Installation and Fix of i2p inside Whonix-Workstation by Default

I2P packages are available in buster, so why do we have manual download steps on the I2P wiki page?


Does package availability help to solve this?


And presumably issue of “Installing I2P on Whonix-Gateway ™ (I2P and Tor simultaneously)”

1 Like

Outdated instructions :stuck_out_tongue: Great to see them in upstream now.

The main problems this was attempting to solve was to have a preconfigured TBB copy for accessing .i2p domains and other non-clearnet special TLDs and optimizing I2P operation when tunneled over Tor.

There was also the goal of having an I2P GW, but IMO it is too much work for what is likely inferior security.

1 Like

Could you review https://www.whonix.org/w/index.php?title=I2P&oldid=53339&diff=cur please? @HulaHoop

1 Like

Excellent. Thanks @torjunkie

1 Like

Removed i2p repository. Using Debian package now.


But the Tor Browser local connection workaround is broken? Does not work for me.

Got some apparmor denied messages. Had to disable apparmor. Probably upstream issue but nobody else run into that yet? No Debian bug report yet. Or I just messed up.

Could you please get the i2p installation instructions back up to speed? @HulaHoop

1 Like

No problem :slight_smile:

I tidied up the rest of that page, so it’s just Patrick’s query re: local connection workaround which you can hopefully fix.

For installation steps in Qubes-Whonix, I presume steps 1 - 3 are in the TemplateVM, while the others will be in the AppVM (we’ll need to explicitly define that too).


Yes, sudo apt-get update, sudo apt-get install i2p, sudo dpkg-reconfigure i2p in TemplateVM in Qubes. I would hope that step sudo dpkg-reconfigure i2p isn’t even required anymore now that there is a package from packages.debian.org.

The good news is I discovered this new setting that needs to be disabled to access the console on localhost:

network.proxy.allow_hijacking_localhost -> false

The bad news is no eepsites are reachable at all despite tunnels being formed. Maybe this needs privoxy to work? Will dig more.

1 Like

Not working with privoxy either or after tweaking a lot of settings. I’m out of ideas. The connectivity is absolute shit. No tunnels are forming to sustain a healthy connection.

1 Like

Anything in logs? Clock too inaccurate due to sdwdate? Debian package i2p version too outdated for the network?

OK - I can’t connect to any .i2p sites either.

  1. Downloaded sid I2P version (v9.42 instead of v9.38 in Buster stable) (required dependency libjbigi-jni first before installing I2P)
  2. sudo dpkg-reconfigure I2P
  3. couldn’t connect to anything (Nyx logs show “Have tried resolving or connecting to address [scrubbed] at 3 different places. Giving up.”
  4. re-ran sudo dpkg-reconfigure I2P and disable AppArmor setting
  5. service status check on command line shows I2P is running okay
  6. I can see lots of peers etc. but the main error in router config section is “Network ERR-UDP disabled and inbound TCP host/port not set”
  7. They suggest: “You have not configured an inbound TCP with a hostname and port on the Network config page, however you have disabled UDP. Therefore your router cannot accept inbound connections. Please configure a TCP host and port on the Network configuration page or enable UDP”
  8. Played with various I2P router network settings e.g. enable/disable UDP, prefer IPv4 or IPv6, set TCP ports etc. then reset the connection.

But you can never get a connection to work to any I2P site - Tor Browser says “Error connecting to site XYZ. Try again later etc.” Nyx keeps showing the same error “Have tried resolving or connecting to address [scrubbed] at 3 different places. Giving up.” over and over.


  • Do we have to set up something special in the I2P router network config or something else?
  • More Tor Browser config tweaks?
  • Too much clock skew? (they do warn about that needing to be very accurate in their FAQ somewhere - could be the source of the problem)
  • Maybe we’d have better luck with latest version 9.44 directly from I2P website? But I doubt it.

Doesn’t like something about being tunneled over Tor and/or something in Whonix config.


It did not use to be that way. Perhaps they changed something that depends on UDP? Can you please try with a VPN (if you can)?

It would have been the case if it was properly connecting but .i2p pages don’t open - but not the case here.

Was a common error, but never fatal in the past.

1 Like


Some progress. Got I2P to connect to its network. Some optimized settings probably help performance and tunnel setup speed. No VPN hack needed.

The TBB -> localhost:4444 step is broken because of some internal changes in Tor Browser. I confirmed it is working in plain firefox.

1 Like

I want to see if secbrowser doesn’t need as much work to get it working. I’ve installed it in the WS but no icon for it anywhere appears.

1 Like

That’s a “feature” to avoid showing up in Whonix.

The secbrowser package is just a metapackage. The “hidden” scripts can be run from here for testing:

1 Like

extensions.torbutton.use_nontor_proxy true

Allows an I2P page to show up with this message:

The website was not reachable. The website is offline, there is network congestion, or your router is not yet well-integrated with peers. You may want to retry.


It works!

After changing:
network.proxy.share_proxy_settings true

Other settings:

network.proxy.http_port 8118
network.proxy.no_proxies_on 1
network.proxy.socks_remote_dns false

Privoxy installed and configured with forwarding settings from:

1 Like

Secbrowser download attempt

user@host:~$ sudo sh /usr/share/anon-apps-config/usr++bin++download-secbrowser
/usr/share/anon-apps-config/usr++bin++download-secbrowser: 10: /usr/share/anon-apps-config/usr++bin++download-secbrowser: source: not found

1 Like

Got I2P + TBB working see second post above.

I hope we can get this scripted and have I2P and a configured privoxy included OOTB to transform TBB into a I2P Browser on demand in a dedicated snapshot.

1 Like

It’s bash. Not sh. And thanks to shebang neither sh nor bash needs to be prepended. Running a bash script with sh will break.

source: not found

sh doesn’t know command source.

Also no sudo required.

This approach may be better to restore SecBrowser in Whonix.

sudo dpkg-divert --rename --remove /usr/share/applications/secbrowser.desktop
sudo dpkg-divert --rename --remove /usr/bin/secbrowser
sudo dpkg-divert --rename --remove /usr/bin/download-secbrowser

Won’t survive upgrades.

1 Like

There is i2pbrowser but nobody maintaining it.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]