Right this would work but would need socat to be configured differently than how we use it now?
In this thread we discuss how redsocks can be used to make non Tor supporting DNS work safely in Whonix. Maybe socat can be replaced by redsocks to reduce redundancy.
EDIT:
Looking around there seems to be a problem with privoxy working on Debian. Can you rule out this is not the problem?
They changed the parameter naming between verion IIRC. I pulled out the correct ones and put them in a phabricator ticket for gpg instruction templates.
apt-key stores data in uncleanly and hars to manipulate and reverse the added keys easily. Also we want to always verify the asc data before ever adding anything to trust.
Aaaa this is so frustrating. I hope I can find a solution to this in time.
@Goldstein I take it that you are seeing the message “Invalid header received from browser” like I can? In this case Tor Browser is able to connect to localhost daemons without changing any http proxy settings in about:config. I tested in firefox with same result.
The problem is in privoxy itself or some setting it ships with.
No, i cant get TBB to use privoxy as Proxy it always says “Unable to find proxy Server”
I tested it it with Firefox, the Proxy settings work but Privoxy isn’t able to forward .i2p (“502 No such Domain”) BS
What Privoxy config file did you change ? user.action isn’t doing anything and when i change /etc/privoxy/config it won’t start.
my Privoxy config: (privoxy is running on the WS)
listen-address 127.0.0.1:8118
forward .i2p localhost:4444
accept-intercepted-requests 1
max-client-connections 512
I tested it with Foxyproxy to see if there is some kind of problem with I2P or the Port-Forwarding, but it works flawless with Foxyproxy.
The problem at least when using firefox is a DNS resolution error since .i2p is not recognized by the resolver used. So in this case you can apply a work around like in the second link by assigning a local IP (say 10.191.0.1) to the I2P TLD with a local resolver package called unbound, then redirecting requests to privoxy with iptables.
The same technique can probably be applied to zeronet and freenet too.
On the workstation this is 100% safe but I don’t know the full implications of having another DNS resolver daemon on the GW for potential leaks.
Thanks for the Info, this explains why FF fails to resolve .i2p but i don’t think we need to fix that since we don’t want to use FF.
Could you explain this, is TBB able to use a local Proxy without setting the proxy setting ? I guess you set
network.proxy.no_proxies_on 0 and then connect to p.p to see if it works ?
Using TBB or FF ?
Thank you for your ongoing help, i would have quit all this without your Help, it’s so damn frustrating and it would’ve been worse doing this all alone.
Yeah and I troubleshooted the messages and changed privoxy settings until they stopped appearing.
Both but in TBB in particular since this is of interest.
Thank you for pursing this project. IA lot of many great applications will open up for everyone once it’s done
Good point. All other networks should work fine when local proxy is enabled without needing it. This looks interesting indeed. Do you know if its a script that runs and modifies a specified copy of the Tor Browser or is it a modified version of TBB.
It’s a modified TBB, but if it works it’s going to be easy to see what he has changed and put the needed changes into a script.
I will take a close look when i’m back at my work PC.
Great, so we can eliminate another error source, the less software we have to keep an eye on the better and easier to maintaine
Well, the modified TBB works and AFAICT the only important changed setting is the Proxy setting and there is no Torbutton.
Torbutton is the problem, when i disable it the stock TBB uses the set Proxy.
@HulaHoop did you disable it when you tested Privoxy? How did you get TBB to use the Proxy without disabling it, i tried every mentioned setting and only disabling Torbutton has worked now.
I did also test disabling Tor Launcher like Mark Smith suggested with no effect, it still ignores the set Proxy when Torbutton is Enabled.
Tested this to be working. Please update top post. I can connect to zzz.i2p with Tor Browser. Visiting 127.0.01:8118 will still give a 500 internal error but who cares as long as it does what we need it to do?
These settings for privoxy MUST be defined in this file /etc/privoxy/config. user.action, config.d and others have no effect. Also you must forward to 127.0.0.1 and not localhost.
@Goldstein please configure the auxiliary packages setup (like the I2P monitoring GUI and others) for the I2P on the WS as well for users who want to use the instance in the WS independently.
Valid reasons are stacking with Tor for censorship circumvention or as defense in depth.
gpg verification command is broken but this updated one should do the trick: Posted the new working instructions for adding the key but it must be templatized for ease of changes in the future:
To blackhole any clearnet connections set the variable below to nothing (blank) in about:config. That will stop users from mistakenly surfing the clearnet with a browser that has a modified fingerprint.