Introducing sys-i2pd

You are definitely @Confused :wink:

I fully agree with @deeplow’s assessment, nothing really bad happened. @cayce got a bit annoyed at @enmus’ rapid feedback and posted some unnecessary personal remarks. That’s why we slowed down the thread and asked @cayce to please stop that. It appears he’s cool with it as is @enmus.

Nothing is ‘devolving’ and all is good.

2 Likes
Not for technical user's eyes

Definitely condescending (in violation of standards)

Discouraging requested contributions to an open source project is about as “bad” as one could imagine

I think there’s some typos here, more like:

No @mod asked such a thing publicly nor privately, nor am I cool with “it” (aka biased moderation valuing FUD, feelings and dis/misinformation above contributions) which leads to a complete wash-out of contributed work. To foster community involvement, either uphold all of the standards for the betterment of the community or none.

Can an individual be expected to take this work effort seriously after reading the overflowing abundance of misguided/misinformed opinions/feelings within a technical thread? Despite being the OP; I sure can’t :rofl: :roll_eyes: :grimacing: :sob:

If after an entire week of all this dribble, anyone would actually like to use this project, please just post a message in-thread something like: “Hi cayce, I’d like to give it a try” and, I’ll message via PM.

If not, I couldn’t fault you; not sure I’d bother with anyone taking into account all the FUD/dis/misinformation and attempted character assisinations.

Never the less, happy hacking folks! :love_you_gesture: :heart_eyes: :heart_eyes_cat: :heart_hands:

Glad to hear (@Sven was unable to PM you via forum, to avoid adding more noise to this thread, but… well I’m @Confused :stuck_out_tongue_winking_eye: ).

Devolution was poor word choice on my part (and not meant to insult @deeplow or anyone else). To quote one much wiser and less confused than myself

For whatever my confused opinion is worth, I’m grateful for @cayce’s contributions and wish I had more time to experiment with i2p.

:+1:

  • Best
1 Like

Spent the entire day trying this out, shit don’t work unfortunately.

tried installing everything via the script and also tried doing everything on my own following more or less the instructions on the script. it don’t work in both ways, the closest I’ve been to making it work was doing it by myself. But in both cases the connection either timed out or straight up said that it wasn’t possible to reach the website.

I tried all I could but nothing works, my best result with this was a ‘firewalled’ network status that I couldn’t even solve since the next time I restarted the qube i2pd just stays on ‘unknown’ network status.

I hope someone is able to figure this shit out cause I certainly can’t.
concept should work in theory but I think some firewall changes happened during recent times both in qubes or the i2p project and it doesn’t work anymore, even just trying to start it out inside a whonix workstation doesn’t work anymore.

Thanks for taking the time to check it out!

Sounds to me like you aren’t giving the i2p daemon enough time to set up the required tunnels … you just need to wait for sometime for them to be established.

This is normal. Check the i2p FAQ.

I’ve got this working through every NetVM (sys-net, sys-firewall, sys-ips, sys-vpn, sys-whonix) and every variation of chaining (including them all).

Sadly :sob:, I won’t be able to support further in this thread because it’s been throttled due to the emotive nature of @mods and the forum in general. :zipper_mouth_face: :pensive:

My PMs are open for now if you want help walking you through it. :upside_down_face:

Hello there sorry for not having answered before, still trying to take time away from screen.

It is syntactically correct, where the suggestion in doc above is to put all user policies (that might conflict with each other), if possible, under 30-user.policy instead of another policy file.

Logic there, as for recent whonix debates for which policy file shoukd be modified/created is that not all users will think of checking in other lower numbered down files, where 30-user.policy should be used if possible (and relevant), otherwise creating confusion (as seen in the past on why things don’t work and where users only check under 30-user.policy).

And to be honest, I would have to check Qubes internals to know which one of 30-user.policy or 30-user-networking.policy would be applied first, since they share the same number (30). I think this will lead to problems in the future if not already for some users.

I know, I know, I should test this. As of now I haven’t neither tested unman’s either but will try in the future both for sure.

I just am in love with public RPM spec files and associated rpms and repos for this. So convenient and so easy to understand and follow flow of deployment, application and learning. You don’t like it? Just uninstall RPM, delete appvm and parent template.

off-topic

@cayce I got you bro!

This Qubes-OS click do the same thing @ xen summits don’t worry.

I have met everyone from ITL face to face and had convos etc:.

Wait until they see my face!

FYI everyone makes fun of Qubes-OS because of the version of xen they run.

But We all use qubes as a base and modify it heavily it’s still xen semi hardened.

Plus these ITL folks are about to get a surprise!

Logging in to my net jet account!

Live Qubes-OS ARM demo?

I just want to see their faces!

lol

@xn0px90, please up the discussion on-topic. If you want to discuss anything else (Qubes-related, of course), please start a new thread.

2 Likes

so let me get this right, this DOESN’T allow me to chain netvm’s to the i2p netvm, correct? I’ve been looking for a way to make an i2p netvm for aaaaaaages

Hi @cayce
Great to see your contribution. Well, I haven’t yet seen it - is it still
private?
I’ve only skimmed this thread - the (literal) noise has made it
difficult for me to pick out what’s important.
If I understand - you have produced an i2p proxy with a nice GUI
control. My simple solution was set to provide an i2p node - the in.sh
script can be used to allow inbound traffic to pass through the qubes
networking stack.
It would be great if we could combine these and package them to provide
a simple means of installing and setting up an i2p node available to
other qubes.
If you can give me access to your repo that would be good.
PM me if you want to discuss off list.

I never presume to speak for the Qubes team. When I comment in the Forum or in the mailing lists I speak for myself.
4 Likes

Nothing wrong so far, but you might want to consider to chain it to your(s) sys-whonix/sys-VPN prior to sys-firewall .

Why? To hide that you are using i2p? Or avoiding accidental leaks?

1 Like

@cayce I glanced the through code. It is nice and simple. Haven’t actually tried it out on my actual system yet.

A couple of things:

  1. Would you consider switching to using Fedora instead of Debian? For one, Qubes defaults to using Fedora for most of its VMs. And two, Debian has a habit of shipping extremely old/EOL packages which isn’t ideal for security. It shouldn’t be too hard to just convert this to Fedora.

  2. I see that you are doing make install for i2pd-qt. The problem with this is that updating i2pd-qt will then need to be done manually instead of being done automatically by the qubes updater. There are a couple of potential workaround for this:

  • Package i2pd-qt using something like COPR or OBS and install the packages instead. I understand that this is a lot of extra work and might be out of scope, and you then would also need to be a package maintainer.

  • Use the Flatpak package and add a systemd service to automatically update it. This would require just using a normal VM for sys-i2pd rather than a disposable VM, as we would not want the updates to disappear every reboot. Since sys-i2pd will always be on, we can be reasonably sure that the custom systemd service will keep everything up to date.

  1. Debian just hasn’t been the same since Ian left us. :anguished: I really hope that he’s in a better place …
    I’m not terribly impressed with fedora either, my current preference is nixOS. That said, I likely will not bother with a fedora based version because IMO it’s a moot point, this is a service qube based on a minimal template. If one’s threat model is so sharp as to need to defend against unpatched debian 0-dayz, this is not the correct solution. Despite falling off IMO, debian still patches quickly.

You’re right, it wouldn’t be too hard @ all since, I’ve taken the time to do the hard bits. If anyone needs a fedora version, I’ll be happy to work on it after donations have been made. :star_struck:

  1. The GUI project is an official i2p project thus, in due time, it’ll be added to the official i2p repo. At that time, I’ll modify the project to leverage the repo/binary package. I’m not planning to package anything unless someone wants to make contributions to do so.

Regarding flatpak’s, I’m not a fan nor would any hackery to create “auto-updating” be worth-while IMO as, it would be outside of the Qubes update mechanism so, not very different from the build approach.

I spent the day with this user on PM and, it turned out the project was working as expected but, the user was not being patient enough to allow the necessary tunnels to be created.

Fact is, both onion & garlic routing have been fielding serious blows lately so, I advise anyone trying to use this project or any i2p projects to check the latest sub-reddit to verify status/expectations.

Instead of confirming success/misunderstanding here ...

They went ahead and posted a “how-to” install i2pd :rofl:

  • NOTICE *
    MANY upgrades have happened within the i2p/i2pd codebase since this was posted.

Currently, finishing up a branch which will include DispVM with a browser preconfigured to use sys-i2pd. Please wait for this release.

3 Likes

it wasn’t a “how-to” I just thought I would post the way it worked for me in the end.

@cayce plz pm