knowledge/technology/internet/I2P.md

website	obj	repo
https://geti2p.net https://i2pd.website	application	https://github.com/PurpleI2P/i2pd

I2P Network

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. Many applications are available that interface with I2P, including mail, peer-peer, IRC chat, and others. Anonymous Torrenting via i2psnark is also possible.

Usage

Install i2pd (deamon written in C++) and enable the service. Router Interface is at 127.0.0.1:7070 with HTTP Proxy at 127.0.0.1:4444

Configuration

There are two separate config files: i2pd.conf and tunnels.conf. i2pd.conf is the main configuration file, where you configure all options. tunnels.conf is the tunnel configuration file, where you configure I2P hidden services and client tunnels.

Example i2pd.conf:

logfile = /var/log/i2pd/i2pd.log
ipv4 = true
ipv6 = false
ssu = true
bandwidth = X

[ssu2]
enabled = true
published = true

[http]
enabled = true
address = 0.0.0.0
port = 7070
auth = true
user = i2pd
pass = pass
strictheaders = false
lang = english

[httpproxy]
address = 0.0.0.0
port = 4444
# StormyCloud
#outproxy = http://5d4s7pcvfdpftfk7npc7hllyujhufsdprtrf4o53i44rgsa2xbwa.b32.i2p

# Purokishi
outproxy = http://purokishi.i2p

[socksproxy]
address = 0.0.0.0
port = 4447

[sam]
enabled = true
address = 127.0.0.1
port = 7656

[i2cp]
enabled = true
address = 0.0.0.0
port = 7654

[reseed]
verify = true

[addressbook]
subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt

General options

Option	Description
conf	Config file (default: ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf). This parameter will be silently ignored if the specified config file does not exist.
tunconf	Tunnels config file (default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf)
pidfile	Where to write pidfile (default: i2pd.pid, not used in Windows)
log	Logs destination: stdout, file, syslog (stdout if not set or invalid) (if daemon, stdout/unspecified are replaced by file in some cases)
logfile	Path to logfile (default - autodetect)
loglevel	Log messages above this level (debug, info, warn, error, none; default - warn)
logclftime	Write full CLF-formatted date and time to log (default: false (write only time))
datadir	Path to storage of i2pd data (RouterInfos, destinations keys, peer profiles, etc ...)
host	Router external IP for incoming connections (default: auto if SSU2 is enabled)
port	Port to listen for incoming connections (default: auto (random))
daemon	Router will go to background after start (default: true)
service	Router will use system folders like '/var/lib/i2pd' (on unix) or 'C:\ProgramData\i2pd' (on Windows). Ignored on MacOS and Android (default: false)
ifname	Network interface to bind to
ifname4	Network interface to bind to for IPv4
ifname6	Network interface to bind to for IPv6
address4	Local address to bind to for IPv4
address6	Local address to bind to for clearnet IPv6
nat	If true, assume we are behind NAT (default: true)
ipv4	Enable communication through IPv4 (default: true)
ipv6	Enable communication through clearnet IPv6 (default: false)
notransit	Router will not accept transit tunnels, disabling transit traffic completely. G router cap will be published (default: false)
floodfill	Router will be floodfill (default: false)
bandwidth	Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (unlimited).
share	Max % of bandwidth limit for transit. 0-100 (default: 100)
family	Name of a family, router belongs to
netid	Network ID, router belongs to. Main I2P is 2.

NTCP2

Option	Description
ntcp2.enabled	Enable NTCP2 (default: true)
ntcp2.published	Enable incoming NTCP2 connections (default: true)
ntcp2.port	Port to listen for incoming NTCP2 connections (default: auto - port from general section)
ntcp2.addressv6	External IPv6 for incoming connections
ntcp2.proxy	Specify proxy server for NTCP2. Should be http://address:port or socks://address:port

SSU2

Option	Description
ssu2.enabled	Enable SSU2 (default: true)
ssu2.published	Enable incoming SSU2 connections. (default: true)
ssu2.port	Port to listen for incoming SSU2 connections (default: auto - 'port' from general section)
ssu2.proxy	Specify UDP socks5 proxy server for NTCP2. Should be socks://address:port
ssu2.mtu4	MTU for local ipv4. (default: auto)
ssu2.mtu6	MTU for local ipv6. (default: auto)

HTTP webconsole

Option	Description
http.enabled	If webconsole is enabled. (default: true)
http.address	The address to listen on (HTTP server)
http.port	The port to listen on (HTTP server) (default: 7070)
http.auth	Enable basic HTTP auth for webconsole (default: false)
http.user	Username for basic auth (default: i2pd)
http.pass	Password for basic auth (default: random, see logs)
http.strictheaders	Enable strict host checking on WebUI. (default: true)
http.hostname	Expected hostname for WebUI (default: localhost)

HTTP Proxy

Option	Description
httpproxy.enabled	If HTTP proxy is enabled. (default: true)
httpproxy.address	The address to listen on (HTTP Proxy)
httpproxy.port	The port to listen on (HTTP Proxy) (default: 4444)
httpproxy.addresshelper	Enable address helper (jump). (default: true)
httpproxy.keys	Optional keys file for HTTP proxy local destination
httpproxy.signaturetype	Signature type for new keys if keys file is set. (default: 7)
httpproxy.inbound.length	Inbound tunnels length if keys is set. (default: 3)
httpproxy.inbound.quantity	Inbound tunnels quantity if keys is set. (default: 5)
httpproxy.inbound.lengthVariance	Inbound tunnels length variance if keys is set. (default: 0)
httpproxy.outbound.length	Outbound tunnels length if keys is set. (default: 3)
httpproxy.outbound.quantity	Outbound tunnels quantity if keys is set. (default: 5)
httpproxy.outbound.lengthVariance	Outbound tunnels length variance if keys is set. (default: 0)
httpproxy.outproxy	HTTP proxy upstream out proxy url (like http://false.i2p)
httpproxy.i2cp.leaseSetType	Type of LeaseSet to be sent. 1, 3 or 5. (default: 3)
httpproxy.i2cp.leaseSetEncType	Comma separated encryption types to be used in LeaseSet type 3 or 5

Socks proxy

Option	Description
socksproxy.enabled	If SOCKS proxy is enabled. (default: true)
socksproxy.address	The address to listen on (SOCKS Proxy)
socksproxy.port	The port to listen on (SOCKS Proxy). (default: 4447)
socksproxy.keys	Optional keys file for SOCKS proxy local destination
socksproxy.signaturetype	Signature type for new keys if keys file is set. (default: 7)
socksproxy.inbound.length	Inbound tunnels length if keys is set. (default: 3)
socksproxy.inbound.quantity	Inbound tunnels quantity if keys is set. (default: 5)
socksproxy.inbound.lengthVariance	Inbound tunnels length variance if keys is set. (default: 0)
socksproxy.outbound.length	Outbound tunnels length if keys is set. (default: 3)
socksproxy.outbound.quantity	Outbound tunnels quantity if keys is set. (default: 5)
socksproxy.outbound.lengthVariance	Outbound tunnels length variance if keys is set. (default: 0)
socksproxy.outproxy.enabled	Enable or disable SOCKS outproxy. (default: false)
socksproxy.outproxy	Address of outproxy. Requests outside I2P will go there.
socksproxy.outproxyport	Outproxy remote port
socksproxy.i2cp.leaseSetType	Type of LeaseSet to be sent. 1, 3 or 5. (default: 3)
socksproxy.i2cp.leaseSetEncType	Comma separated encryption types to be used in LeaseSet type 3 or 5

SAM interface

Option	Description
sam.enabled	If SAM is enabled. (default: true)
sam.address	The address to listen on (SAM bridge)
sam.port	Port of SAM bridge. Usually 7656. SAM is off if not specified
sam.singlethread	If false every SAM session runs in own thread. (default: true)

BOB interface

Option	Description
bob.enabled	If BOB is enabled. (default: false)
bob.address	The address to listen on (BOB command channel)
bob.port	Port of BOB command channel. Usually 2827. BOB is off if not specified

I2CP interface

Option	Description
i2cp.enabled	If I2CP is enabled. (default: true)
i2cp.address	The address to listen on or an abstract address for Android LocalSocket
i2cp.port	Port of I2CP server. Usually 7654. Ignored for Andorid
i2cp.singlethread	If false every I2CP session runs in own thread. (default: true)

I2PControl interface

Option	Description
i2pcontrol.enabled	If I2P control is enabled. (default: false)
i2pcontrol.address	The address to listen on (I2P control service)
i2pcontrol.port	Port of I2P control service. Usually 7650. I2PControl is off if not specified
i2pcontrol.password	I2P control authentication password. (default: itoopie)
i2pcontrol.cert	I2P control HTTPS certificate file name. (default: i2pcontrol.crt.pem)
i2pcontrol.key	I2P control HTTPS certificate key file name. (default: i2pcontrol.key.pem)

Reseeding

Option	Description
reseed.verify	Verify .su3 signature. (default: false)
reseed.urls	Reseed URLs, separated by comma
reseed.yggurls	Reseed Yggdrasil's URLs, separated by comma
reseed.file	Path to local .su3 file or HTTPS URL to reseed from
reseed.zipfile	Path to local .zip file to reseed from
reseed.threshold	Minimum number of known routers before requesting reseed. (default: 25)
reseed.proxy	Url for https/socks reseed proxy

Addressbook options

Option	Description
addressbook.defaulturl	AddressBook subscription URL. Only used to initialize the AddressBook.
addressbook.subscriptions	AddressBook subscriptions URLs, separated by comma. Note that defaulturl is not added to subscriptions URLs
addressbook.hostsfile	File to dump AddressesBook in hosts.txt format

Trust options

Option	Description
trust.enabled	Enable explicit trust options. (default: false)
trust.family	Make direct I2P connections only to routers in specified Family.
trust.routers	Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
trust.hidden	Should we hide our router from other routers? (default: false)

Exploratory tunnels

Option	Description
exploratory.inbound.length	Exploratory inbound tunnels length. (default: 2)
exploratory.inbound.quantity	Exploratory inbound tunnels quantity. (default: 3)
exploratory.outbound.length	Exploratory outbound tunnels length. (default: 2)
exploratory.outbound.quantity	Exploratory outbound tunnels quantity. (default: 3)

Tunnel Configuration

Available tunnel types:

Type	Description
client	Client tunnel to remote I2P destination (TCP)
server	Generic server tunnel to setup any TCP service in I2P network
http	HTTP server tunnel to setup a website in I2P

Client Tunnel

[irc-out]
type = client
address = 127.0.0.1
port = 6668
destination = irc.ilita.i2p
keys = irc.dat

Optional parameters

Option	Description
address	Local interface tunnel binds to, '127.0.0.1' for connections from local host only, '0.0.0.0' for connections from everywhere. (default: 127.0.0.1)
port	Port of client tunnel.
signaturetype	Signature type for new keys. RSA signatures (4,5,6) are not allowed and will be changed to 7. (default: 7)
cryptotype	Crypto type for new keys. Experimental. Should be always 0
destinationport	Connect to particular port at destination. 0 by default (targeting first tunnel on server side for destination)
keepaliveinterval	Send ping to the destination after this interval in seconds. (default: 0 - no pings)
keys	Keys for destination. When same for several tunnels, will be using same destination for every tunnel.

Server Tunnel

[smtp-in]
type = server
host = 127.0.0.1
port = 25
keys = smtp-in.dat

Optional parameters

Option	Description
host	IP address of server (on this address i2pd will send data from I2P)
port	Port of server tunnel.
inport	(non-TCP non-UDP) I2P local destination port to listen to; an unsigned 16-bit integer. What port at local destination server tunnel listens to (default: same as port)
accesslist	List of comma-separated of b32 address (without .b32.i2p) allowed to connect. Everybody is allowed by default
gzip	Turns internal compression off if set to false. (default: false)
signaturetype	Signature type for new keys. (default: 7)
cryptotype	Crypto type for new keys. Experimental. Should be always 0
enableuniquelocal	If true, connection to local address will look like 127.x.x.x where x.x.x is first 3 bytes of incoming connection peer's ident hash. (default: true)
address	IP address of an interface tunnel is connected to host from. Usually not used
keys	Keys for destination. When same for several tunnels, will be using same destination for every tunnel.

HTTP Tunnel

[http-in]
type = http
host = 127.0.0.1  
port = 80
keys = our-website.dat

Tools

There are several tools available here.

keygen

Generate an I2P private key.

Usage

Make a EDDSA-SHA512-ED25519 destination key

./keygen privkey.dat

Make an destination key with a certain key type

./keygen privkey.dat <number>
./keygen privkey.dat <key name>

key name	number
DSA-SHA1	0
ECDSA-SHA256-P256	1
ECDSA-SHA384-P384	2
ECDSA-SHA512-P521	3
RSA-SHA256-2048	4
RSA-SHA384-3072	5
RSA-SHA512-4096	6
EDDSA-SHA512-ED25519	7
GOSTR3410_CRYPTO_PRO_A-GOSTR3411-256	9
GOSTR3410_TC26_A_512-GOSTR3411-512	10
RED25519-SHA512	11

vain

Vanity generation address.

Time to Generate on a 2.70GHz Processor:

characters	time to generate (approx.)
1	~0.082s
2	~0.075s
3	~0.100s
4	~0.394s
5	~6.343s
6	~1m-5m
7	~30m

Usage

./vain pattern [options]

Options

Option	Description
-r, --reg	regex instead of text pattern
-t, --threads	Use this many threads (default all)
-o, --output output_file	Output file
-m, --multiplymode	multiple addresses search

keyinfo

Prints information about an I2P private key

Usage

Print just the b32 address for this key

 ./keyinfo privatekey.dat

... just the base64 address

./keyinfo -d privatekey.dat

Print all info about the public key

./keyinfo -v privatekey.dat