--- website: ["https://geti2p.net", "https://i2pd.website"] obj: application repo: https://github.com/PurpleI2P/i2pd --- # I2P Network I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others. Anonymous [Torrenting](BitTorrent.md) via i2psnark is also possible. ## Usage Install `i2pd` (deamon written in C++) and enable the service. Router Interface is at `127.0.0.1:7070` with [HTTP](../internet/HTTP.md) Proxy at `127.0.0.1:4444` ## Configuration There are two separate config files: `i2pd.conf` and `tunnels.conf`. `i2pd.conf` is the main configuration file, where you configure all options. `tunnels.conf` is the tunnel configuration file, where you configure I2P hidden services and client tunnels. Example `i2pd.conf`: ```ini logfile = /var/log/i2pd/i2pd.log ipv4 = true ipv6 = false ssu = true bandwidth = X [ssu2] enabled = true published = true [http] enabled = true address = 0.0.0.0 port = 7070 auth = true user = i2pd pass = pass strictheaders = false lang = english [httpproxy] address = 0.0.0.0 port = 4444 # StormyCloud #outproxy = http://5d4s7pcvfdpftfk7npc7hllyujhufsdprtrf4o53i44rgsa2xbwa.b32.i2p # Purokishi outproxy = http://purokishi.i2p [socksproxy] address = 0.0.0.0 port = 4447 [sam] enabled = true address = 127.0.0.1 port = 7656 [i2cp] enabled = true address = 0.0.0.0 port = 7654 [reseed] verify = true [addressbook] subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt ``` ### General options | Option | Description | | ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | conf | Config file (default: ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf). This parameter will be silently ignored if the specified config file does not exist. | | tunconf | Tunnels config file (default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf) | | pidfile | Where to write pidfile (default: i2pd.pid, not used in Windows) | | log | Logs destination: stdout, file, syslog (stdout if not set or invalid) (if daemon, stdout/unspecified are replaced by file in some cases) | | logfile | Path to logfile (default - autodetect) | | loglevel | Log messages above this level (debug, info, warn, error, none; default - warn) | | logclftime | Write full CLF-formatted date and time to log (default: false (write only time)) | | datadir | Path to storage of i2pd data (RouterInfos, destinations keys, peer profiles, etc ...) | | host | Router external IP for incoming connections (default: auto if SSU2 is enabled) | | port | Port to listen for incoming connections (default: auto (random)) | | daemon | Router will go to background after start (default: true) | | service | Router will use system folders like '/var/lib/i2pd' (on unix) or 'C:\ProgramData\i2pd' (on Windows). Ignored on MacOS and Android (default: false) | | ifname | Network interface to bind to | | ifname4 | Network interface to bind to for IPv4 | | ifname6 | Network interface to bind to for IPv6 | | address4 | Local address to bind to for IPv4 | | address6 | Local address to bind to for clearnet IPv6 | | nat | If true, assume we are behind NAT (default: true) | | ipv4 | Enable communication through IPv4 (default: true) | | ipv6 | Enable communication through clearnet IPv6 (default: false) | | notransit | Router will not accept transit tunnels, disabling transit traffic completely. G router cap will be published (default: false) | | floodfill | Router will be floodfill (default: false) | | bandwidth | Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (unlimited). | | share | Max % of bandwidth limit for transit. 0-100 (default: 100) | | family | Name of a family, router belongs to | | netid | Network ID, router belongs to. Main I2P is 2. | ### NTCP2 | Option | Description | | --------------- | ----------------------------------------------------------------------------------------- | | ntcp2.enabled | Enable NTCP2 (default: true) | | ntcp2.published | Enable incoming NTCP2 connections (default: true) | | ntcp2.port | Port to listen for incoming NTCP2 connections (default: auto - port from general section) | | ntcp2.addressv6 | External IPv6 for incoming connections | | ntcp2.proxy | Specify proxy server for NTCP2. Should be http://address:port or socks://address:port | ### SSU2 | Option | Description | | -------------- | ------------------------------------------------------------------------------------------ | | ssu2.enabled | Enable SSU2 (default: true) | | ssu2.published | Enable incoming SSU2 connections. (default: true) | | ssu2.port | Port to listen for incoming SSU2 connections (default: auto - 'port' from general section) | | ssu2.proxy | Specify UDP socks5 proxy server for NTCP2. Should be socks://address:port | | ssu2.mtu4 | MTU for local ipv4. (default: auto) | | ssu2.mtu6 | MTU for local ipv6. (default: auto) | ### HTTP webconsole | Option | Description | | ------------------ | ------------------------------------------------------ | | http.enabled | If webconsole is enabled. (default: true) | | http.address | The address to listen on (HTTP server) | | http.port | The port to listen on (HTTP server) (default: 7070) | | http.auth | Enable basic HTTP auth for webconsole (default: false) | | http.user | Username for basic auth (default: i2pd) | | http.pass | Password for basic auth (default: random, see logs) | | http.strictheaders | Enable strict host checking on WebUI. (default: true) | | http.hostname | Expected hostname for WebUI (default: localhost) | ### HTTP Proxy | Option | Description | | --------------------------------- | ------------------------------------------------------------------- | | httpproxy.enabled | If [HTTP](../internet/HTTP.md) proxy is enabled. (default: true) | | httpproxy.address | The address to listen on ([HTTP](../internet/HTTP.md) Proxy) | | httpproxy.port | The port to listen on ([HTTP](../internet/HTTP.md) Proxy) (default: 4444) | | httpproxy.addresshelper | Enable address helper (jump). (default: true) | | httpproxy.keys | Optional keys file for [HTTP](../internet/HTTP.md) proxy local destination | | httpproxy.signaturetype | Signature type for new keys if keys file is set. (default: 7) | | httpproxy.inbound.length | Inbound tunnels length if keys is set. (default: 3) | | httpproxy.inbound.quantity | Inbound tunnels quantity if keys is set. (default: 5) | | httpproxy.inbound.lengthVariance | Inbound tunnels length variance if keys is set. (default: 0) | | httpproxy.outbound.length | Outbound tunnels length if keys is set. (default: 3) | | httpproxy.outbound.quantity | Outbound tunnels quantity if keys is set. (default: 5) | | httpproxy.outbound.lengthVariance | Outbound tunnels length variance if keys is set. (default: 0) | | httpproxy.outproxy | [HTTP](../internet/HTTP.md) proxy upstream out proxy url (like http://false.i2p) | | httpproxy.i2cp.leaseSetType | Type of LeaseSet to be sent. 1, 3 or 5. (default: 3) | | httpproxy.i2cp.leaseSetEncType | Comma separated encryption types to be used in LeaseSet type 3 or 5 | ### Socks proxy | Option | Description | | ---------------------------------- | ------------------------------------------------------------------- | | socksproxy.enabled | If SOCKS proxy is enabled. (default: true) | | socksproxy.address | The address to listen on (SOCKS Proxy) | | socksproxy.port | The port to listen on (SOCKS Proxy). (default: 4447) | | socksproxy.keys | Optional keys file for SOCKS proxy local destination | | socksproxy.signaturetype | Signature type for new keys if keys file is set. (default: 7) | | socksproxy.inbound.length | Inbound tunnels length if keys is set. (default: 3) | | socksproxy.inbound.quantity | Inbound tunnels quantity if keys is set. (default: 5) | | socksproxy.inbound.lengthVariance | Inbound tunnels length variance if keys is set. (default: 0) | | socksproxy.outbound.length | Outbound tunnels length if keys is set. (default: 3) | | socksproxy.outbound.quantity | Outbound tunnels quantity if keys is set. (default: 5) | | socksproxy.outbound.lengthVariance | Outbound tunnels length variance if keys is set. (default: 0) | | socksproxy.outproxy.enabled | Enable or disable SOCKS outproxy. (default: false) | | socksproxy.outproxy | Address of outproxy. Requests outside I2P will go there. | | socksproxy.outproxyport | Outproxy remote port | | socksproxy.i2cp.leaseSetType | Type of LeaseSet to be sent. 1, 3 or 5. (default: 3) | | socksproxy.i2cp.leaseSetEncType | Comma separated encryption types to be used in LeaseSet type 3 or 5 | ### SAM interface | Option | Description | | ---------------- | -------------------------------------------------------------- | | sam.enabled | If SAM is enabled. (default: true) | | sam.address | The address to listen on (SAM bridge) | | sam.port | Port of SAM bridge. Usually 7656. SAM is off if not specified | | sam.singlethread | If false every SAM session runs in own thread. (default: true) | ### BOB interface | Option | Description | | ----------- | ---------------------------------------------------------------------- | | bob.enabled | If BOB is enabled. (default: false) | | bob.address | The address to listen on (BOB command channel) | | bob.port | Port of BOB command channel. Usually 2827. BOB is off if not specified | ### I2CP interface | Option | Description | | ----------------- | ----------------------------------------------------------------------- | | i2cp.enabled | If I2CP is enabled. (default: true) | | i2cp.address | The address to listen on or an abstract address for Android LocalSocket | | i2cp.port | Port of I2CP server. Usually 7654. Ignored for Andorid | | i2cp.singlethread | If false every I2CP session runs in own thread. (default: true) | ### I2PControl interface | Option | Description | | ------------------- | ----------------------------------------------------------------------------- | | i2pcontrol.enabled | If I2P control is enabled. (default: false) | | i2pcontrol.address | The address to listen on (I2P control service) | | i2pcontrol.port | Port of I2P control service. Usually 7650. I2PControl is off if not specified | | i2pcontrol.password | I2P control authentication password. (default: itoopie) | | i2pcontrol.cert | I2P control HTTPS certificate file name. (default: i2pcontrol.crt.pem) | | i2pcontrol.key | I2P control HTTPS certificate key file name. (default: i2pcontrol.key.pem) | ### Reseeding | Option | Description | | ---------------- | ----------------------------------------------------------------------- | | reseed.verify | Verify .su3 signature. (default: false) | | reseed.urls | Reseed URLs, separated by comma | | reseed.yggurls | Reseed Yggdrasil's URLs, separated by comma | | reseed.file | Path to local .su3 file or HTTPS [URL](../internet/URL.md) to reseed from | | reseed.zipfile | Path to local .zip file to reseed from | | reseed.threshold | Minimum number of known routers before requesting reseed. (default: 25) | | reseed.proxy | Url for https/socks reseed proxy | ### Addressbook options | Option | Description | | ------------------------- | ----------------------------------------------------------------------------------------------------------- | | addressbook.defaulturl | AddressBook subscription URL. Only used to initialize the AddressBook. | | addressbook.subscriptions | AddressBook subscriptions URLs, separated by comma. Note that defaulturl is not added to subscriptions URLs | | addressbook.hostsfile | File to dump AddressesBook in hosts.txt format | ### Trust options | Option | Description | | ------------- | ------------------------------------------------------------------------------------------------------ | | trust.enabled | Enable explicit trust options. (default: false) | | trust.family | Make direct I2P connections only to routers in specified Family. | | trust.routers | Make direct I2P connections only to routers specified here. Comma separated list of [base64](../files/Base64.md) identities. | | trust.hidden | Should we hide our router from other routers? (default: false) | ### Exploratory tunnels | Option | Description | | ----------------------------- | --------------------------------------------------- | | exploratory.inbound.length | Exploratory inbound tunnels length. (default: 2) | | exploratory.inbound.quantity | Exploratory inbound tunnels quantity. (default: 3) | | exploratory.outbound.length | Exploratory outbound tunnels length. (default: 2) | | exploratory.outbound.quantity | Exploratory outbound tunnels quantity. (default: 3) | ## Tunnel Configuration Available tunnel types: | Type | Description | | --------- | -------------------------------------------------------------- | | client | Client tunnel to remote I2P destination ([TCP](../internet/TCP.md)) | | server | Generic server tunnel to setup any [TCP](../internet/TCP.md) service in I2P network | | http | [HTTP](../internet/HTTP.md) server tunnel to setup a website in I2P | ### Client Tunnel ```ini [irc-out] type = client address = 127.0.0.1 port = 6668 destination = irc.ilita.i2p keys = irc.dat ``` #### Optional parameters | Option | Description | | ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | | address | Local interface tunnel binds to, '127.0.0.1' for connections from local host only, '0.0.0.0' for connections from everywhere. (default: 127.0.0.1) | | port | Port of client tunnel. | | signaturetype | Signature type for new keys. RSA signatures (4,5,6) are not allowed and will be changed to 7. (default: 7) | | cryptotype | Crypto type for new keys. Experimental. Should be always 0 | | destinationport | Connect to particular port at destination. 0 by default (targeting first tunnel on server side for destination) | | keepaliveinterval | Send ping to the destination after this interval in seconds. (default: 0 - no pings) | | keys | Keys for destination. When same for several tunnels, will be using same destination for every tunnel. | ### Server Tunnel ```ini [smtp-in] type = server host = 127.0.0.1 port = 25 keys = smtp-in.dat ``` #### Optional parameters | Option | Description | | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | host | IP address of server (on this address i2pd will send data from I2P) | | port | Port of server tunnel. | | inport | (non-[TCP](../internet/TCP.md) non-[UDP](../internet/UDP.md)) I2P local destination port to listen to; an unsigned 16-bit integer. What port at local destination server tunnel listens to (default: same as _port_) | | accesslist | List of comma-separated of b32 address (without .b32.i2p) allowed to connect. Everybody is allowed by default | | gzip | Turns internal compression off if set to false. (default: false) | | signaturetype | Signature type for new keys. (default: 7) | | cryptotype | Crypto type for new keys. Experimental. Should be always 0 | | enableuniquelocal | If true, connection to local address will look like 127.x.x.x where x.x.x is first 3 bytes of incoming connection peer's ident hash. (default: true) | | address | IP address of an interface tunnel is connected to _host_ from. Usually not used | | keys | Keys for destination. When same for several tunnels, will be using same destination for every tunnel. | ### HTTP Tunnel ```ini [http-in] type = http host = 127.0.0.1 port = 80 keys = our-website.dat ``` ## Tools #refactor -> i2p_tools (vanity, etc)