-
enabling apparmor for i2p (via dpkg-reconfigure) breaks browser interaction
-
proxy switcher is a no-go. 1) Filesystem loading error when trying to install in i2pbrowser 2) TBB defaults too powerful for it to be changed successfully when installing in regular TBB 3) Even if it works I can;t find where it installs its custom settings and we would need to figure out how to script TBB to see the addon
-
Modified user.js to point to 8118 works with privoxy installed and configured. IMO this is the only practical and possible approach to make the browser more flexible and useful. We should use it until the day Debian decides to throw out privoxy from upstream for some reason Iâll submit pulls if agreed.
-
I2P stores its conf data in /usr/share/i2p/. What is the best way to ship a custom config? dpkg hook?
This thread has been idle for over a month. Does that mean that i2p-inside-Whonix-Workstation is supposed to be working? I ask because Iâm having trouble getting it to work. Here is what I did: I
- started with a working Whonix-workstation
- followed the instructions at /wiki/I2P exactly
- looked at the console (127.0.0.1:7657) and noted that
a. Under âLocal Tunnelsâ in the sidebar, âShared Clientsâ and âShared Clients (DSA)â have green stars next to them
b. A sidebar warning that says, âNetwork: ERR-UDP Disabled and Inbound TCP host/port not setâ, but the instructions say not to worry about it
c. âBandwidth In/Outâ in the sidebar shows activity on each row â not a lot of it, but enough to show that it seems to be alive
âŚand yet, when I click any of the eepsite links in the console pages, they fail to load. Is the status of this project known to be broken or is it expected to work?
Somehow I missed this one. Therefore I did not even address the easy ones.
Ok.
/usr/share/i2p looks like distribution defaults.
/etc/i2p looks like for local system administrator.
Since there is no /etc/i2p.d or .d otherwise (related), I think the next best thing please use /etc/i2p folder.
A hook to do what? But probably not needed.
(related)
If there is no forum and wiki history, then probably nothing happened since.
I guess I asked on the wrong forum; this one is for development, not help; it just happened to be the closest thing that came up in Google. Is there someplace better for my question? I didnât find any other forums about i2p-on-Whonix.
Thanks.
I see. Well in this case it wouldnât help much either to create a support forum subject since weâre already aware of it. Itâs simply not done yet.
OK so next up:
- custom i2p settings
- custom privoxy
?
How do we do the latter without .d support?
Here is the i2p config with optimized networking at this location
/var/lib/i2p/i2p-config/router.config
i2np.bandwidth.inboundBurstKBytes=39062
i2np.bandwidth.inboundBurstKBytesPerSecond=1953
i2np.bandwidth.inboundKBytesPerSecond=1903
i2np.bandwidth.outboundBurstKBytes=39062
i2np.bandwidth.outboundBurstKBytesPerSecond=1953
i2np.bandwidth.outboundKBytesPerSecond=1903
i2np.ipv4.firewalled=true
i2np.ipv6.firewalled=false
i2np.laptopMode=false
i2np.lastCountry=kr
i2np.lastIP=121.124.129.92
i2np.lastIPChange=1575905695285
i2np.ntcp.autoip=false
i2np.ntcp.enable=true
i2np.ntcp.ipv6=false
i2np.ntcp2.iv=XXXXXXXXXXXX==
i2np.ntcp2.sp=XXXXXXXXXXXX=
i2np.udp.addressSources=hidden
i2np.udp.enable=false
i2np.udp.ipv6=false
i2np.upnp.enable=false
jbigi.lastProcessor=Piledriver/64
router.blocklistVersion=1572450269000
router.dynamicKeys=false
router.firstInstalled=1575904873094
router.firstVersion=0.9.38
router.inboundPool.randomKey=XXXXXXXXXXXX=
router.isHidden=true
router.outboundPool.randomKey=XXXXXXXXXXXX=
router.passwordManager.migrated=true
router.previousVersion=0.9.38
router.rebuildKeys=false
router.sharePercentage=50
router.startup.jetty9.migrated=true
router.updateDisabled=true
router.updateLastInstalled=1575904873094
routerconsole.country=
routerconsole.lang=en
routerconsole.newsLastChecked=1580490006951
routerconsole.newsLastUpdated=1580490006951
routerconsole.welcomeWizardComplete=trueWriting into /etc/i2p folder is OK.
Writing into /var/lib/i2p/i2p-config folder is OK too.
Not sure which is better. I guess the latter is even better if that works. Then local system administrator can easily overrule our config? I guess priority lowest is /usr/, second is /var and highest is /etc? Might be i2p application specific.
OK. I will experiment with /etc/ and see if it overrides everything else and pull the trigger if it does.
Not sure which package would fit. GitHub - Whonix/anon-apps-config ?
vs dependencies vs default installationâŚ
Yes but we must have included i2p and all deps before adding it, otherwise installing it manually would overwrite the file?
Update:
Merely adding a new config in any of these directories has no effect whatsoever.
Digging thru Goldsteinâs steps he relied on sed to modify router.config
The official documentation makes no mention of how to do custom confs.
No such issue. Overwriting / file conflicts is only a problem if two different packages want to put a file to the same location.
For example no package yet ships file /etc/i2p/router.config. Therefore issue if anon-apps-config ships /etc/i2p/router.config.
The timing when anon-apps-config and when i2p gets installed doesnât matter from a packaging file conflicts perspective. Since no i2p package ships file /etc/i2p/router.config there is no conflict.
(The timing only matters for usability but once upgraded or new build anon-apps-config will be already installed before users have time to manually install i2p.)
This was a theoretic reply since I didnât test if the i2p application actually makes use of /etc/i2p/router.config.
Not good. I guess we just need to figure out the proper file path.
If /var/lib/i2p/i2p-config/router.config is regarded by i2p I would imagine that
/etc/i2p/router.configOR/etc/i2p/i2p-config/router.config
would overrule /var/lib/i2p/i2p-config/router.config. Please ask upstream about this. Ask if Debian ships a file /var/lib/i2p/i2p-config/router.config then how derivative distributions such as Whonix or local system administrators would configure their i2p daemon. Which file location to use.
Thatâs really hacky, often fragile and should only be last resort if upstream is aware and there is no better solution yet.
/var/lib/i2p/i2p-config/router.config is not really âownedâ (not managed by its APT package) by any i2p package.
dpkg -S /var/lib/i2p/i2p-config/router.config
dpkg-query: no path found matching pattern /var/lib/i2p/i2p-config/router.config
No surprise since file location in in /var.
But we donât know by what and how /var/lib/i2p/i2p-config/router.config is (re-)generated. Any manual change (or change by sed) might be reverted later (such as perhaps on pacakge upgrades) which would then break the functionality provided by the sed hack.
See also:
cat /usr/share/doc/i2p-router/README.Debian
cat /lib/systemd/system/i2p.service
cat /etc/default/i2p
cat /etc/i2p/wrapper.config
@Patrick good catch. Changes made in /var/lib/i2p/i2p-config/router.config override the other instances of router.config. Iâll work on a pull request.
For tunnel lengths, letâs stick to defaults? that way we stack protection of both networks in case a Tor users is compromised by a malicious guard?
Great! Please add default config first. Then make changes to that file so we can better show which changes are made by Whonix.
No idea. Defaults sounds good. Anything else could be considered future work.
Good. So going by that, I imagine we can ship a custom privoxy file too?
Another question, do we want to disable the I2P first run wizard, set lang to English and set the bandwidth?
privoxy: somehow we can. Please work on the config. I will think about where to place to file etc.
Please also see apt-file list privoxy and read all the human readable files such as /lib/systemd/system/privoxy.service.
Should we modify the default behavior of privoxy when installed by replacing its default config somehow? Or should user installed privoxy / i2p privoxy we separate privoxy processes? The latter I am not sure yet how difficult / useful.