I want to know if there’s a way to create a Whonix Gateway (Net VM) with User > I2P > Tor > Destination as connection schema. Want to do this to prevent Kax17.
I don’t think so but happy to be proven wrong.
There would need to a sys-i2p VM which routes all traffic over Tor.
sys-whonix is a VM that routes all traffic over Tor.
sys-vpn is a VM that routes all traffic over a VPN.
sys-proxy is a VM that routes all traffic over a proxy. (ProxyBOX)
I am not aware of any ready made or instructions for sys-i2p.
Not even sure that’s possible. i2p is primarily designed as a network where traffic stays within the network. It would require for traffic leaving the i2p network before it can enter something else (clearnet or the Tor network). There used so called outproxies for i2p but I am not aware if any are still being provided. Even if they were, it seems unlikely to be that keep using the same i2p → same (very few) outproxies → Tor would solve Kax17.
Also the author of Kax17 or anyone else so far I haven’t seen to imply that the solution for these issues are as simple adding another tunnel-link such as i2p.
sys-i2p is unspecific to Whonix.
I think it can fix Kax17, since with i2p the tor relays don’t know who you are. But i don’t have any idea to make an sys-i2p as outproxy to have clearnet traffic. i will search, study, and will try it. I will update this if i have any notices.
… It’s nowhere near ready to be integrated into Whonix, but I’m able to run a Tor bridge which makes itself available as an I2P endpoint, and which can be accessed over a standard tunnel. I’m also working on automating this process by using SAMv3 connections as Tor pluggable transports. It’s basically a “dummy” transport which offloads the transformation of the traffic to an I2P connection.
Among other things:
- I do not know that this is a good idea
- I do not think that this adequate to deal with sybil attacks, the only way that it might make sybil attacks more difficult is to make attackers target 2 networks instead of just 1.
- I know for sure that the performance impact will be noticeable
- I know for sure that it’s not easy yet
But I do think that if I2P may be more difficult to block in some cases, and may present some opportunities for anti-enumeration for bridges and their clients. If this is the case, then using I2P as a transport for some Tor traffic might be a good idea. It’s wildly experimental but we can talk about it if you want.
2 Likes
I’m happy to hear that! I want to know more about it, sure. I think that use this combination is more secure than using only tor. My objective it’s to have Qubes OS torified, non-clearnet traffic by default and have the maximium anonymity i can have. The only issue for me to use I2P with Tor it’s the performance.