jmarya/knowledge
jmarya/knowledge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
knowledge/technology/internet/I2P.md
JMARyA 598a10bc28
restructure
2024-01-17 09:00:45 +01:00

25 KiB
Raw Blame History

website obj repo
https://geti2p.net
https://i2pd.website
application https://github.com/PurpleI2P/i2pd

I2P Network

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others. Anonymous Torrenting via i2psnark is also possible.

Usage

Install i2pd (deamon written in C++) and enable the service. Router Interface is at 127.0.0.1:7070 with HTTP Proxy at 127.0.0.1:4444

Configuration

There are two separate config files: i2pd.conf and tunnels.conf. i2pd.conf is the main configuration file, where you configure all options. tunnels.conf is the tunnel configuration file, where you configure I2P hidden services and client tunnels.

Example i2pd.conf:

logfile = /var/log/i2pd/i2pd.log
ipv4 = true
ipv6 = false
ssu = true
bandwidth = X

[ssu2]
enabled = true
published = true

[http]
enabled = true
address = 0.0.0.0
port = 7070
auth = true
user = i2pd
pass = pass
strictheaders = false
lang = english

[httpproxy]
address = 0.0.0.0
port = 4444
# StormyCloud
#outproxy = http://5d4s7pcvfdpftfk7npc7hllyujhufsdprtrf4o53i44rgsa2xbwa.b32.i2p

# Purokishi
outproxy = http://purokishi.i2p

[socksproxy]
address = 0.0.0.0
port = 4447

[sam]
enabled = true
address = 127.0.0.1
port = 7656

[i2cp]
enabled = true
address = 0.0.0.0
port = 7654

[reseed]
verify = true

[addressbook]
subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt

General options

Option Description
conf Config file (default: ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf). This parameter will be silently ignored if the specified config file does not exist.
tunconf Tunnels config file (default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf)
pidfile Where to write pidfile (default: i2pd.pid, not used in Windows)
log Logs destination: stdout, file, syslog (stdout if not set or invalid) (if daemon, stdout/unspecified are replaced by file in some cases)
logfile Path to logfile (default - autodetect)
loglevel Log messages above this level (debug, info, warn, error, none; default - warn)
logclftime Write full CLF-formatted date and time to log (default: false (write only time))
datadir Path to storage of i2pd data (RouterInfos, destinations keys, peer profiles, etc ...)
host Router external IP for incoming connections (default: auto if SSU2 is enabled)
port Port to listen for incoming connections (default: auto (random))
daemon Router will go to background after start (default: true)
service Router will use system folders like '/var/lib/i2pd' (on unix) or 'C:\ProgramData\i2pd' (on Windows). Ignored on MacOS and Android (default: false)
ifname Network interface to bind to
ifname4 Network interface to bind to for IPv4
ifname6 Network interface to bind to for IPv6
address4 Local address to bind to for IPv4
address6 Local address to bind to for clearnet IPv6
nat If true, assume we are behind NAT (default: true)
ipv4 Enable communication through IPv4 (default: true)
ipv6 Enable communication through clearnet IPv6 (default: false)
notransit Router will not accept transit tunnels, disabling transit traffic completely. G router cap will be published (default: false)
floodfill Router will be floodfill (default: false)
bandwidth Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (unlimited).
share Max % of bandwidth limit for transit. 0-100 (default: 100)
family Name of a family, router belongs to
netid Network ID, router belongs to. Main I2P is 2.

NTCP2

Option Description
ntcp2.enabled Enable NTCP2 (default: true)
ntcp2.published Enable incoming NTCP2 connections (default: true)
ntcp2.port Port to listen for incoming NTCP2 connections (default: auto - port from general section)
ntcp2.addressv6 External IPv6 for incoming connections
ntcp2.proxy Specify proxy server for NTCP2. Should be http://address:port or socks://address:port

SSU2

Option Description
ssu2.enabled Enable SSU2 (default: true)
ssu2.published Enable incoming SSU2 connections. (default: true)
ssu2.port Port to listen for incoming SSU2 connections (default: auto - 'port' from general section)
ssu2.proxy Specify UDP socks5 proxy server for NTCP2. Should be socks://address:port
ssu2.mtu4 MTU for local ipv4. (default: auto)
ssu2.mtu6 MTU for local ipv6. (default: auto)

HTTP webconsole

Option Description
http.enabled If webconsole is enabled. (default: true)
http.address The address to listen on (HTTP server)
http.port The port to listen on (HTTP server) (default: 7070)
http.auth Enable basic HTTP auth for webconsole (default: false)
http.user Username for basic auth (default: i2pd)
http.pass Password for basic auth (default: random, see logs)
http.strictheaders Enable strict host checking on WebUI. (default: true)
http.hostname Expected hostname for WebUI (default: localhost)

HTTP Proxy

Option Description
httpproxy.enabled If HTTP proxy is enabled. (default: true)
httpproxy.address The address to listen on (HTTP Proxy)
httpproxy.port The port to listen on (HTTP Proxy) (default: 4444)
httpproxy.addresshelper Enable address helper (jump). (default: true)
httpproxy.keys Optional keys file for HTTP proxy local destination
httpproxy.signaturetype Signature type for new keys if keys file is set. (default: 7)
httpproxy.inbound.length Inbound tunnels length if keys is set. (default: 3)
httpproxy.inbound.quantity Inbound tunnels quantity if keys is set. (default: 5)
httpproxy.inbound.lengthVariance Inbound tunnels length variance if keys is set. (default: 0)
httpproxy.outbound.length Outbound tunnels length if keys is set. (default: 3)
httpproxy.outbound.quantity Outbound tunnels quantity if keys is set. (default: 5)
httpproxy.outbound.lengthVariance Outbound tunnels length variance if keys is set. (default: 0)
httpproxy.outproxy HTTP proxy upstream out proxy url (like http://false.i2p)
httpproxy.i2cp.leaseSetType Type of LeaseSet to be sent. 1, 3 or 5. (default: 3)
httpproxy.i2cp.leaseSetEncType Comma separated encryption types to be used in LeaseSet type 3 or 5

Socks proxy

Option Description
socksproxy.enabled If SOCKS proxy is enabled. (default: true)
socksproxy.address The address to listen on (SOCKS Proxy)
socksproxy.port The port to listen on (SOCKS Proxy). (default: 4447)
socksproxy.keys Optional keys file for SOCKS proxy local destination
socksproxy.signaturetype Signature type for new keys if keys file is set. (default: 7)
socksproxy.inbound.length Inbound tunnels length if keys is set. (default: 3)
socksproxy.inbound.quantity Inbound tunnels quantity if keys is set. (default: 5)
socksproxy.inbound.lengthVariance Inbound tunnels length variance if keys is set. (default: 0)
socksproxy.outbound.length Outbound tunnels length if keys is set. (default: 3)
socksproxy.outbound.quantity Outbound tunnels quantity if keys is set. (default: 5)
socksproxy.outbound.lengthVariance Outbound tunnels length variance if keys is set. (default: 0)
socksproxy.outproxy.enabled Enable or disable SOCKS outproxy. (default: false)
socksproxy.outproxy Address of outproxy. Requests outside I2P will go there.
socksproxy.outproxyport Outproxy remote port
socksproxy.i2cp.leaseSetType Type of LeaseSet to be sent. 1, 3 or 5. (default: 3)
socksproxy.i2cp.leaseSetEncType Comma separated encryption types to be used in LeaseSet type 3 or 5

SAM interface

Option Description
sam.enabled If SAM is enabled. (default: true)
sam.address The address to listen on (SAM bridge)
sam.port Port of SAM bridge. Usually 7656. SAM is off if not specified
sam.singlethread If false every SAM session runs in own thread. (default: true)

BOB interface

Option Description
bob.enabled If BOB is enabled. (default: false)
bob.address The address to listen on (BOB command channel)
bob.port Port of BOB command channel. Usually 2827. BOB is off if not specified

I2CP interface

Option Description
i2cp.enabled If I2CP is enabled. (default: true)
i2cp.address The address to listen on or an abstract address for Android LocalSocket
i2cp.port Port of I2CP server. Usually 7654. Ignored for Andorid
i2cp.singlethread If false every I2CP session runs in own thread. (default: true)

I2PControl interface

Option Description
i2pcontrol.enabled If I2P control is enabled. (default: false)
i2pcontrol.address The address to listen on (I2P control service)
i2pcontrol.port Port of I2P control service. Usually 7650. I2PControl is off if not specified
i2pcontrol.password I2P control authentication password. (default: itoopie)
i2pcontrol.cert I2P control HTTPS certificate file name. (default: i2pcontrol.crt.pem)
i2pcontrol.key I2P control HTTPS certificate key file name. (default: i2pcontrol.key.pem)

Reseeding

Option Description
reseed.verify Verify .su3 signature. (default: false)
reseed.urls Reseed URLs, separated by comma
reseed.yggurls Reseed Yggdrasil's URLs, separated by comma
reseed.file Path to local .su3 file or HTTPS URL to reseed from
reseed.zipfile Path to local .zip file to reseed from
reseed.threshold Minimum number of known routers before requesting reseed. (default: 25)
reseed.proxy Url for https/socks reseed proxy

Addressbook options

Option Description
addressbook.defaulturl AddressBook subscription URL. Only used to initialize the AddressBook.
addressbook.subscriptions AddressBook subscriptions URLs, separated by comma. Note that defaulturl is not added to subscriptions URLs
addressbook.hostsfile File to dump AddressesBook in hosts.txt format

Trust options

Option Description
trust.enabled Enable explicit trust options. (default: false)
trust.family Make direct I2P connections only to routers in specified Family.
trust.routers Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
trust.hidden Should we hide our router from other routers? (default: false)

Exploratory tunnels

Option Description
exploratory.inbound.length Exploratory inbound tunnels length. (default: 2)
exploratory.inbound.quantity Exploratory inbound tunnels quantity. (default: 3)
exploratory.outbound.length Exploratory outbound tunnels length. (default: 2)
exploratory.outbound.quantity Exploratory outbound tunnels quantity. (default: 3)

Tunnel Configuration

Available tunnel types:

Type Description
client Client tunnel to remote I2P destination (TCP)
server Generic server tunnel to setup any TCP service in I2P network
http HTTP server tunnel to setup a website in I2P

Client Tunnel

[irc-out]
type = client
address = 127.0.0.1
port = 6668
destination = irc.ilita.i2p
keys = irc.dat

Optional parameters

Option Description
address Local interface tunnel binds to, '127.0.0.1' for connections from local host only, '0.0.0.0' for connections from everywhere. (default: 127.0.0.1)
port Port of client tunnel.
signaturetype Signature type for new keys. RSA signatures (4,5,6) are not allowed and will be changed to 7. (default: 7)
cryptotype Crypto type for new keys. Experimental. Should be always 0
destinationport Connect to particular port at destination. 0 by default (targeting first tunnel on server side for destination)
keepaliveinterval Send ping to the destination after this interval in seconds. (default: 0 - no pings)
keys Keys for destination. When same for several tunnels, will be using same destination for every tunnel.

Server Tunnel

[smtp-in]
type = server
host = 127.0.0.1
port = 25
keys = smtp-in.dat

Optional parameters

Option Description
host IP address of server (on this address i2pd will send data from I2P)
port Port of server tunnel.
inport (non-TCP non-UDP) I2P local destination port to listen to; an unsigned 16-bit integer. What port at local destination server tunnel listens to (default: same as port)
accesslist List of comma-separated of b32 address (without .b32.i2p) allowed to connect. Everybody is allowed by default
gzip Turns internal compression off if set to false. (default: false)
signaturetype Signature type for new keys. (default: 7)
cryptotype Crypto type for new keys. Experimental. Should be always 0
enableuniquelocal If true, connection to local address will look like 127.x.x.x where x.x.x is first 3 bytes of incoming connection peer's ident hash. (default: true)
address IP address of an interface tunnel is connected to host from. Usually not used
keys Keys for destination. When same for several tunnels, will be using same destination for every tunnel.

HTTP Tunnel

[http-in]
type = http
host = 127.0.0.1  
port = 80
keys = our-website.dat

Tools

There are several tools available here.

keygen

Generate an I2P private key.

Usage

Make a EDDSA-SHA512-ED25519 destination key

./keygen privkey.dat

Make an destination key with a certain key type

./keygen privkey.dat <number>
./keygen privkey.dat <key name>
key name number
DSA-SHA1 0
ECDSA-SHA256-P256 1
ECDSA-SHA384-P384 2
ECDSA-SHA512-P521 3
RSA-SHA256-2048 4
RSA-SHA384-3072 5
RSA-SHA512-4096 6
EDDSA-SHA512-ED25519 7
GOSTR3410_CRYPTO_PRO_A-GOSTR3411-256 9
GOSTR3410_TC26_A_512-GOSTR3411-512 10
RED25519-SHA512 11

vain

Vanity generation address.

Time to Generate on a 2.70GHz Processor:

characters time to generate (approx.)
1 ~0.082s
2 ~0.075s
3 ~0.100s
4 ~0.394s
5 ~6.343s
6 ~1m-5m
7 ~30m

Usage

./vain pattern [options]

Options

Option Description
-r, --reg regex instead of text pattern
-t, --threads Use this many threads (default all)
-o, --output output_file Output file
-m, --multiplymode multiple addresses search

keyinfo

Prints information about an I2P private key

Usage

Print just the b32 address for this key

 ./keyinfo privatekey.dat

... just the base64 address

./keyinfo -d privatekey.dat

Print all info about the public key

./keyinfo -v privatekey.dat