Installation and Fix of i2p inside Whonix-Workstation by Default

Out of curiosity why do you think its inferior security, could you please elaborate ?


Almost all factors that have nothing to do with I2P code quality:

Increased theoretical attack surface

possibility of misconfiguring iptables and ending up with leaks

users mistakenly executing apps and plugins on the gw which would be a disaster for isolation design. (I have no idea if I2P can support a split design where apps can run on a different machine than where the router is)

the fact that most routers are run by people on home OSs like Windows, likely proprietary and surveillance friendly instead of Tor’s network mostly Debian based. Who knows what kind of traffic flow info MS collects?


@HulaHoop Thanks for the elaboration

Some more exiting stuff i’ve found regarding I2P Browser

A little more info on what’s going to start happening in the next few months with the I2P browser: We’ve been thinking about the future of I2P Browser as a project, with regard to what is most important about it especially, and that has at times revealed a pretty boring picture. We can get better and better at backporting Tor patches and we are, but that really just leaves us with a Tor Browser clone where we’ve subbed in I2P for Tor. So now we’re in the final phases of adapting Tor Browser’s build infrastructure for our purposes, we have ways to confirm that we’ve done so successfully, what’s next is that we start modernizing the way you interact with the applications that come with I2P from the I2P browser. For instance, very soon we plan to make bittorrent(via I2PSnark) work as first-class downloads within Firefox, with familiar browser-like dialogs and menu integration, no more copy-and-pasting magnet links or copying torrent files into directories to operate the torrent client for I2P browser users. There are plenty of similar little rough edges in how I2P(Especially I2P web browsing) has always worked that we may have an opportunity to ease away with the browser. So it’s very hard to say when it will be “Stable” exactly, it’s not going to be stable for some time in that we’re carefully working on features and trying to make it all cohesive, which will take some time, and most definitely isn’t what we’ll have in January. What we’ll have in January is one where we’re very sure that we’re good enough at adapting the features we need in a timely manner to work on better things.

It looks like i(/we?) should focus more on the I2P Browser and the changes needed to it (especially for the WS) than the I2P Router for an easy to use I2P Setup,the problem then would be the low amount of RAM for running I2PB and TBB at the same time.

I played with it a couple of hours and it runs well like the “normal” i2p router, its a pretty out of the box solution.
I tested Torrent,mail,our router config,reseeding via Tor and a couple of other settings, it uses 1.5-2GB of RAM when in heavy use (thats to be expected for a Browser i would say).
The Update Fails for some reason but besides that i havent encountered any issues besides the usual I2P quirks.

1 Like

Thanks to @eyedeekay’s code I was able to tweak the default TBB to work with privoxy with the latest TBB. What extra benefits do we get from using their project instead of what we do right now?

A custom I2P landing page would be a nice little addition to the current i2pbrowser script but not necessary.


9 posts were split to a new topic: I2P Tweaks and Suggesitons

Let’s keep this thread dedicated to the progress and status of I2P support only. Any ideas or suggestions should be discussed in the other thread. Thanks.

1 Like
1 Like

How is Does it work for you? For me only partially. I sudo apt install --no-install-recommends i2p i2p-router privoxy. Then started i2pbrowser from command line and opened Web interface was functional but clicking any i2p domains failed with a privoxy error message. Expected?

1 Like

Takes time for the router to integrate. eepsite connections are a wash. Some work sometimes, then don’t. Could be poor perf parameters we have or the network is overloaded.

@Thinkablemellow can you please come up with optimal bandwidth settings?

1 Like

yes, but i think the main issue is startup time and tunnel length.
I guess the notification from my old setup would also be handy here, so People know when the Router is ready ?

Did you wait 10-15min? I2P takes some time


Reworded I2P local browser welcome page.

Please review.


Ok, will try.

Yes. Patches welcome.


There is currently 1 blocker for installing I2P by default in Whonix-Workstation.
Currently I2P (usual systemd unit file) is automatically started for users who upgrade from Whonix developers repository. And I don’t think we want to make all of Whonix users briefly connect to I2P during upgrade until next reboot for security reasons. I2P start was supposed to be opt-in, not default.

Autostart of privoxy and i2p systemd unit files gets disabled in anon-apps-config /lib/systemd/system-preset/50-anon-apps-config.preset, yes, but that package gets installed only after the i2p package is installed during the upgrade process. [1]

This could be handled in next release upgrade Whonix 15 buster -> Whonix 16 bullsyee.

[1] That config file /lib/systemd/system-preset/50-anon-apps-config.preset is functional. It works for privoxy non-autostart but not for i2p non-autostart. It depends on the order in which packages are installed. Both, i2p and privoxy will not be autostarted after reboot.

1 Like
1 Like

Bug: i2pbrowser does not show i2p local browser homepage.

To debug, I have edited /usr/share/tb-profile-i2p/start-i2p-browser to add

#!/usr/bin/env bash

set -x

and saw that variable TOR_DEFAULT_HOMEPAGE is correctly set to /usr/share/homepage/i2pbrowser/i2p-diffs.html.

Opening /usr/share/homepage/i2pbrowser/i2p-diffs.html in i2pbrowser is also functional.

Therefore I am clueless why i2p local browser homepage does not open.

Might or might not be related:

tb-starter /usr/share/tb-profile-i2p/start-i2p-browser

  • What is the purpose of it?
  • Is it really needed?
  • If not needed: Removed please (plus /usr/bin/torbrowser integration.
  • If needed: please forward port changes to ~/.tb/tor-browser/Browser/start-tor-browser (changes by Tor Project, not me) to /usr/share/tb-profile-i2p/start-i2p-browser since their changes might be needed. There should not be any unexplained difference.

yeah this is no good for an opt-in, on the other hand is it really that bad to connect to i2p briefly? its trough Tor anyway. Obviously your call.

Sounds good to me, i dont think there is any rush for this, people who want to use it now can use the wiki to do so.

Looking in to it

roger that


Thinkablemellow via Whonix Forum:

yeah this is no good for an opt-in, on the other hand is it really that bad to connect to i2p briefly? its trough Tor anyway. Obviously your call.

It would make all of Whonix users vulnerable to the attack surface
provided by I2P. I am not saying I2P has any remote exploitable
vulnerabilities but just from a security theoretic perspective it ought
to be avoided to expose all users to that risk even though they might
not be interested in I2P at all.


Is it an I2P setting? If trivial to add let’s do it.

1 Like

Sadly no

Not trivial but also not complicated if we use i2pcontrol, i’ll look what i can do

Another Issue we have to address is the old Version in the Debian Repos, its nonsensical to add an old version to whonix by default.
So this should also be a blocker for the inclusion.

I tested this Setup and can confirm that its working (i waited 15-20min) and also have the same issues with i2pbrowser Patrick has, still looking into that.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]