Warning[edit]

There is currently no testers-only version of Whonix.

Documentation for the NEXT Whonix ™ version! ONLY for developers! No guarantee it really makes into the next Whonix ™ version.

OnionShare is installed by default, no need to get with git.

I2P[edit]

4. Adjust I2P Settings:

I2P Tunnels Settings

Set the Inbound and Outbound Tunnel Length to 0:

sudo sed -i "s/\(.*outbound.length=\).*/\10/g;s/\(.*inbound.length=\).*/\10/g" "/var/lib/i2p/i2p-config/i2ptunnel.config"

sudo sed -i "s/\(.*outbound.length=\).*/\10/g;s/\(.*inbound.length=\).*/\10/g" "/var/lib/i2p/i2p-config/i2ptunnel.config"

^[1]

I2P Router Configuration

(Explanation in order) ^[2] more Options ^[3]

sudo su -c "cat > "/var/lib/i2p/i2p-config/router.config" << EOF
i2np.laptopMode=true
i2np.ntcp.enable=true
i2np.ntcp.autoip=false
i2np.ntcp.ipv6=false
i2np.ntcp.maxConnections=20
i2np.udp.enable=false
i2np.udp.addressSources=hidden
i2np.udp.ipv6=false
i2np.upnp.enable=false
router.isHidden=true
router.sharePercentage=0
router.updateDisabled=true
time.disabled=true
time.sntpServerList=127.0.0.1
EOF"

sudo su -c "cat > "/var/lib/i2p/i2p-config/router.config" << EOF
i2np.laptopMode=true
i2np.ntcp.enable=true
i2np.ntcp.autoip=false
i2np.ntcp.ipv6=false
i2np.ntcp.maxConnections=20
i2np.udp.enable=false
i2np.udp.addressSources=hidden
i2np.udp.ipv6=false
i2np.upnp.enable=false
router.isHidden=true
router.sharePercentage=0
router.updateDisabled=true
time.disabled=true
time.sntpServerList=127.0.0.1
EOF"

^[4]^[5]

whonixcheck SSL Certificate Pinning[edit]

UNFINISHED! See: https://github.com/Whonix/Whonix/issues/24

Advanced users only!

In Whonix-Gateway ™ and Whonix-Workstation ™.

You need torbrowser-launcher installed. ^[6] This is currently only available from stretch-backports. ^[7]

To enable this on a by case base, use the --pin-tpo-cert command line option. Example.

whonixcheck --pin-tpo-cert

Or to permanently enable this.

Create a file /etc/whonix.d/50_user.conf.

sudo nano /etc/whonix.d/50_user.conf

Add.

PIN_TPO_CERT="true"

Footnotes[edit]

↑ It is faster and less connection interrupts. Anonymity is already provided by Tor. No need to leech from Tor/I2P.
↑
- change router identity and UDP port when IP changes \n
- Enable NTCP https://geti2p.net/en/docs/transport/ntcp
- Disable automatic IP fetching # We dont want/need to publish the Exit-Node IP
- Disable Ipv6 for the NTCP #Unsupported by Tor so we dont need it
- Number of concurrent NTCP connections # Reduced Connections so we dont overload the Tor node with connection attempts
- Disable Udp #Unsupported by Tor
- Sets the source of IP detection
- We dont want/need to publish the Exit-Node IP
- Disable Ipv6 for Udp
- toggles UPNP off # No need for Upnp
- Don't save your IP in the netDB and publish to other I2P routers( https://trac.i2p2.de/ticket/1314#comment:3)
- Sets the bandwidth that is max used by particiapting tunnels # We dont participate in Traffic so no need to share
- Disable In-network Updates # We use apt for that
- Disable time comparisation in I2P router
- Set ntp timesource to localhost
↑ http://www.ugha.i2p.xyz/AdvancedConfigurationOptions , http://echelon.i2p.re/docs/advanced.options.txt and https://trac.i2p2.de/ticket/1677
↑ UDP is unsupported by Tor. Only outgoing TCP supported by Tor. If you know to use an onion service, please add this information. Incoming connections are not possible, because Whonix-Workstation ™ is firewalled.
↑ Clock Skew Issues: There should be none anymore since Whonix ™ 9 so configuring time.sntpServerList=localhost is no longer necessary. Please report if they occur. (Old clock skew documentation moved to Deprecated#I2P.)
↑ Because torbrowser-launcher ships The Tor Projects SSL certificate
↑ https://packages.debian.org/stretch-backports/torbrowser-launcher

No user support in comments. See Support. Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.

Enable comment auto-refresher

Random News:

We are looking for maintainers and developers.

https | (forcing) onion

Follow: Twitter | Facebook | gab.ai | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

[1] It is faster and less connection interrupts. Anonymity is already provided by Tor. No need to leech from Tor/I2P.

[2] 
change router identity and UDP port when IP changes \n

Enable NTCP https://geti2p.net/en/docs/transport/ntcp

Disable automatic IP fetching # We dont want/need to publish the Exit-Node IP

Disable Ipv6 for the NTCP #Unsupported by Tor so we dont need it

Number of concurrent NTCP connections # Reduced Connections so we dont overload the Tor node with connection attempts

Disable Udp #Unsupported by Tor

Sets the source of IP detection

We dont want/need to publish the Exit-Node IP

Disable Ipv6 for Udp

toggles UPNP off # No need for Upnp

Don't save your IP in the netDB and publish to other I2P routers( https://trac.i2p2.de/ticket/1314#comment:3)

Sets the bandwidth that is max used by particiapting tunnels # We dont participate in Traffic so no need to share

Disable In-network Updates # We use apt for that

Disable time comparisation in I2P router

Set ntp timesource to localhost

[3] router identity and UDP port when IP changes \n

[4] Enable NTCP https://geti2p.net/en/docs/transport/ntcp

[5] Disable automatic IP fetching # We dont want/need to publish the Exit-Node IP

[6] Disable Ipv6 for the NTCP #Unsupported by Tor so we dont need it

[7] Number of concurrent NTCP connections # Reduced Connections so we dont overload the Tor node with connection attempts

[8] Disable Udp #Unsupported by Tor

[9] Sets the source of IP detection

[10] We dont want/need to publish the Exit-Node IP

[11] Disable Ipv6 for Udp

[12] toggles UPNP off # No need for Upnp

[13] Don't save your IP in the netDB and publish to other I2P routers( https://trac.i2p2.de/ticket/1314#comment:3)

[14] Sets the bandwidth that is max used by particiapting tunnels # We dont participate in Traffic so no need to share

[15] Disable In-network Updates # We use apt for that

[16] Disable time comparisation in I2P router

[17] Set ntp timesource to localhost

[3] ttp://www.ugha.i2p.xyz/AdvancedConfigurationOptions , http://echelon.i2p.re/docs/advanced.options.txt and https://trac.i2p2.de/ticket/1677

[4] UDP is unsupported by Tor. Only outgoing TCP supported by Tor. If you know to use an onion service, please add this information. Incoming connections are not possible, because Whonix-Workstation ™ is firewalled.

[5] Clock Skew Issues: There should be none anymore since Whonix ™ 9 so configuring time.sntpServerList=localhost is no longer necessary. Please report if they occur. (Old clock skew documentation moved to Deprecated#I2P.)

[6] Because torbrowser-launcher ships The Tor Projects SSL certificate

[7] ttps://packages.debian.org/stretch-backports/torbrowser-launcher

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Next

From Whonix

Contents

Warning[edit]

I2P[edit]

whonixcheck SSL Certificate Pinning[edit]

Footnotes[edit]