yes it should be
i have installed I2P by adding buster repos temporary then disabled them.
but im facing problem with installing Privoxy inside GW:
user@host:~$ sudo apt install privoxy Reading package lists... Done Building dependency tree Reading state information... Done privoxy is already the newest version (3.0.26-5). 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] y Setting up privoxy (3.0.26-5) ... Job for privoxy.service failed because the control process exited with error code. See "systemctl status privoxy.service" and "journalctl -xe" for details. invoke-rc.d: initscript privoxy, action "start" failed. ● privoxy.service - Privacy enhancing HTTP Proxy Loaded: loaded (/lib/systemd/system/privoxy.service; disabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2018-04-25 20:46:25 UTC; 19ms ago Docs: man:privoxy(8) https://www.privoxy.org/user-manual/ Process: 20060 ExecStart=/usr/sbin/privoxy --pidfile $PIDFILE --user $OWNER $CONFIGFILE (code=exited, status=1/FAILURE) Apr 25 20:46:24 host systemd: Starting Privacy enhancing HTTP Proxy... Apr 25 20:46:25 host systemd: privoxy.service: Control process exited, code=exited status=1 Apr 25 20:46:25 host systemd: Failed to start Privacy enhancing HTTP Proxy. Apr 25 20:46:25 host systemd: privoxy.service: Unit entered failed state. Apr 25 20:46:25 host systemd: privoxy.service: Failed with result 'exit-code'. dpkg: error processing package privoxy (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: privoxy E: Sub-process /usr/bin/dpkg returned an error code (1) user@host:~$
I haven’t had this error with Privoxy, i’m going to take a look at it.
Skip Privoxy for now since forwarding with TBB and Privoxy isn’t working atm.
We’ll get to that once we tested everything else.
Is I2P working ?
Have you tested Foxyproxy ?
working inside GW , working inside WS with FF-esr not TBB.
but there is problem in opening the console inside WS port with 127.0.0.1:7657
can NOT be tested, because it supports FF 57 and above so u cant use it with TBB.
also u cant add 127.0.0.1 port 4444 to Network inside TBB. simply u cant press on “OK” …
in conclusion, u need to re-test steps inside whonix 14 and by that maybe some major changes need to be added to the above steps to make it compatible. otherwise the steps above maybe not working whether 13 or 14. i dont know for 13 but for 14 its for sure not working.
Is this still the case after adjusting the http proxy port pref?
yes, we don’t forward the Console Port to the WS, because it could leak and we don’t want the WS to alter the Router config, thats why i (temporarily) added Iceweasel/FF to the Gateway until I2PControl is ready
weird, last time i tested it it worked, going to take a look at that.
this can be changed in the about:config , i post the needed config tomorrow/soon
I just setup Qubes 4 give me a couple of days and i fix it, thank you for testing and for the feedback
Well Qubes 4 is unusable for me, getting all kinds of error and performance problems, going to revert back to 3.2 until its usable for me (or once new hardware arrives) wasted enough time with 4.0
Last time i checked yes… going to test it with a new setup tomorrow
A question asked about what we are trying to do: https://tor.stackexchange.com/a/13562
So the problem is that TBB now communicates over Unix sockets for localhost and not TCP. I remember this was discussed before in one of the TBB modification threads with @Patrick but I can’t remember the solution we reached.
If this doesn’t work then lets ask on the Tor mail list for some pointers.