I2P Running on Whonix Gateway

Probably, yes. Qubes bind-dirs will become available in Qubes R3.2. (And that should come out “soon”. (?)) (Up to you if you still want to invest energy into the old Whonix bind-directories.)

Yes it has no config at all. Can only be edited by changing it directly.

One one hand, i2p is supposed to connect in the clear, you cannot configure it to use Tor as a proxy or force it by using a socksifier. So it will use system DNS. But on the other hand, Whonix-Gateway by default does not provide any kind of system DNS, torified or not. You could enable torified system DNS, but that of course would require editing and a functional /etc/resolv.conf. I see no way around that. Unless you can teach i2p to somehow not require DNS. Or somehow only allow torified system DNS for i2p and blocking system DNS traffic for everyone else.

(For completeness sake only: would also be possible to modify Whonix-Gateway to a point where it does clearnet system DNS but I guess that is besides the point here.)

I’ve Done both :wink:

ok , going to try that

This is on my Todolist

I got a lot of stuff sorted out today and the Guide shrunk quite significantly.
I added the I2P-Whonix and a I2P-Tor-Whonix Init.d scripts (to forward the Ports from the Workstation to the Gateway) to my Repo https://github.com/cle4r/var (if you want to take a look)
So we’re getting closer to a Finished I2PBox
I’m done for today after 5h debugging and researching my head hurts .

Heres a Screenshot of my running Test Setup (as a little preview :wink: )

2 Likes

Short Update :
I just found out that there is already a lot of work done by the tails guys (and now even with a new i2p maintainer pr0ng)
https://git-tails.immerda.ch/tails/log/?qt=grep&q=i2p
After going through their changes I’m pretty happy , because they solved most problems I was left thinking about . So its now only a matter of changing the tails specific files to whonix needs.
This just made my day and ruined yesterday at the same time, oh well :wink:

1 Like

short question :
which script is used to display the Tor connection message when you start sys.whonix ? I am unable to find it.

whonixcheck /usr/lib/whonixcheck/check_tor_bootstrap.bsh

https://github.com/Whonix/whonixcheck/blob/04c2ac6a53873b925dd1a736821c879af445ed46/usr/lib/whonixcheck/check_tor_bootstrap.bsh#L112

https://github.com/Whonix/whonixcheck/blob/41eb9e1eba1b1e45c39ff20b3730bf184d6432fe/usr/bin/whonixcheck#L106


Since I can speculate where you question is coming from… :slight_smile: I thought it would be a good idea to write down my long term thoughts on whonixcheck…
whonixcheck Whonix 14 ideas

…And… In meanwhile, if you want to implement “Connecting to i2p…”, “Connected to i2p.” passive popups and “i2p connection failed.” active popup, what about in meanwhile to implement that as a separate whonixcheck module? (That only gets used in i2pBOX configuration - that’s easy.) Would not be great to have duplicate passive popups for both Tor and i2p but since this would not be on by default I would be fine with it as a first iteration since it may maybe still be improved later on. It should also be doable but a bit harder to combine these passive popups.

Your right :wink:

I’m looking into it

I can’t think of another way that is not more intrusive on the user than this little popup, any idea ?

You mean by having a popup for both or by having a module that handles these popups ?
The first would likely be a problem because I2P takes a longer time to establish a client tunnel than Tor .

Passive popups (connecting; connected): blessed as not being intrusive by @bnvk. So the passive popup is okay in that regard. However, 4 passive popups (both for Tor and i2p) would not be great.

For both Tor and i2p, yes, that was what I meant.

“Somewhat maybe yes.”

Hm. I see.

In summary: No idea. You tell me. Up to you. :slight_smile:

ok , I’m going to go with the popups first and then we can figure out a more nice way when I’ve got a decent working setup

1 Like

Update:
I’m still fiddling with the Reseed Process (It works kinda but fails to import routers keys)
I’ve added a install and a config( both work in progress) script that sets all needed settings and installs I2P.
Added Notification (took the easy route for now libnotify , going to change later)
I’ve changed the Tails I2P scripts to whonix needs (not finished either :frowning: )
The Scripts are in no way done so there will be a lot of change soon.(once i get my vacation :wink: )
I’m still looking for ways to make this better and easier.
So this is just a short update that there is progress but slow.

2 Likes

@HulaHoop
are you using I2P atm ?
if so are you running it on the gateway or workstation?

(I’m asking because I’m planning to setup a KVM test machine soon)

Yes on the workstation. I also authored the I2P install guide on the wiki :smiley:

wow , i totally missed that page :cold_sweat:
Nice work, have you ever tried running it on the whonix gateway ?

For reference:

I was hoping you would document I2P on Whonix-Gateway here some day:
https://www.whonix.org/wiki/I2P#Installing_I2P_on_Whonix-Gateway_.28i2p_and_Tor_simultaneously.29

I’m going to, I just don’t want to post it before its easy and failsafe, the manual guide is almost finished (I need to fix the Reseed issue before that and update it to my current progress ).
Testing it atm…

wow , i totally missed that page :cold_sweat:
Nice work, have you ever tried running it on the whonix gateway ?

Thanks.

No I hadn’t experimented with it on the Gateway because I didn’t want to risk leaks because of misconfigurations.

Its really good what you are doing. You’re turning Whonix into a anonymity network agnostic OS and expanding our userbase while also growing the I2P network.

@HulaHoop Maybe change the 4. step "Adjust I2P Settings:"
to :
###change Tunnel length :
sudo sed -i "s/\(.*outbound.length=\).*/\10/g;s/\(.*inbound.length=\).*/\10/g" "/var/lib/i2p/i2p-config/i2ptunnel.config"
###change router config :
sudo su -c “cat > “/var/lib/i2p/i2p-config/router.config” << EOF
i2np.laptopMode=true
i2np.ntcp.enable=true
i2np.ntcp.autoip=false
i2np.ntcp.ipv6=false
i2np.ntcp.maxConnections=20
i2np.udp.enable=false
i2np.udp.addressSources=hidden
i2np.udp.ipv6=false
i2np.upnp.enable=false
router.isHidden=true
router.sharePercentage=0
router.updateDisabled=true
time.disabled=true
time.sntpServerList=127.0.0.1
EOF”

Edit: the Forum striped some chars from the command, I changed that now on the Wiki (sorry I should have tested it after posting here)

1 Like

Excellent changes. Added.

Related:

https://forums.whonix.org/t/whonix-i2p-documentation