Installation and Fix of i2p inside Whonix-Workstation by Default

Thinkablemellow · February 4, 2020, 3:38pm

Wouldnt this be against what is stated in the config ?

 If you have a 'split' directory installation, with configuration
 # files in ~/.i2p (Linux), %LOCALAPPDATA%\I2P (Windows),
 # or /Users/(user)/Library/Application Support/i2p (Mac), be sure to
 # edit the file in the configuration directory, NOT the install directory.
 # When running as a Linux daemon, the configuration directory is /var/lib/i2p
 # and the install directory is /usr/share/i2p .

Wouldnt we lose the changes when i2p is updated/reinstalled?

I would say no, since we need to wait for Tor first anyway and to not waste system resources for People who dont use i2p.

Connecting doesnt take that long so it wont be a benefit to autostart.

It should be close to zero when not in use because we are not routing other peoples traffic

Did you check a fresh Router without Userinput? I would guess the only traffic that is send/recv without any input is the first Reseeding.

Not sure, i’ll take a look. Maybe @eyedeekay can help , can someone ping him on git ?

This might be useful GitHub - eyedeekay/i2pdistro: Re-creating an I2P Linux Distro

HulaHoop · February 4, 2020, 4:42pm

You are right. /usr/share/i2p/router.config survives app purges and serves as an initial template for /var/ upon install. Any changes after that are ignored. Should I move the file there?

Patrick · February 4, 2020, 5:33pm

I don’t think we have a spare 128MiB. Due to many issues, we’re on a very tight RAM budget.

Default RAM:

Whonix-Gateway: 512 MB
Whonix-Workstation: 768 MB

Already require to use a hack for Whonix-Gateway: swap - swap file - Whonix-Gateway freezing during apt-get dist-upgrade - encrypted swap-file-creator

There is no Whonix-Host yet. Therefore we can not be more clever an automatically assign more RAM to users VMs if available.

Memory de-duplication had to be disabled due to security issues.

Opening too many Tor Browser tabs can already make a VM slow or freeze.

Desktop environments realistically available for Whonix (from packages.debian.org, OK usability, …) require more RAM nowadays than in past.

Whonix system requirement is 4 GB.
4 GB - 768 MB (workstation RAM) - 512 MB (gateway RAM) - 16 MB (gateway video RAM) - 128 MB (workstation video RAM) leaves the host with only around 2576 MB RAM. That’s not much and not even including any multiple Whonix-Workstation’s.

There is currently no Whonix News integrated into whonixcheck.

Yes but config-package-dev displace will sort that out for us.

No. config-package-dev displace will effectivly assign management of that file to package anon-apps-config.

Yes. i2p could be started on demand. Such as when people start i2pbrowser or other i2p apps if any?

Interesting! Wasn’t aware of it.

“Is there an I2P Linux Distro” or “Is iPredia still alive” or questions about I2P use in Whonix or TAILS is a very frequently asked question on reddit

Had no idea.

Official inclusion in Whonix is dependent on inclusion in Debian,

Is this still applicable / up to date? Debian -- Details of package i2p-router in buster now exists and here we are discussing i2p installation by default in Whonix.They mean for i2p apps?

Btw what about Debian -- Details of package syndie in buster? I don’t recall testing it but it’s a suggested package by i2p-router package. Should be pre-installed too? Still a tool up to date / recommended / requested / in use / etc?

Yes.

Thinkablemellow · February 4, 2020, 9:19pm

We can try to lower that and see how it impacts performance, but these Defaults seem to me quite Outdated.
I remember a Poll about that here on the Forum, is this really an Issue ?

In what kind of Setup? I’ve never had an Issue even with 4GB RAM on an old Qubes Laptop.

Is there a special reason for that?
RAM isnt that expensive and older Hardware isnt Supported due to missing VT-XYZ Stuff so its kinda odd.

Nice good to know, i’ll take a look thx

I’ve seen this request a couple of times but i’m not a frequent reddit lurker

I think it was depending on your requirements, so i guess no?
No i think he means the I2P Router itself

I would say no, its not really that useful (at least what i’ve seen when i tested it) and its easily installed later if someone wants it.
Bote would be nice but AFAIK there is no package for that.

Patrick · February 5, 2020, 6:06am

github.com/Whonix/anon-apps-config

Eepsite docroot disable redux

Whonix:master ← eyedeekay:eepsite-docroot-disable-redux

opened 04:45PM - 05 Dec 22 UTC

eyedeekay

+4 -25

Disables the built-in hidden site by default, neither jetty nor the correspondin…g tunnel will start in this configuration, thereby eliminating the need for all the shipped jetty configuration files. Example config can still be found in /usr/share/i2p/eepsite, if the user wishes to use the built-in hidden site they need only copy those files to /var/lib/i2p/i2p-config and re-enable the site.

A quick test has shown that config values are inherited as expected.

Other file maybe useful for editing.

apt-file list i2p-router

/usr/share/i2p/blocklist.txt
/usr/share/i2p/clients.config
/usr/share/i2p/i2psnark.config
/usr/share/i2p/i2ptunnel.config
/usr/share/i2p/router.config

Patrick · February 5, 2020, 6:18am

Yes, can be (re-)considered.

https://twitter.com/Whonix/status/1070983624105676801

Debian, VirtualBox, Whonix default RAM settings.

Qubes / Qubes-Whonix manages RAM far more efficiently.

Simplified said, “There is no GUI running inside VM.” I mean by that, no “full X server”, lightdm, XFCE is running inside a VM. XFCE desktop environment packages aren’t even installed by default in VMs. X running inside Qubes VMs is connected to X running in dom0. The de-duplication of that saves a ton of RAM.
Qubes RAM management isn’t as static as “if VM is started, assign it to VM in full”. It dynamically assigns RAM. I.e. VMs that are just auto started but idle need far less RAM. Not sure this might be called memory ballooning.

Therefore Qubes / Qubes-Whonix cannot be compared much to Non-Qubes-Whonix as far as RAM requirements are going.

No idea. i2p-router is in packages.debian.org and there is now also:

Depends but things might have changed now.

As per https://geti2p.net/en/docs/applications/supported there are bundled apps, third party plugins. Perhaps it’s about these third party plugins which aren’t packaged but the point? Didn’t read much and not sure which ones he might be referring to.

Thinkablemellow · February 5, 2020, 3:53pm

https://eyedeekay.github.io/I2P-in-Private-Browsing-Mode-Firefox/

Just found this, damn its hard to keep up with this guy

This seems like a great way to replace privoxy if/when it gets deprecated and to have a visual distinction between TBB and I2P Browser, what do you think?

Edit: https://www.reddit.com/r/i2p/comments/eljqgd/experimental_webextension_i2p_in_private_browsing/
A few helpful comments from eyedeekay

Thinkablemellow · February 5, 2020, 4:26pm

Out of curiosity why do you think its inferior security, could you please elaborate ?

HulaHoop · February 5, 2020, 4:59pm

Almost all factors that have nothing to do with I2P code quality:

Increased theoretical attack surface

possibility of misconfiguring iptables and ending up with leaks

users mistakenly executing apps and plugins on the gw which would be a disaster for isolation design. (I have no idea if I2P can support a split design where apps can run on a different machine than where the router is)

the fact that most routers are run by people on home OSs like Windows, likely proprietary and surveillance friendly instead of Tor’s network mostly Debian based. Who knows what kind of traffic flow info MS collects?

Thinkablemellow · February 5, 2020, 6:51pm

@HulaHoop Thanks for the elaboration

Some more exiting stuff i’ve found regarding I2P Browser
https://www.reddit.com/r/i2p/comments/e7vnyx/i2p_browser/fa6qscz/

A little more info on what’s going to start happening in the next few months with the I2P browser: We’ve been thinking about the future of I2P Browser as a project, with regard to what is most important about it especially, and that has at times revealed a pretty boring picture. We can get better and better at backporting Tor patches and we are, but that really just leaves us with a Tor Browser clone where we’ve subbed in I2P for Tor. So now we’re in the final phases of adapting Tor Browser’s build infrastructure for our purposes, we have ways to confirm that we’ve done so successfully, what’s next is that we start modernizing the way you interact with the applications that come with I2P from the I2P browser. For instance, very soon we plan to make bittorrent(via I2PSnark) work as first-class downloads within Firefox, with familiar browser-like dialogs and menu integration, no more copy-and-pasting magnet links or copying torrent files into directories to operate the torrent client for I2P browser users. There are plenty of similar little rough edges in how I2P(Especially I2P web browsing) has always worked that we may have an opportunity to ease away with the browser. So it’s very hard to say when it will be “Stable” exactly, it’s not going to be stable for some time in that we’re carefully working on features and trying to make it all cohesive, which will take some time, and most definitely isn’t what we’ll have in January. What we’ll have in January is one where we’re very sure that we’re good enough at adapting the features we need in a timely manner to work on better things.

It looks like i(/we?) should focus more on the I2P Browser and the changes needed to it (especially for the WS) than the I2P Router for an easy to use I2P Setup,the problem then would be the low amount of RAM for running I2PB and TBB at the same time.
https://geti2p.net/en/browser

I played with it a couple of hours and it runs well like the “normal” i2p router, its a pretty out of the box solution.
I tested Torrent,mail,our router config,reseeding via Tor and a couple of other settings, it uses 1.5-2GB of RAM when in heavy use (thats to be expected for a Browser i would say).
The Update Fails for some reason but besides that i havent encountered any issues besides the usual I2P quirks.

Patrick · February 6, 2020, 10:53am

HulaHoop · February 6, 2020, 2:15pm

Thanks to @eyedeekay’s code I was able to tweak the default TBB to work with privoxy with the latest TBB. What extra benefits do we get from using their project instead of what we do right now?

A custom I2P landing page would be a nice little addition to the current i2pbrowser script but not necessary.

HulaHoop · February 8, 2020, 8:18pm

9 posts were split to a new topic: I2P Tweaks and Suggesitons

HulaHoop · February 8, 2020, 8:19pm

Let’s keep this thread dedicated to the progress and status of I2P support only. Any ideas or suggestions should be discussed in the other thread. Thanks.

Patrick · February 12, 2020, 9:02am

github.com/eyedeekay/i2pdistro

Status of this project? / Whonix-Workstation i2p Default Installation

opened 09:02AM - 12 Feb 20 UTC

adrelanos

Work was recently done towards installing i2p by default inside Whonix-Workstati…on. Packages i2p, i2p-router, preconfigured router config and [i2pbrowser](https://github.com/Whonix/tb-starter/blob/master/usr/bin/i2pbrowser) were brought up to speed. This discussion happened here: https://forums.whonix.org/t/installation-and-fix-of-i2p-inside-whonix-workstation-by-default/8610 Quote https://github.com/eyedeekay/i2pdistro#why-not-tails-or-whonix > Official inclusion in Whonix is dependent on inclusion in Debian, but we may be able to generate VM Images of the style used for Qubes-Whonix independently while working on that problem. Currently regarding this as a major stretch goal but I might be able to get some help on it. There is now https://packages.debian.org/i2p-router so that would be resolved? Is there other software than i2p-router that would be installed by default in i2pdistro? I said a lot things in past. Sometimes perhaps in confusing ways. Things might have changed. Context also depends on "Patrick should do it" vs "there's a maintainer". Let's see. Happy to discuss.

Patrick · February 13, 2020, 12:41pm

Patrick · February 13, 2020, 8:26pm

How is 15.0.0.8.7? Does it work for you? For me only partially. I sudo apt install --no-install-recommends i2p i2p-router privoxy. Then started i2pbrowser from command line and opened http://127.0.0.1:7657. Web interface was functional but clicking any i2p domains failed with a privoxy error message. Expected?

HulaHoop · February 13, 2020, 11:26pm

Takes time for the router to integrate. eepsite connections are a wash. Some work sometimes, then don’t. Could be poor perf parameters we have or the network is overloaded.

@Thinkablemellow can you please come up with optimal bandwidth settings?

Thinkablemellow · February 14, 2020, 4:33am

yes, but i think the main issue is startup time and tunnel length.
I guess the notification from my old setup would also be handy here, so People know when the Router is ready ?

Did you wait 10-15min? I2P takes some time

Patrick · February 14, 2020, 6:10am

Reworded I2P local browser welcome page.

Please review.

No.

Ok, will try.

Yes. Patches welcome.