Warning[edit]

There is currently no testers-only version of Whonix.

Documentation for the NEXT Whonix ™ version! ONLY for developers! No guarantee it really makes into the next Whonix ™ version.

OnionShare is installed by default, no need to get with git.

I2P[edit]

4. Adjust I2P Settings:

I2P Tunnels Settings

Set the Inbound and Outbound Tunnel Length to 0:

sudo sed -i "s/\(.*outbound.length=\).*/\10/g;s/\(.*inbound.length=\).*/\10/g" "/var/lib/i2p/i2p-config/i2ptunnel.config"

sudo sed -i "s/\(.*outbound.length=\).*/\10/g;s/\(.*inbound.length=\).*/\10/g" "/var/lib/i2p/i2p-config/i2ptunnel.config"

^[1]

I2P Router Configuration

(Explanation in order) ^[2] more Options ^[3]

sudo su -c "cat > "/var/lib/i2p/i2p-config/router.config" << EOF
i2np.laptopMode=true
i2np.ntcp.enable=true
i2np.ntcp.autoip=false
i2np.ntcp.ipv6=false
i2np.ntcp.maxConnections=20
i2np.udp.enable=false
i2np.udp.addressSources=hidden
i2np.udp.ipv6=false
i2np.upnp.enable=false
router.isHidden=true
router.sharePercentage=0
router.updateDisabled=true
time.disabled=true
time.sntpServerList=127.0.0.1
EOF"

sudo su -c "cat > "/var/lib/i2p/i2p-config/router.config" << EOF
i2np.laptopMode=true
i2np.ntcp.enable=true
i2np.ntcp.autoip=false
i2np.ntcp.ipv6=false
i2np.ntcp.maxConnections=20
i2np.udp.enable=false
i2np.udp.addressSources=hidden
i2np.udp.ipv6=false
i2np.upnp.enable=false
router.isHidden=true
router.sharePercentage=0
router.updateDisabled=true
time.disabled=true
time.sntpServerList=127.0.0.1
EOF"

^[4]^[5]

whonixcheck SSL Certificate Pinning[edit]

UNFINISHED! See: https://github.com/Whonix/Whonix/issues/24 ^[archive]

Advanced users only!

In Whonix-Gateway ™ and Whonix-Workstation ™.

You need torbrowser-launcher installed. ^[6] This is currently only available from stretch-backports. ^[7]

To enable this on a by case base, use the --pin-tpo-cert command line option. Example.

whonixcheck --pin-tpo-cert

Or to permanently enable this.

Create a file /etc/whonix.d/50_user.conf.

sudoedit /etc/whonix.d/50_user.conf

Add.

PIN_TPO_CERT="true"

Footnotes[edit]

↑ It is faster and less connection interrupts. Anonymity is already provided by Tor. No need to leech from Tor/I2P.
↑
- change router identity and UDP port when IP changes \n
- Enable NTCP https://geti2p.net/en/docs/transport/ntcp ^[archive]
- Disable automatic IP fetching # We dont want/need to publish the Exit-Node IP
- Disable Ipv6 for the NTCP #Unsupported by Tor so we dont need it
- Number of concurrent NTCP connections # Reduced Connections so we dont overload the Tor node with connection attempts
- Disable Udp #Unsupported by Tor
- Sets the source of IP detection
- We dont want/need to publish the Exit-Node IP
- Disable Ipv6 for Udp
- toggles UPNP off # No need for Upnp
- Don't save your IP in the netDB and publish to other I2P routers( https://trac.i2p2.de/ticket/1314#comment:3 ^[archive])
- Sets the bandwidth that is max used by particiapting tunnels # We dont participate in Traffic so no need to share
- Disable In-network Updates # We use apt for that
- Disable time comparisation in I2P router
- Set ntp timesource to localhost
↑ http://www.ugha.i2p.xyz/AdvancedConfigurationOptions ^[archive] , http://echelon.i2p.re/docs/advanced.options.txt ^[archive] and https://trac.i2p2.de/ticket/1677 ^[archive]
↑ UDP is unsupported by Tor. Only outgoing TCP supported by Tor. If you know to use an onion service, please add this information. Incoming connections are not possible, because Whonix-Workstation ™ is firewalled.
↑ Clock Skew Issues: There should be none anymore since Whonix ™ 9 so configuring time.sntpServerList=localhost is no longer necessary. Please report if they occur. (Old clock skew documentation moved to Deprecated#I2P.)
↑ Because torbrowser-launcher ships The Tor Projects SSL certificate
↑ https://packages.debian.org/stretch-backports/torbrowser-launcher ^[archive]

Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.

Follow:

Donate:

Share: Twitter | Facebook

Please help us to improve the Whonix Wikipedia Page ^[archive]. Also see the feedback thread ^[archive].

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee ^[archive] of the Open Invention Network ^[archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian ^[archive]. Debian is a registered trademark ^[archive] owned by Software in the Public Interest, Inc ^[archive].

Whonix ™ is produced independently from the Tor® ^[archive] anonymity software and carries no guarantee from The Tor Project ^[archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

[1] It is faster and less connection interrupts. Anonymity is already provided by Tor. No need to leech from Tor/I2P.

[2] 
change router identity and UDP port when IP changes \n

Enable NTCP https://geti2p.net/en/docs/transport/ntcp ^[archive]

Disable automatic IP fetching # We dont want/need to publish the Exit-Node IP

Disable Ipv6 for the NTCP #Unsupported by Tor so we dont need it

Number of concurrent NTCP connections # Reduced Connections so we dont overload the Tor node with connection attempts

Disable Udp #Unsupported by Tor

Sets the source of IP detection

We dont want/need to publish the Exit-Node IP

Disable Ipv6 for Udp

toggles UPNP off # No need for Upnp

Don't save your IP in the netDB and publish to other I2P routers( https://trac.i2p2.de/ticket/1314#comment:3 ^[archive])

Sets the bandwidth that is max used by particiapting tunnels # We dont participate in Traffic so no need to share

Disable In-network Updates # We use apt for that

Disable time comparisation in I2P router

Set ntp timesource to localhost

[3] router identity and UDP port when IP changes \n

[4] Enable NTCP https://geti2p.net/en/docs/transport/ntcp ^[archive]

[5] Disable automatic IP fetching # We dont want/need to publish the Exit-Node IP

[6] Disable Ipv6 for the NTCP #Unsupported by Tor so we dont need it

[7] Number of concurrent NTCP connections # Reduced Connections so we dont overload the Tor node with connection attempts

[8] Disable Udp #Unsupported by Tor

[9] Sets the source of IP detection

[10] We dont want/need to publish the Exit-Node IP

[11] Disable Ipv6 for Udp

[12] toggles UPNP off # No need for Upnp

[13] Don't save your IP in the netDB and publish to other I2P routers( https://trac.i2p2.de/ticket/1314#comment:3 ^[archive])

[14] Sets the bandwidth that is max used by particiapting tunnels # We dont participate in Traffic so no need to share

[15] Disable In-network Updates # We use apt for that

[16] Disable time comparisation in I2P router

[17] Set ntp timesource to localhost

[3] ttp://www.ugha.i2p.xyz/AdvancedConfigurationOptions ^[archive] , http://echelon.i2p.re/docs/advanced.options.txt ^[archive] and https://trac.i2p2.de/ticket/1677 ^[archive]

[4] UDP is unsupported by Tor. Only outgoing TCP supported by Tor. If you know to use an onion service, please add this information. Incoming connections are not possible, because Whonix-Workstation ™ is firewalled.

[5] Clock Skew Issues: There should be none anymore since Whonix ™ 9 so configuring time.sntpServerList=localhost is no longer necessary. Please report if they occur. (Old clock skew documentation moved to Deprecated#I2P.)

[6] Because torbrowser-launcher ships The Tor Projects SSL certificate

[7] ttps://packages.debian.org/stretch-backports/torbrowser-launcher ^[archive]

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Next

From Whonix

Contents

Warning[edit]

I2P[edit]

whonixcheck SSL Certificate Pinning[edit]

Footnotes[edit]