Next
From Whonix
Warning[edit]
Documentation for the NEXT Whonix ™ version! ONLY for developers! No guarantee it really makes into the next Whonix ™ version.
OnionShare is installed by default, no need to get with git.
I2P[edit]
4. Adjust I2P Settings:
- I2P Tunnels Settings
Set the Inbound and Outbound Tunnel Length to 0:
sudo sed -i "s/\(.*outbound.length=\).*/\10/g;s/\(.*inbound.length=\).*/\10/g" "/var/lib/i2p/i2p-config/i2ptunnel.config"
- I2P Router Configuration
(Explanation in order) [2] more Options [3]
sudo su -c "cat > "/var/lib/i2p/i2p-config/router.config" << EOF i2np.laptopMode=true i2np.ntcp.enable=true i2np.ntcp.autoip=false i2np.ntcp.ipv6=false i2np.ntcp.maxConnections=20 i2np.udp.enable=false i2np.udp.addressSources=hidden i2np.udp.ipv6=false i2np.upnp.enable=false router.isHidden=true router.sharePercentage=0 router.updateDisabled=true time.disabled=true time.sntpServerList=127.0.0.1 EOF"
whonixcheck SSL Certificate Pinning[edit]
UNFINISHED! See: https://github.com/Whonix/Whonix/issues/24 [archive]
Advanced users only!
In Whonix-Gateway ™ and Whonix-Workstation ™.
You need torbrowser-launcher installed. [6] This is currently only available from stretch-backports. [7]
To enable this on a by case base, use the --pin-tpo-cert command line option. Example.
whonixcheck --pin-tpo-cert
Or to permanently enable this.
Create a file /etc/whonix.d/50_user.conf.
sudo nano /etc/whonix.d/50_user.conf
Add.
PIN_TPO_CERT="true"
Footnotes[edit]
- ↑ It is faster and less connection interrupts. Anonymity is already provided by Tor. No need to leech from Tor/I2P.
- ↑
- change router identity and UDP port when IP changes \n
- Enable NTCP https://geti2p.net/en/docs/transport/ntcp [archive]
- Disable automatic IP fetching # We dont want/need to publish the Exit-Node IP
- Disable Ipv6 for the NTCP #Unsupported by Tor so we dont need it
- Number of concurrent NTCP connections # Reduced Connections so we dont overload the Tor node with connection attempts
- Disable Udp #Unsupported by Tor
- Sets the source of IP detection
- We dont want/need to publish the Exit-Node IP
- Disable Ipv6 for Udp
- toggles UPNP off # No need for Upnp
- Don't save your IP in the netDB and publish to other I2P routers( https://trac.i2p2.de/ticket/1314#comment:3 [archive])
- Sets the bandwidth that is max used by particiapting tunnels # We dont participate in Traffic so no need to share
- Disable In-network Updates # We use apt for that
- Disable time comparisation in I2P router
- Set ntp timesource to localhost
- ↑ http://www.ugha.i2p.xyz/AdvancedConfigurationOptions [archive] , http://echelon.i2p.re/docs/advanced.options.txt [archive] and https://trac.i2p2.de/ticket/1677 [archive]
- ↑ UDP is unsupported by Tor. Only outgoing TCP supported by Tor. If you know to use an onion service, please add this information. Incoming connections are not possible, because Whonix-Workstation ™ is firewalled.
- ↑ Clock Skew Issues: There should be none anymore since Whonix ™ 9 so configuring time.sntpServerList=localhost is no longer necessary. Please report if they occur. (Old clock skew documentation moved to Deprecated#I2P.)
- ↑ Because torbrowser-launcher ships The Tor Projects SSL certificate
- ↑ https://packages.debian.org/stretch-backports/torbrowser-launcher [archive]
Whonix ™ is Supported by Evolution Host DDoS Protected VPS
Join us in testing our new AppArmor profiles [archive] for improved security! (forum discussion [archive])
https [archive] | (forcing) onion [archive]
Follow: 
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.
