Prerequesites

  • Qubes OS R4.1 or later with Whonix Gateway (GW) and Workstation (WS) installed (16 or later).

Step 1: A Qube is Born

The older I2P guide we made previously is somewhat confusing and very technically challenging especially for beginners. While we don’t want to encourage beginners to rely on the inherent security of Qubes, we want
them to learn and become more knowledgeable about how Qubes can and can’t protect you. Please take some time and read the whonix.org/wiki/Documentation to learn more about online anonymity and privacy. To quickly get I2P up and running on Qubes, you can follow this simple guide.

First we need to create a new StandaloneVM that will keep all of our I2P information.

To create a new StandaloneVM:

  • Open your Qube Manager and select “New Qube”.
  • Name your qube and set the colour.
  • Set the type to StandaloneVM.
  • Set the template to “whonix-ws-XX” where XX is your whonix version (16 or 17)
  • Set the networking to “sys-whonix”
  • Click OK

Launch the new Qube by going to the blue Qubes Start Menu and selecting Your Qube > Xfce Terminal. Update your qube:

sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y

Step 2: I2PD, a better solution

In our personal experience, I2PD just works better than the Java implementation. However, the debian repositories available in Whonix Workstation ship broken I2PD packages and you will run into a segmentation fault. Let’s install it by following the official I2PD readthedocs! With your new StandaloneVM qube open, run the following commands:

sudo apt install apt-transport-https
wget -q -O - https://repo.i2pd.xyz/.help/add_repo | sudo bash -s -
sudo apt update
sudo apt install i2pd

Now we have a working version of I2PD on our system!

Step 3: Configuration

There’s so much you can change with I2PD’s simple configuration files, they are even commented so you don’t need any documentation. Simply read the config file to learn more about it’s possibilities! We need to
disable a few things just to be safe:

sudo nano /etc/i2pd/tunnels.conf

This will open the tunnels configuration for I2PD, you will see the uncommented tunnel information for an IRC client. You can simply remove everything from this file or just comment the enabled tunnels and save.
You might also want to change some settings in:

sudo nano /etc/i2pd/i2pd.conf

Read through this file to better understand it’s capabilities. After editing, you can enable I2PD on startup and start the service for use right now!

sudo systemctl enable i2pd
sudo systemctl restart i2pd

Step 4: Tor Browser

Since you are running I2P on the Whonix Workstation, you have to modify some Tor Browser settings in order to connect to the I2P http proxy. Go to the blue Qubes Start Menu and select Your Qube > Tor Browser
(AnonDist). Once open, you should first edit your security settings by clicking the Shield icon in the top right corner. Set this setting to “Safest” for maximum security (this disables JavaScript which is still
capable of deanonymization on I2P).

  • Navigate to about:config in the address bar and proceed past the warning.
  • Set the following settings:
extensions.torbutton.use_nontor_proxy => true
network.proxy.http = 127.0.0.1
network.proxy.http_port = 4444
network.proxy.no_proxies_on = 127.0.0.1
dom.security.https_first_pbm = false
dom.security.https_only_mode = false
dom.security.https_only_mode_pbm = false

Conclusion

You can now navigate to your I2P console at 127.0.0.1:7070in the Tor Browser. Here you can see your Routers, Floodfills, and Tunnels. You may have to wait 10-20 minutes to gather enough tunnels to
connect to eepSites.

Thanks for reading! If you have any additions, corrections, or questions, please leave them in the comments and we will answer them as soon as possible. Have a super day and stay vigilant!

Steve Dark

By Steve Dark

Steve Dark is a seasoned cybersecurity professional with over 10 years of experience in the field. He holds a Bachelor's degree in Computer Science from Stanford University and a Master's degree in Cybersecurity from MIT. Steve is known for his meticulous attention to detail and his ability to identify even the most subtle security vulnerabilities. When he's not researching protocols or playing in HackTheBox, Steve enjoys sipping on his favorite tea blend while munching on his favorite cookies. Despite his serious profession, Steve has a playful side and loves engaging in friendly hacking competitions with colleagues and peers