I2P Integration

Development
109

Alternatively a moderator could also delete the post with the request
for top posting after updating the top post.

Or these wish for update of top post requests could be posted in a
separate thread or even by e-mail if a moderator wants that.

git however also sounds good.

110

Please add this Link to the top Post @HulaHoop
https://github.com/mutedstorm/Whonix-I2P/blob/master/Whonix-I2P-Guide.md

1 Like
111

I can’t find the Solution to this error ,have you tested importing the Key the way we describe it ?

Err:4 https://deb.i2p2.de stretch InRelease
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 67ECE5605BCF1346

apt-key list shows me the Key

/etc/apt/trusted.gpg.d/i2p-debian-repo.key.gpg
----------------------------------------------
pub   rsa4096 2013-10-10 [SC] [expires: 2018-10-13]
      7840 E761 0F28 B904 7535  49D7 67EC E560 5BCF 1346
uid           [ unknown] I2P Debian Package Repository <killyourtv@i2pmail.org>
sub   rsa4096 2014-03-21 [S] [expires: 2018-10-13]

Almost everywhere it’s suggested to use apt-key add or adv, which doesn’t help.

Any Idea ?

112

There is something broken in their repo or GPG since the last time I tried this and successfully added the repo no problem. I think the best ting to do is bring it to their attention on twitter or IRC?

113

The Repo is fine, when i add the Key via apt-key add it works, thats what bothers me the most.

114

Well that’s further than I managed to get today. As long as it works and can be verified beforehand its OK.
Even using apt-key didn’t fix it for me…

115

What Version of Whonix ? 14?
I’ll test it today with a fresh Template again

116

Yes 14

117

Sorry for the week to reply, my electricity has been out all week and I’m just now getting back to everybody I need to. I replaced the syspref.js with the one from PurpleI2P early on, when I was just cheating to make a browser that was slightly better than vanilla Firefox for what I needed. Now most of it needs to go, except I think for these settings:

pref(“network.proxy.backup.ftp”, “127.0.0.1”);
pref(“network.proxy.backup.ftp_port”, 4444);
pref(“network.proxy.backup.socks”, “127.0.0.1”);
pref(“network.proxy.backup.socks_port”, 4444);
pref(“network.proxy.backup.ssl”, “127.0.0.1”);
pref(“network.proxy.backup.ssl_port”, 4444);
pref(“network.proxy.ftp”, “127.0.0.1”);
pref(“network.proxy.ftp_port”, 4444);
pref(“network.proxy.http”, “127.0.0.1”);
pref(“network.proxy.http_port”, 4444);
pref(“network.proxy.share_proxy_settings”, true);
pref(“network.proxy.socks”, “127.0.0.1”);
pref(“network.proxy.socks_port”, 4444);
pref(“network.proxy.socks_remote_dns”, true);
pref(“network.proxy.ssl”, “127.0.0.1”);
pref(“network.proxy.ssl_port”, 4444);
pref(“network.proxy.type”, 1);

Obviously because they pre-set the proxy to use i2p instead of Tor.

The only reason they haven’t been changed yet is lack of a place to work. This is the line that disables un-proxied requests to the localhost.

pref(“network.proxy.no_proxies_on”, 0);

I’m pretty sure Torbutton will take care of this from now on. I’m going to make those changes(The syspref changes will be moved to the syspref in my repo for now) and push them. That should make the changes from TBB as minimal as I know how to make them.

As for maintaining it, I’d be happy too. It’s expressly designed to take stable TBB and repackage it with i2p-related settings as quickly and easily as possible, I can make time to make sure it’s up to date, presuming storm season spares my house for a while.

Oh also, I get mobile notifications to everything that happens on my github. In circumstances where I’m less able to respond(power outages), that’s a good way to get my attention.

118

No worries, no rush

I think we only need :
extensions.torbutton.use_nontor_proxy;true
pref(“network.proxy.no_proxies_on”, 0);
network.proxy.socks;
pref(“network.proxy.type”, 1);
pref(“network.proxy.socks_remote_dns”, true);
pref(“network.proxy.http”, “127.0.0.1”);
pref(“network.proxy.http_port”, 4444);
pref(“network.proxy.share_proxy_settings”, true); ← this is going to apply it to the rest

Great thanks, good to know.

Roger that, next time i’ll create a Issue

119

This would be a good way to prevent clearnet leaks to FTP sites, have you tested if you can connect to the clearnet without this setting?

Would this leak addresses visited in this TBB to exit nodes’ DNS servers? Its probably best to avoid that but I can’t confirm if it doesn’t happen anyway except maybe with wireshark on the GW.

@eyedeekay

Can you please focus on integrating the custom prefs so they can modify an already installed Tor Browser instead of packaging the whole thing? The reason I ask is because for security assurance we don’t want to break upstream’s deterministic builds that we include in our distro by default.

120

Yes and no i can’t connect to the clearnet with or without the setting

I get this page (like i should):

Warning: No Outproxy Configured

Your request was for a site outside of I2P, but you have no HTTP outproxy configured. Please configure an outproxy in I2PTunnel.

AFAIK no it shouldn’t be possible since we don’t forward it to tor so there are no exit nodes and I2P’s Outproxy is disabled. I’ll check it with Wireshark though

If @eyedeekay wants to do this that would be great, otherwise i would add it to the Whonix-I2P Install script/package todo

121

Idk:

pref(“network.proxy.backup.socks”, “127.0.0.1”);

I think this is only a temporary solution. TCP support will be removed
from Tor Browser.

I highly recommend figuring out how to use Tor Browser with unix domain
socket files.

122

@Goldstein

I’ll give it a try with just those settings and if it works right make a new release tonight with the result.

@Goldstein @HulaHoop

I can do that I think. Is this essentially just writing a script to apply the modifications to the user’s already installed TBB?

2 Likes
123

@Patrick

That’s something I’m taking into consideration, it’s just a matter of how and where to implement it. I think it’s possible to implement something equivalent through the i2p API’s. I’m going through the documentation and the code for the extensions to figure that out but I can’t give a solid timeframe.

1 Like
124

Yes, but not for the default TBB (home/user/.tb/ ), we’re going to have a second TBB for that (i.e. /home/user/.localtb/).

1 Like
125

Works for me. It won’t take long.

1 Like
126

I tested it now on a fresh Whonix 14 Template and it works fine, could you test it again ?

127

What are your thoughts on this guy: i2p-browser-for-cheaters/setup-i2p-browser.sh at master · eyedeekay/i2p-browser-for-cheaters · GitHub ? I didn’t have it do any of the renaming files and changing the contents of the .desktop files, wasn’t sure if that was a good idea in this context yet(it would be slightly better for me, though, and doesn’t appear to affect the functionality), but it should be easy to incorporate into other shell scripts or invoke from a terminal.

128

Looks good thanks, i wouldn’t mind renaming the files @HulaHoop what do you think ?

I’m not sure about removing the extensions though, could there be any negative side effect to that?

rm -r "$i2pbrowser_directory/Browser/TorBrowser/Data/Browser/profile.default/extensions/"tor-launcher*.xpi
"$i2pbrowser_directory/Browser/TorBrowser/Data/Browser/profile.default/extensions/"https*.xpi
“$i2pbrowser_directory/Browser/TorBrowser/Data/Browser/profile.meek-http-helper”

I’m also not sure what happens when TB updates, if it overrides these changes and adds the addons again ?
I’ll look it up, i read something about that here but i’m not sure atm.