I2P

From Gentoo Wiki
Jump to: navigation, search

Not to be confused with I2C.

The Invisible Internet Project (I2P) is an anonymous network, similar to Tor. The key difference is that I2P is internal, focusing on providing anonymous services within the network rather than proxying traffic to the regular internet (although some proxy services do exist).

Installation

Prerequisites

Java 7 or higher must be installed to run the main implementation of I2P. See the Java article for more instructions on how to get the system to that point. If this is not possible, you may wish to try the newer but less mature C++ implementation: net-vpn/i2pd.

Java

net-vpn/i2p is currently marked as unstable. Special permission must be granted for it to install on stable amd64 systems:

root #echo "net-vpn/i2p" >> /etc/portage/package.keywords

Or:

root #echo "net-vpn/i2p ~amd64" >> /etc/portage/package.accept_keywords

i2pd (C++)

net-vpn/i2pd is also marked as unstable:

root #echo "net-vpn/i2pd" >> /etc/portage/package.keywords

Or:

root #echo "net-vpn/i2pd ~amd64" >> /etc/portage/package.accept_keywords

USE flags

USE flags for net-vpn/i2p A privacy-centric, anonymous network.

ecdsa Enables additional checks to make sure a setup is available that is capable of using I2Ps ECDSA provisions. I2P will work without it, but you will likely see warnings. local
nls Adds Native Language Support using GNU gettext. local

Emerge

root #emerge --ask net-vpn/i2p

Setup

Services

OpenRC

To start the i2p service when the system boots:

root #rc-update add i2p default

To start the i2p service now:

root #service i2p start

systemd

To start the i2p service when the system boots:

root #systemctl enable i2p.service

To start the i2p service now:

root #systemctl start i2p.service

Configuration

Most I2P configuration is done in the Router Console, accessible via web browser at localhost:7657 once the router service has been started.

Firewall

I2P selects a random port between 9000 and 31000 for inbound traffic when the router is first run. This port is forwarded automatically by UPnP, but if your gateway/firewall does not support UPnP, it will need to be manually forwarded (both TCP and UDP) for best performance. Visit http://localhost:7657/confignet to find out which port.

Usage

Eepsites

To access websites hosted on the I2P network, a web browser must be configured to use a proxy at localhost:4444 for HTTP and localhost:4445 for HTTPS. This can be accomplished globally in most browsers' proxy settings, or specifically for sites with the .i2p TLD using a plugin like FoxyProxy for Firefox or Chrome See also: https://geti2p.net/en/about/browser-config

Bittorrent

I2PSnark, the I2P Bittorrent client, is accessible at localhost:7657/i2psnark with no additional configuration. However, the above Eepsite configuration is necessary to reach the trackers on which the torrents are found.

IRC

Using any IRC client, set up a connection to localhost:6668 No account creation is required. If using Pidgin, be sure to fill in the Ident name and Real name fields in addition to Username, otherwise Pidgin may expose identity information from other configured accounts.

SSH

openssh doesn't have any native support for SOCKS5, so you will need to install openbsd-netcat. You'll need to modify your SSH config too. It is possible with netcat' also but the configuration below uses flags specific to the OpenBSD variant.

root #emerge --ask net-analyzer/openbsd-netcat

This enables proxying through a SOCKS5 I2P tunnel for all .i2p hosts. You will need to go to http://localhost:7657/i2ptunnelmgr and create a SOCKS5 client tunnel. Note the port you have used and replace '1234' in the below config with it.

FILE ~/.ssh/config
Host *.i2p
	# Tell SSH to pass its connections through netcat, using a SOCKS5 proxy at 127.0.0.1:1234.
	ProxyCommand nc -X 5 -x 127.0.0.1:1234 %h %p

	# Privacy protections
	# Prevents SSH from telling the remote server about all of your public keys, potentially revealing your ID
	ForwardAgent no
	IdentitiesOnly yes

        # Merges connections to a server to prevent expensive reconnections
        # To avoid this, invoke ssh asb: ssh -o 'ControlMaster no' ...
	ControlMaster auto
	ControlPath ~/.ssh/master-%r@%n:%p

        # Compression for low bandwidth lines (like I2P)
	Compression yes

See also

  • Tor - An onion routing internet anonymity system.