What is the best way to use i2p in Qubes? Wouldn't it be great if we had native i2p support?

439 views
Skip to first unread message

5fxfc1+2ch7pcmy34te01rpv...@guerrillamail.com

unread,
Dec 8, 2016, 4:14:15 AM12/8/16
to qubes...@googlegroups.com
Hi everyone!

I wanted to ask: What is the best way to use i2p in Qubes? Should I setup a NetVM or install i2p in a TemplateVM? Also since Java is not the most secure environment, I'm planning on using i2pd which is based on C++.

My main use would be to use I2p for torrenting, would installing qBittorent in an AppVM that is connected to the i2p NetVM be sufficient?

Thanks for reading,

Best wishes,

----
Sent using Guerrillamail.com
Block or report abuse: https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


Chris Laprise

unread,
Dec 8, 2016, 7:27:35 AM12/8/16
to 5fxfc1+2ch7pcmy34te01rpv...@guerrillamail.com, qubes...@googlegroups.com
On 12/08/2016 04:14 AM,
5fxfc1+2ch7pcmy34te01rpv5qj0zj3h115fu90fwr3h7yl5u via qubes-users wrote:
> Hi everyone!
>
> I wanted to ask: What is the best way to use i2p in Qubes? Should I setup a NetVM or install i2p in a TemplateVM? Also since Java is not the most secure environment, I'm planning on using i2pd which is based on C++.
>
> My main use would be to use I2p for torrenting, would installing qBittorent in an AppVM that is connected to the i2p NetVM be sufficient?
>
> Thanks for reading,
>
> Best wishes,
>

I think it would be best to set up i2p in a place like /rw/config or
/home, in either a proxyVM or appVM (not a netVM). Otherwise, you could
consider using a Tails HVM which would have it pre-installed.

I'm not familiar with qBittorrent. Its best to stick with client
software that is expressly written, adapted (or at least audited) for
use on i2p.

Chris

3n7r...@gmail.com

unread,
Dec 8, 2016, 3:12:56 PM12/8/16
to qubes-users, 5fxfc1+2ch7pcmy34te01rpv...@guerrillamail.com
5fxfc1+2ch7pcmy34te01rpv5qj0zj3h115fu90fwr3h7yl5u via qubes-users:

> Hi everyone!
>
> I wanted to ask: What is the best way to use i2p in Qubes? Should I
> setup a NetVM or install i2p in a TemplateVM?

This was my reply to the related Github issue[1] before I saw this post (clearly, this was the more appropriate venue for my reply). And with your main use case being torrenting, you might not want your traffic flowing over Tor (depending on what you're torrenting).

1. I2P in ProxyVM: As you found, this is challenging because you need routing and firewall rules to send the traffic to the right places. You can get an idea of how things work by following Qubes VPN guide[2] and watching Qubes SOCKS proxy issue[3].

2. I2P in AppVM: Easy (set it up like you would normally) but less secure (misbehaving apps might be able to bypass).

3. I2P in Whonix-Workstation AppVM: Slower (traffic flows through Tor, then I2P: user -> tor -> i2p -> internet) but secure in that any leakage goes through Tor. Also fully documented[4] and somewhat supported[5].


> Also since Java is not
> the most secure environment, I'm planning on using i2pd which is
> based on C++.

1. "Why do I hear about so many Java insecurities? Are other languages more secure?"[6]
2. I2P Devs are no slouches to intentionally use flawed language.
3. i2pd official wiki[7] claims many advantages but security is not one of them. (flexibility, speed, efficiency, footprint)

-----
1 https://github.com/QubesOS/qubes-issues/issues/2503
2 https://www.qubes-os.org/doc/vpn/
3 https://github.com/QubesOS/qubes-issues/issues/1536#issuecomment-265714285
4 https://www.whonix.org/wiki/I2P
5 https://forums.whonix.org/search?q=i2p
6 https://security.stackexchange.com/questions/57646/why-do-i-hear-about-so-many-java-insecurities-are-other-languages-more-secure
7 https://github.com/PurpleI2P/i2pd/wiki/Differences-between-i2pd-and-Java-I2P-router

Jeremy Rand

unread,
Dec 19, 2016, 4:17:39 AM12/19/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

5fxfc1+2ch7pcmy34te01rpv5qj0zj3h115fu90fwr3h7yl5u via qubes-users:
> Also since Java is not the most secure environment, I'm planning on
> using i2pd which is based on C++.

In another context, I discussed the relative security of C++ and Java
with Mike Perry from Tor, and Mike's opinion (at the time I talked to
him, June 2016) was that Java code was likely to be considerably safer
than C++ code.

I'd be inclined to trust Mike's judgement [1], unless there's a
specific reason you believe Mike's opinion is inapplicable here.

Cheers,
- -Jeremy

[1] Technically you'd also be trusting me to relay what Mike said,
since there is no public record of this conversation. That said,
Mike's writeup "Mission Impossible" is public, and he makes a similar
point when recommending Xabber.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYV6WdAAoJELPy0WV4bWVwAAAQALSb4fyb/WXB/gTXM2sp8pPN
fY+JvJbVWL/gg3h2qxyz4KcyVShneQB9t9D0A34RLOyc8eKBvjDFs9WEOjv7qlw1
0yFzwiHG1b+02a8tvlD4VBqGO2sGJ/pT4Wa9a09CpjMEMZyP6+LZtUJw5CS0D6tu
RhA/2zyyPrUDHLgMZV2ThaId2Kn/iMHsN+Nzma90PXyt6IMlCG3veYfYfmix2KVw
KWjPcdSmxPORbQdCFLmt6NgyoLLVhdpFoClxEOuzAwY2p5YVwkgpcn1iEYjDlfX5
t2yg7W4qjQSPKe5fxndmJs31tMe3UdsvS8iovyUHLl7CMu6u86ILlcrZEG6moGAV
cS2RQUInqjXRclRlvvZyLw0NY22WoRVZoI3sj7adQwyYD1pvk7ijiBmb/aakBzIA
r1ygANSxUBgI20PMx61ZuAYZlXRxdf7rj2S+fblfZQBn/RzYHEdAZoYIxlEYXWnB
Dnh0tCxBOAgS+s77iQyHL4pnsNX8x1oP8a1AHSa0Xw/UZ7yrUImvb5ep4uiGGeUW
+aEwrYN9sEsFH5/KE+e444J9aaksRZNjAs8XyxRd0aGQY+jsTS499QBN0jRMn5NY
NqkNBAB9xejxEnevhQ5DSPPk9Uc+qL++13a359oaEX8nVgXMO60Q9VK4o/Zksghq
4GlvAG7bYVYkcIqFigtz
=yboq
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages