You can test here: https://fpcentral.irisa.fr/
Thanks for the link
Please see also what TBB dev Arthur Edelstein says on this
I read it , but this shouldn’t be an Issue with TransI2P (haven’t tested it though).
Another benefit of foxyproxy is its extensible. It allows access for many other networks/programs and that are inaccessible with TBB otherwise.
EDIT:
@goldstein
Another important thing: Fingerprint sites cannot detect the lack of stream circuit isolation though this is a huge thing and makes the network behavior of affected TBB instances different than normal ones.
Another benefit of foxyproxy is its extensible. It allows access for many other networks/programs and that are inaccessible with TBB otherwise.
True, I’m not dropping foxyproxy just looking for an alternative/fallback.
Edit:
Another important thing: Fingerprint sites cannot detect the lack of stream circuit isolation though this is a huge thing and makes the network behavior of affected TBB instances different than normal ones.
For Tor this may matter , for I2P it’s doesn’t.(I will keep that in mind though).
In the End the User should decide what kind of setup he prefers:
ex. Easy/Beginner Mode: Tor and I2P with Foxyproxy TBB etc…, advanced mode : I2P + VPN or I2P only and everything else dropped…
Can you get me up to speed please on that topic? What is foxyproxy being needed for at all? So urls typed into Tor Browser that end with .i2p are automatically redirected to i2p?
I don’t have a opinion on this topic yet.
One disadvantage of foxyproxy is, that it only works inside Tor Browser. Not for the whole system, but I do not know if this is relevant.
i2p as far I know does not use stream isolation.
( Sign in · GitLab )
Privoxy is not a caching proxy. (source: Miscellaneous)
I replied with some questions:
https://lists.torproject.org/pipermail/tor-dev/2016-August/011260.html
(I am not even sure privoxy does filtering by default.)
(Traffic flows still through it and I dunno if that does mess up something.)
Perhaps worth a different thread. Perhaps a separate wiki page called Privoxy?
http2socks is a useful feature that Privoxy has. Worth documenting?
The Tor Browser page could also use a stub recommending against Privoxy. TPO used to use recommend Privoxy in past but that is long time ago. Nowadays seldom anyone gets the idea of combining Tor with Privoxy. Generally a good idea to recommend to ask/research if certain modifications such as adding Privoxy to the mix is a sane idea rather than assuming it can only do things better perhaps worth adding to the Warning page or elsewhere.
Yes. All of these modes are interesting. Which end up being implemented / supported is up to the maintainers such as you implementing this one.
Transparent i2p sounds interesting. It has some search engine results.
Transparent Access to I2P eepSites - Grepular
I dunno if GitHub - rbif/transi2p: Transparent proxying for I2P and forwarding other addresses to Tor or clearnet. has any effect on the fingerprint. I could imagine that https://fpcentral.irisa.fr/ cannot catch all kinds of fingerprint issues.
What GitHub - rbif/transi2p: Transparent proxying for I2P and forwarding other addresses to Tor or clearnet. is doing in detail?
Btw any solution not requiring ip forwarding is also to be preferred since it has a lower chance of leaks.
The point of using foxyproxy is that its able to force localhost access in Tor Browser (which blocks that by default) and redirect domain names to multiple proxies at the same time - something plain iceweasel can’t do on its own. In summary - combine proxies with TBB’s fingerprinting defenses.
You don’t need foxyproxy for other programs to communicate with I2P on the WS. You simply set them to localhost and the port number to the one you assigned in the I2P tunnel settings.
For I2P on the GW you would use socat to redirect WS traffic to its respective tunnel port just as you would on the WS.
Yes
I’ll also add that I2P doesn’t have a dedicated TransProxy AFAIK. Any other applications besides web-browsing would need you to pick out a supporting tunnel transport type to be able to move a given program’s packets.
GitHub - rbif/transi2p: Transparent proxying for I2P and forwarding other addresses to Tor or clearnet. seems interesting for a very different reason. Its an implementation of the idea I proposed for this topic: Block all traffic except some hidden addresses - #9 by assd
The only use case I can think of is to create some foolproof intranet infrastructure where services are hosted using Tor/I2P or to create some kiosk mode - assuming your users are completely clueless.
transi2p/rules.sh at master · rbif/transi2p · GitHub implies that I2P does have a TransPort.
_i2p_port=7679
#redirect all other output to i2p's TransPort
iptables -t nat -A OUTPUT -p tcp --syn -d $_i2p_range -j REDIRECT --to-ports $_i2p_port
Hm. Nothing listed here:
https://geti2p.net/en/docs/ports
The closest thing is the SAM Bridge which seems application agnostic.
The closest thing is the SAM Bridge which seems application agnostic.
TransI2P uses the SAM Bridge.
I’ll also add that I2P doesn’t have a dedicated TransProxy AFAIK. Any other applications besides web-browsing would need you to pick out a supporting tunnel transport type to be able to move a given program’s packets
Thats what TransI2P is doing.
On the GW TransI2P can implement a whitelist feature that only allows localhost access so users don’t accidentally open eepsites there. IDK if all port ranges for 127.0.0.1 can be left open though.
1 Like
Does setting I2P GW tunnels to listen on 0.0.0.0 make connections/configurations from the WS easier?
First of all sorry for the long Time that i didn’t work on this,
Currently the script is setting the listening IP to the Gateway IP, I don’t know if your suggestion would make connection easier, need to test this myself.
Currently its done like this :
GATEWAYIP=$(ifconfig eth1 | grep "inet" | cut -d ":" -f 2 | cut -d "B" -f 1)
#Change the Listening IP from Localhost to the Whonix-Gateway Ip
sed -i "s/\(.*interface=\).*/\1$GATEWAYIP/g;s/\(.*targetHost=\).*/\1$GATEWAYIP/g" "$I2P/i2ptunnel.config"
sed -i "s/127\.0\.0\.1/$GATEWAYIP/g" "$I2P/clients.config"Hi all,
sorry for the long Downtime, i was occupied with other Projects.
In the next couple of days I’m going to continue where i left,
Need to catch up all the Whonix, I2P changes and Topics first.
3 Likes
Glad you haven’t abandoned this. 
That’s good to know!
I’ve got a Problem with anon-ws-disable-stacked-tor ,
my 50_user.conf looks like this :
I2P_PORTS=“2827 3456 4444 4445 6668 7622 7650 7651 7654 7656 7658 7659 7660 7661 7662 8998”
for i2p_port in ; do
socat TCP-LISTEN:,fork TCP:: &
done
But the anon-ws-disable-stacked-tor.service is not forwarding those Ports:
Any Idea what I’m doing wrong ?
bash syntax errors. Also I doubt the socat command would work. Anyhow. Try this.
I2P_PORTS="2827 3456 4444 4445 6668 7622 7650 7651 7654 7656 7658 7659 7660 7661 7662 8998"
for i2p_port in $I2P_PORTS ; do
$pre_command socat TCP-LISTEN:$i2p_port,fork,bind=127.0.0.1 TCP:$GATEWAY_IP:$i2p_port &
done
Then socat redirection gets created.
sudo service anon-ws-disable-stacked-tor status | grep 2827
├─19601 sudo --non-interactive -u debian-tor socat TCP-LISTEN:2827,fork,bind=127.0.0.1 TCP:10.137.10.1:2827
├─19619 socat TCP-LISTEN:2827,fork,bind=127.0.0.1 TCP:10.137.10.1:2827
1 Like
Oh **** i’ve totally missed that, after searching for hours i overlooked this stupid mistake, something went wrong when creating this file.
Thanks for the Help
Edit:
Now everything works again 
1 Like
Any update?
no, no time and no motivation to work on this, nobody seems to care about it so i won’t continue to waste my time, if someone else wants to work on this they are free to do so.
I’m sorry that i wasted your time, maybe at some point i will continue this work.
2 Likes
This thread can still serve as a bad example. One among many wasting time. Therefore I learned, that I somehow must not go into detailed development discussions for complex suggested features and rather have the contributor start with small things. Hard to communicate in order not to put off serious contributors.
2 Likes