I2P packages are available in buster, so why do we have manual download steps on the I2P wiki page?
https://packages.debian.org/buster/i2p
https://packages.debian.org/buster/i2pd
Does package availability help to solve this?
http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/t/i2p-integration/4981
And presumably issue of “Installing I2P on Whonix-Gateway ™ (I2P and Tor simultaneously)”
Outdated instructions 
Great to see them in upstream now.
The main problems this was attempting to solve was to have a preconfigured TBB copy for accessing .i2p domains and other non-clearnet special TLDs and optimizing I2P operation when tunneled over Tor.
There was also the goal of having an I2P GW, but IMO it is too much work for what is likely inferior security.
Could you review https://www.whonix.org/w/index.php?title=I2P&oldid=53339&diff=cur please? @HulaHoop
Removed i2p repository. Using Debian package now.
https://www.whonix.org/wiki/I2P#Installation_and_Setup
But the Tor Browser local connection workaround is broken? Does not work for me.
Got some apparmor denied messages. Had to disable apparmor. Probably upstream issue but nobody else run into that yet? No Debian bug report yet. Or I just messed up.
Could you please get the i2p installation instructions back up to speed? @HulaHoop
No problem 
I tidied up the rest of that page, so it’s just Patrick’s query re: local connection workaround which you can hopefully fix.
For installation steps in Qubes-Whonix, I presume steps 1 - 3 are in the TemplateVM, while the others will be in the AppVM (we’ll need to explicitly define that too).
Yes, sudo apt-get update, sudo apt-get install i2p, sudo dpkg-reconfigure i2p in TemplateVM in Qubes. I would hope that step sudo dpkg-reconfigure i2p isn’t even required anymore now that there is a package from packages.debian.org.
The good news is I discovered this new setting that needs to be disabled to access the console on localhost:
network.proxy.allow_hijacking_localhost -> false
The bad news is no eepsites are reachable at all despite tunnels being formed. Maybe this needs privoxy to work? Will dig more.
Not working with privoxy either or after tweaking a lot of settings. I’m out of ideas. The connectivity is absolute shit. No tunnels are forming to sustain a healthy connection.
Anything in logs? Clock too inaccurate due to sdwdate? Debian package i2p version too outdated for the network?
OK - I can’t connect to any .i2p sites either.
But you can never get a connection to work to any I2P site - Tor Browser says “Error connecting to site XYZ. Try again later etc.” Nyx keeps showing the same error “Have tried resolving or connecting to address [scrubbed] at 3 different places. Giving up.” over and over.
Annoying.
Doesn’t like something about being tunneled over Tor and/or something in Whonix config.
It did not use to be that way. Perhaps they changed something that depends on UDP? Can you please try with a VPN (if you can)?
It would have been the case if it was properly connecting but .i2p pages don’t open - but not the case here.
Was a common error, but never fatal in the past.
Update:
Some progress. Got I2P to connect to its network. Some optimized settings probably help performance and tunnel setup speed. No VPN hack needed.
The TBB -> localhost:4444 step is broken because of some internal changes in Tor Browser. I confirmed it is working in plain firefox.
I want to see if secbrowser doesn’t need as much work to get it working. I’ve installed it in the WS but no icon for it anywhere appears.
That’s a “feature” to avoid showing up in Whonix.
The secbrowser package is just a metapackage. The “hidden” scripts can be run from here for testing:
/usr/share/anon-apps-config/usr++bin++secbrowser
/usr/share/anon-apps-config/usr++bin++download-secbrowserSetting:
extensions.torbutton.use_nontor_proxy true
Allows an I2P page to show up with this message:
The website was not reachable. The website is offline, there is network congestion, or your router is not yet well-integrated with peers. You may want to retry.
EDIT:
It works!
After changing:
network.proxy.share_proxy_settings true
Other settings:
network.proxy.http 127.0.0.1
network.proxy.http_port 8118
network.proxy.no_proxies_on 1
network.proxy.socks_remote_dns false
Privoxy installed and configured with forwarding settings from:
Secbrowser download attempt
user@host:~$ sudo sh /usr/share/anon-apps-config/usr++bin++download-secbrowser
/usr/share/anon-apps-config/usr++bin++download-secbrowser: 10: /usr/share/anon-apps-config/usr++bin++download-secbrowser: source: not found
Got I2P + TBB working see second post above.
I hope we can get this scripted and have I2P and a configured privoxy included OOTB to transform TBB into a I2P Browser on demand in a dedicated snapshot.
It’s bash. Not sh. And thanks to shebang neither sh nor bash needs to be prepended. Running a bash script with sh will break.
source: not found
sh doesn’t know command source.
Also no sudo required.
This approach may be better to restore SecBrowser in Whonix.
sudo dpkg-divert --rename --remove /usr/share/applications/secbrowser.desktop
sudo dpkg-divert --rename --remove /usr/bin/secbrowser
sudo dpkg-divert --rename --remove /usr/bin/download-secbrowser
Won’t survive upgrades.
There is i2pbrowser but nobody maintaining it.