You did not understand my message, I did not say to change or touch whonix-gateway at any way. I said make sys-i2p template based on fedora-minimal without parrot and connect that sys-i2p to whonix-gateway (last one will be network virtual machine for sys-i2p).
You are trying to build another tor with parrot&AninSurf at sys-i2p. The question is why, if it’s simply possible to connect sys-i2p to already existing whonix-gateway.
Model is difference.
If user uses sys-whonix, it is i2p over Tor.
But my model is i2p over Tor over i2p.
i2p template > sys-i2pd without AnonSurf > sys-whonix > eepsites or clearnet (Tor > i2p > eepsites or clearnet )
i2p template > sys-i2pd with AnonSurf > eepsites or clearnet (i2p > Tor > i2p > eepsites or clearnet )
qBittorrent is working, user can safely use torrent over i2p.
All of non i2p traffics are blocked by AnonSurf on i2pd-Gateway template.
But my settings are not as secure and private as Whonix.
Next task is justly setting at nftables on i2pd-Gateway template, it is for security and privacy hardening!
is it not possible to use just I2P? This [thing] over [thing] situation is unnecessarily complicated.
I changed settings, i2pd works without i2pd on sys-i2pd.
So user does not need to i2p over i2p.
i2p template (run i2pd) > sys-i2pd (without i2p) > eepsites or clearnet
i2p > Tor > eepsites or clearnet
Next hardening is justly setting about nftables on sys-i2pd,
can this just be eepsites? I don’t want to reach clearnet if I am using sys-i2pd for a qube.
i2p can use as clearnet proxy like Tor.
So my setting, I design to access both eepsite and clearnet.
If i2p only access to eepsite only (user does not use as clearnet proxy), setting of sys-i2p is easily than setting of clearnet setting.
Is there a guide/github for this setup? Properly explained, and step by step?
This is still my idea, its not yet formal project or guide level.
So there is not yet github.
This is my idea for I2P uses on Qubes os, its not yet tutorial level.
So there are many drawbacks in this set up, it probably needs to many revise, I am looking for your advice.
If sys-i2p is to make blocking all of non i2p packet, I think nftables is perhaps just open packet about SSU2 & NTCP2 through only.
But I don’t professional of nftables, I don’t know setting rules method of nftables.
Please help me!
SSU2:127.0.0.1 (or localhost):yyyy
NTCP2:127.0.0.1 (or localhost):yyyy
Why I should think using nftables instead of iptables?
Whonix is using iptables.
But if user changes setting of iptables, user must recompile Linux kernel.
This route is developing i2p-template, so user must continue to maintenance of template as if archlinux template or gentoo-minimal template.
But I have not that resource, and nftables is hardener than iptables.
So I should think using nftables.
But I have no knowledge nftables, so I need to your help!
Outproxy changes to acetone from stomycloud .
Add /etc/i2pd/tunnels.conf:
nano /etc/i2pd/tunnels.conf
[SOCKS-OUTPROXY-TCP]
type = client
address = 1227.0.0.1
port = 4500
keys = transient-outproxy
destination = outproxy.acetone.i2p
destinationport = 1080[SOCKS-OUTPROXY-UDP]
type = udpclient
address = 127.0.0.1
port = 4500
keys = transient-outproxy
destination = outproxy.acetone.i2p
destinationport = 1080
Save and exit.
And change /etc/i2pd/i2pd.conf
nano /etc/i2pd/i2pd.conf
outproxy = http://exit.stomycloud.i2p > http://outproxy.acetone.i2p:3128
Save and exit.
User sets it, all access to clearnet is through acetone by i2p (UDP).
And all datas of user are hidden by Tor (TCP) of Anonsurf run on sys-i2p from acetone.
Why do outproxy change to acetone from stomycloud?
In the before setting, i2p has only little tunnels.
This reason is all of i2p traffics wrapped by Anonsurf.
But it add UDP proxy in new setting, i2p can have many tunnels through UDP proxy.
This hardens security and improves performance of i2p.
new model:
i2p template (run i2pd) > sys-i2pd (through UDP proxy) > eepsites
i2p template (run i2pd) > sys-i2pd (all traffics wrapped by Tor of Anonsurf) > acetone (outproxy) > clearnet
True ip and DNS of users are not leaked to clearnet and acetone.
@Sven
My idea of i2p settings are big changing from first post of this topic.
I write many trial and error as posts.
I can edit title of topics and first post?
You can edit your own posts for a while but in this case the original might be too old already. Just keep going in this thread. People interested in this topic will see it never the less.
Why must be Parrot Security template use as sys-i2pd and i2pd template?
Debian-minimal template has not Apparmor by default.
This is very important issue, so template must be hardened at default setting.
Parrot Security is used by my plan, but this is also able to by Kicksecure.
Next theme is blocking non i2p all packet by nftable.
I think nftables is perhaps just open packet about SSU2 & NTCP2 through only.
But I don’t professional of nftables, I must learn rules of it.