Documentation for the NEXT Whonix ™ version! ONLY for developers! No guarantee it really makes into the next Whonix ™ version.
OnionShare is installed by default, no need to get with git.
4. Adjust I2P Settings:
- I2P Tunnels Settings
Set the Inbound and Outbound Tunnel Length to 0:
sudo sed -i "s/\(.*outbound.length=\).*/\10/g;s/\(.*inbound.length=\).*/\10/g" "/var/lib/i2p/i2p-config/i2ptunnel.config"
- I2P Router Configuration
sudo su -c "cat > "/var/lib/i2p/i2p-config/router.config" << EOF i2np.laptopMode=true i2np.ntcp.enable=true i2np.ntcp.autoip=false i2np.ntcp.ipv6=false i2np.ntcp.maxConnections=20 i2np.udp.enable=false i2np.udp.addressSources=hidden i2np.udp.ipv6=false i2np.upnp.enable=false router.isHidden=true router.sharePercentage=0 router.updateDisabled=true time.disabled=true time.sntpServerList=127.0.0.1 EOF"
whonixcheck SSL Certificate Pinning
Advanced users only!
In Whonix-Gateway ™ and Whonix-Workstation ™.
To enable this on a by case base, use the --pin-tpo-cert command line option. Example.
Or to permanently enable this.
Create a file /etc/whonix.d/50_user.conf.
- It is faster and less connection interrupts. Anonymity is already provided by Tor. No need to leech from Tor/I2P.
- change router identity and UDP port when IP changes \n
- Enable NTCP https://geti2p.net/en/docs/transport/ntcp [archive]
- Disable automatic IP fetching # We dont want/need to publish the Exit-Node IP
- Disable Ipv6 for the NTCP #Unsupported by Tor so we dont need it
- Number of concurrent NTCP connections # Reduced Connections so we dont overload the Tor node with connection attempts
- Disable Udp #Unsupported by Tor
- Sets the source of IP detection
- We dont want/need to publish the Exit-Node IP
- Disable Ipv6 for Udp
- toggles UPNP off # No need for Upnp
- Don't save your IP in the netDB and publish to other I2P routers( https://trac.i2p2.de/ticket/1314#comment:3 [archive])
- Sets the bandwidth that is max used by particiapting tunnels # We dont participate in Traffic so no need to share
- Disable In-network Updates # We use apt for that
- Disable time comparisation in I2P router
- Set ntp timesource to localhost
- http://www.ugha.i2p.xyz/AdvancedConfigurationOptions [archive] , http://echelon.i2p.re/docs/advanced.options.txt [archive] and https://trac.i2p2.de/ticket/1677 [archive]
- UDP is unsupported by Tor. Only outgoing TCP supported by Tor. If you know to use an onion service, please add this information. Incoming connections are not possible, because Whonix-Workstation ™ is firewalled.
- Clock Skew Issues: There should be none anymore since Whonix ™ 9 so configuring time.sntpServerList=localhost is no longer necessary. Please report if they occur. (Old clock skew documentation moved to Deprecated#I2P.)
- Because torbrowser-launcher ships The Tor Projects SSL certificate
- https://packages.debian.org/stretch-backports/torbrowser-launcher [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)