QubesOS-lokinet-setup

This guide is based on

Qubes OS 4.0 (verified for Qubes OS 4.1)
TemplateVM based on Debian 11
Tor-Browser 11.0.4
lokinet-0.9.8-deb0.9.8.1~deb10

###Content ####1. Lokinet setup ####2. Web-browser for lokinet ####3. Web-browser configuration ####4. Security and fingerprint checks

###1. Lokinet setup There are three ways to setup lokinet:

Simple setup for one standalone AppVM

Create new qube

Name and label: lokinet-vm
Type: Standalone qube copied from a template
Template: Debian-11
Networking: default (sys-firewall) (or sys-whonix, or sys-vpm)

Add the apt source list and install lokinet (1):

open a terminal in lokinet-vm

user@lokinet-vm:~$ sudo curl -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg
user@lokinet-vm:~$ echo "deb https://deb.oxen.io $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/oxen.list
user@lokinet-vm:~$ sudo apt update
user@lokinet-vm:~$ sudo apt-get install lokinet-gui -y
user@lokinet-vm:~$ lokinet-gui &

The lokinet GUI will launch and you should notice an increasing number on lokinet routers and active paths. As exit node you can enter exit.loki which is hosted by the OPTF (3) Done. Now, you can jump directly to the remarks of this section.

Advanced setup based on a templateVM

Create a new templateVM and add the apt source list

open a terminal in dom0

[user@dom0~]$ qvm-clone debian-11 debian-11-lokinet

Open the templateVM settings [Dom0] Settings: debian-11-lokinet, allow networking: Networking: sys-firewall (or sys-whonix, or sys-vpm) confirm your setting with Apply and keep the window open.

Add the apt source list to the templateVM (1);

user@debian-11-lokinet:~$ sudo curl -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg
user@debian-11-lokinet:~$ echo "deb https://deb.oxen.io $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/oxen.list
user@debian-11-lokinet:~$ sudo apt update

Go back to your templateVM settings [Dom0] Settings: debian-11-lokinet, set the networking back to default(none) and confirm with Apply and close the setting window.

Install lokinet (1)

open a terminal in debian-11-lokinet

user@debian-11-lokinet:~$ sudo apt-get install lokinet-gui -y

Now, you can create new AppVM based on this templateVM debian-11-lokinet. Additionally, you might want at

Done. Now, you can jump directly to the remarks of this section.

Proxy setup (gateway-workstation-setup)

...

#####Remarks: Once you have lokinet access,

you can also fetch packages over lokinet by changing https://deb.oxen.io to http://deb.loki (note "http" instead of "https")
you can benefit from Qubes OS AppVM Firewall settings. Open the AppVM Settings [Dom0] Settings: lokinet-vm, click to the Firewall rules and Limit outgoing Internet conncetions to ...:
- 199.195.253.224 (exit.loki), USA, run by Jeff
- 217.170.196.156 (exit-arda.loki), Norway, only works for basic things, like web browsing etc.
- 93.95.230.88 (xite.loki), Iceland, run by Loutchi
- 107.189.29.67 (euroexit.loki) Luxembourg, run by Europol Agent
- A first entry webpage you want to start with: http://probably.loki
- the list of exit nodes can be changed over time, please verify uptime and IPs i.e. on http://probably.loki/wiki/index.php?title=Exit_Nodes
- Updating lokinet: sudo apt update && sudo apt install lokinet && sudo lokinet-bootstrap && sudo systemctl

###2. Web-browser for lokinet You can use any web-browser to access lokinet (.loki) or use lokinet exit node. Here, we simply benefit from the well known Tor-Browser. It comes already with a very advanced privcay and security setting the most important features are (beside the Tor implementation):

Anonymity due to unified Tor-Browser fingerprint
Security and convenience: A hardened Firefox by default.

The following describtion will based on the Simple setup for one standalone AppVM. For the template approach you need to make the installation and modification within the templateVM or if you want to keep it on the AppVM level, do all operations in the user directories.

Download the latest version of the Tor-Browser

You can either do it manually by downloading the latest version from https://www.torproject.org/download/languages, verify the downloaded file and launch it afterwards with ./start-tor-browser OR simply use Micahflee's torbrowser-launcher (5):

open a terminal in lokinet-vm


user@lokinet-vm:~$ sudo apt install torbrowser-launcher
user@lokinet-vm:~$ torbrowser-launcher

The Tor-Browser will launch automatically and you can directly continue with the next steps.

The default configuration is set to use Tor, therefore we need to make some modifications to use lokinet instead of the Tor network.

In the Tor-Browser address bar type about:config and confirm the risk to access the Tor-Browser configuration (4).

search for: network.dns.disabled and set it to false
search for: extensions.torlauncher.start_tor and set it to false
search for: network.proxy.socks and **replace the 127.0.0.1 with one space " ".

Remark: These settings may change in new releases of the Tor-Browser.

###3. Web-browser configuration

...

###4. Security and fingerprint checks

https://browserleaks.com (seperate checks on canvas, fonts, Java, IP ...)
https://gologin.com/check-browser (comprehensive checks)
https://www.deviceinfo.me (simple but comprehensive check)
https://leakscheck.com (very simple check)

sources: (1) https://deb.oxen.io/; (2) https://docs.oxen.io/products-built-on-oxen/lokinet (3) Oxen Privacy Tech Foundation (OPTF) https://optf.ngo/about-optf (4) https://www.ghacks.net/2018/11/26/can-you-use-the-tor-browser-without-tor-connection/ (5) https://github.com/micahflee/torbrowser-launcher

contributors: Loutchi

Simple setup for one standalone AppVM
Advanced setup based on a templateVM
Proxy setup (gateway-workstation-setup)