From Gentoo Wiki
Jump to:navigation Jump to:search

Not to be confused with I2C.

The Invisible Internet Project (I2P) is an anonymous network, similar to Tor. The key difference is that I2P is internal, focusing on providing anonymous services within the network rather than proxying traffic to the regular internet (although some proxy services do exist).



Java 7 or higher must be installed to run the main implementation of I2P. See the Java article for more instructions on how to get the system to that point. If this is not possible, try the newer but less mature C++ implementation: net-vpn/i2pd.


net-vpn/i2p is currently marked as unstable. Special permission must be granted for it to install on stable systems:

root #echo "net-vpn/i2p" >> /etc/portage/package.accept_keywords

i2pd (C++)

net-vpn/i2pd is also marked as unstable:

root #echo "net-vpn/i2pd" >> /etc/portage/package.accept_keywords

USE flags

USE flags for net-vpn/i2p A privacy-centric, anonymous network

nls Adds Native Language Support using GNU gettext.
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)


root #emerge --ask net-vpn/i2p




To start the i2p service when the system boots:

root #rc-update add i2p default

To start the i2p service now:

root #rc-service i2p start


To start the i2p service when the system boots:

root #systemctl enable i2p.service

To start the i2p service now:

root #systemctl start i2p.service


Most I2P configuration is done in the Router Console, accessible via web browser at localhost:7657 once the router service has been started.


I2P selects a random port between 9000 and 31000 for inbound traffic when the router is first run. This port is forwarded automatically by UPnP, but if your gateway/firewall does not support UPnP, it will need to be manually forwarded (both TCP and UDP) for best performance. Visit http://localhost:7657/confignet to find out which port.


You can use a pac file to delegate browser requests to different proxies. Here connections to localhost are handled directly (no proxy). Eepsites are handled by I2P proxy on port 4444. Other traffic goes via Tor SOCKS proxy on running on port 9050.

FILE /usr/local/proxy.pac
function FindProxyForURL(url, host)
       return 'DIRECT';
       return 'PROXY';

   return 'SOCKS';

Save this file as /usr/local/proxy.pac, and point your browser to it. Most browsers accept Proxy configuration URL, where you can specify file:///usr/local/proxy.pac.

I2P's CSS can make browsers sluggish. You can add the following to your profile_dir/chrome/userContent.css to speed up rendering:

FILE profile_dir/chrome/userContent.css
@-moz-document url-prefix('http://localhost:7657/')
   * { filter: none !important; background-image: none !important; }



To access websites hosted on the I2P network, a web browser must be configured to use a proxy at localhost:4444 for HTTP and localhost:4445 for HTTPS. This can be accomplished globally in most browsers' proxy settings, or specifically for sites with the .i2p TLD using a plugin like FoxyProxy for Firefox or Chrome See also: https://geti2p.net/en/about/browser-config


I2PSnark, the I2P Bittorrent client, is accessible at localhost:7657/i2psnark with no additional configuration. However, the above Eepsite configuration is necessary to reach the trackers on which the torrents are found.


Using any IRC client, set up a connection to localhost:6668 No account creation is required. If using Pidgin, be sure to fill in the Ident name and Real name fields in addition to Username, otherwise Pidgin may expose identity information from other configured accounts.


openssh doesn't have any native support for SOCKS5, so you will need to install openbsd-netcat. You'll need to modify your SSH config too. It is possible with netcat' also but the configuration below uses flags specific to the OpenBSD variant.

root #emerge --ask net-analyzer/openbsd-netcat

This enables proxying through a SOCKS5 I2P tunnel for all .i2p hosts. You will need to go to http://localhost:7657/i2ptunnelmgr and create a SOCKS5 client tunnel. Note the port you have used and replace '1234' in the below config with it.

FILE ~/.ssh/config
Host *.i2p
	# Tell SSH to pass its connections through netcat, using a SOCKS5 proxy at
	ProxyCommand nc -X 5 -x %h %p

	# Privacy protections
	# Prevents SSH from telling the remote server about all of your public keys, potentially revealing your ID
	ForwardAgent no
	IdentitiesOnly yes

        # Merges connections to a server to prevent expensive reconnections
        # To avoid this, invoke ssh asb: ssh -o 'ControlMaster no' ...
	ControlMaster auto
	ControlPath ~/.ssh/master-%r@%n:%p

        # Compression for low bandwidth lines (like I2P)
	Compression yes

See also

  • Tor - An onion routing internet anonymity system.