wiki:guide

What is I2P?

/chrome/site/i2plogo.png

I2P, otherwise known as the Invisible Internet Project, is a full darknet implementation that runs on Java and is therefore available anywhere Java will run, including desktops, embedded systems and cellphones. The I2P darknet is a network within a network unmonitorable by your ISP or government that provides safe access to a broad range of services including websites, chat networks, and peer-to-peer file sharing facilities.

I2P is a solution to provide anonymous communication in the non-anonymous Internet. To accomplish that goal it uses different techniques like encryption and routing data via other users of I2P.

Why use I2P?

The I2P network provides strong privacy protections for communication over the Internet. Many activities that would risk your privacy on the public Internet can be conducted anonymously on I2P. Though suitable for general privacy-conscious usage, I2P is also designed to protect users under high risk, such as:

  • Activists
  • Marginalized groups
  • Victims of ethnic, political, or religious persecution
  • Journalists
  • Whistle blowers
  • Users concerned with the privacy of their communications (data retention laws and government surveillance)
  • File sharers

How does I2P work?

In I2P, everyone running the application helps everyone else, by default, anonymously. In order to hide your identity within the network, you bounce your traffic through other I2P-enabled machines, so your requests to view an I2P website, for example, go indirectly via other I2P machines (known as routers in I2P terminology, or nodes in Tor terms). This works in similar fashion to Tor, but unlike Tor, everyone in the network helps everyone else, and you don't expose yourself to external monitoring by passing traffic to the external net. What happens in I2P stays in I2P! Furthermore, unlike Freenet (another P2P darknet implementation), you're not hosting encrypted content for other users, simply relaying their traffic, which from start to finish stays encrypted.

Image(wiki:Content:i2prouting.png, nolink, center?

Additionally, no special magic is required to be an I2P router.. we implement technology similar to that used by Skype and other peer-to-peer applications to allow you to be part of the network even if you're behind restrictive firewalls or other systems that prevent inbound traffic from directly reaching your computer. No need to port forward on the router or open special ports, although if you can do so, you may see improved performance.

Preface


  1. Facts that you must know about I2P
    1. There is NO 100% anonymity!
    2. I2P does not hide the fact you run I2P (it does NOT hide the IP address)!
    3. Building up this anonymity costs bandwidth!
    4. The I2P net is very dynamic.
    5. I2P needs special adapted software!
    6. I2P is closed-network!
  2. General informations
    1. I2P builds up a new net inside the usual internet, connecting nodes together via encrypted connections, so called tunnels.
    2. I2P is not completely ready yet, it is still in development.
    3. ALWAYS use latest stable release
    4. I2P is dynamic
  3. Router information
  4. Router console head menu
  5. Bandwidth settings
  6. Configuration
  7. iMule tips & tricks


Facts that you must know about I2P

There is NO 100% anonymity!

I2P just tries to reach as near as it could get up to 100% and still be usable by the users.

I2P does not hide the fact you run I2P (it does NOT hide the IP address)!

I2P tries to get rid of the binding IP-destination (service). E.G. you could see all the IPs of the users who run I2P and you get the so called "destination ID" of a service. But you cannot determine which user (which IP or router) runs which destination.

Building up this anonymity costs bandwidth!

Although I2P is P2P friendly you will hardly get faster speeds than 20-40 kb/sec on a single connection. Thats due to the fact of I2P techniques of being anonymous. Do not expect RAW line speeds on I2P!

The I2P net is very dynamic.

If you get decent speed for a download right now, it will change the next 10 minutes. Users join and leave - the more users share bandwidth to I2P, the better the experience for each of them will be.

I2P needs special adapted software!

As basically all existent software is not aware of anonymity (e.g. browsers send out their version and other information to the internet), I2P needs special adapted software. There is already a wide bunch of adapted software available to be used within I2P (look on my eepsite).

I2P is closed-network!

The I2P team (which is not payed for the job it does) does not want to burden the risk of being a outproxy into the usual internet upon every user of I2P. E.g. the risk of being a open proxy for spam emails or DOS attacks of websites or other users browsing illegal webpages through their router. Thats why I2P works ONLY in its own network. You cannot get P2P data from usual network/trackers/webpages.

General informations

First informations and steps

I2P builds up a new net inside the usual internet, connecting nodes together via encrypted connections, so called tunnels.

It is a JAVA program with its most used part (en/decryption of data) is written partly in hand optimized assembler code (GMP lib in libjbigi). I2P will route unknown traffic through your node, maybe even stuff you dislike. As all this data is encrypted, nobody knows whats data went to or from your node.

I2P is not completely ready yet, it is still in development.

First stable version will be release 1.0 in near future. All version until than are beta releases to test I2P and find still existent bugs. Due to the natural behavior of beta releases, the I2P team will release a new version more often than usual (once every 4-8 weeks) and may change some important parts which may break compatibility with older version. Although we do not know any right now, I2P might contain one or more flaws of anonymity and/or other problems. Use on your own risk!

ALWAYS use latest stable release

Development releases are called "mtn version" and are marked with a "-", e.g. 0.7.6-1. Those are usually usable by all but may do harm to your I2P experience. You can get the latest MTN builds from my eepsite http://echelon.i2p, but always remember: I built them, you need to trust me for I have not changed the code! After you get the right "i2pupdate.zip" file, put that file into the I2P directory and hit restart on the router console http://127.0.0.1:7657. Do NOT deflate the zip file! Those updates are "all complete", you can update from all versions from 0.6.1.33 on to the version you get the i2pupdate.zip from. You can even downgrade with these i2pudate.zip files. Right after start the status console (http://127.0.0.1:7657) should open up. Read more about it on the next page.

I2P is dynamic

After startup it tries to get known to other I2P routers and measures their speed - you need to wait some 10-120 minutes until your I2P router got contact with enough other ones to obtain the full capabilities of I2P. In the time after first start the other I2P routers need to get known to your router, to. The router informations are saved on hard drive for at least 24h - a restart after e.g. 10h will bring you back on in short time. Short after your destinations will be online and you can start using I2P. 1 to 3 hours after startup the other routers know your router, its capabilities and if you share enough bandwidth they start to built up tunnels through your router - these tunnels will be shown as participating tunnels on your router.

Now it is time to get known to your route console!

Router information

Description of the left hand menu in router console

In this status console window you will always see life stats of your running I2P session.

left menu

I2P - the link under the picture will bring you back to start page of your router

Configuration - important configurations for your I2P router Help - some basic help links

Ident - your identification of your I2P router. DO NOT PUBLISH IT! It is bound to your IP. Version - running I2P version, should be at least 0.7.2 Uptime - I2P running time Now - actual time - sync your clock with ntp. If time differs to much (5 min) your I2P will suffer badly Reachability - reachability of your I2P ports, discovered by other I2P routers connecting to them

restart/shutdown - buttons to restart or shutdown I2P nicely. Does not accept new tunnels and wait 11 min until all old tunnels are timed out

Peers - list of active UDP/NTCP connection Active - count of I2P routers yours had connection with in 5 min/60 min rate Fast - number of routers in fast tier (see Profiles) High capacity - number of routers in high capacity tier Well integrated - number of known well integrated routers Known - number of seen different router IDs in last 24h

Bandwidth rates of speed in 1s average, 5 min and over all uptime of running session Used - total amount of data sent and received in active session by I2P router

Local destinations list of active destinations (server and clients) on local I2P router. e.g. *shared clients - pool of tunnel for applications not running on separate destinations *echelon.i2p - in this case my eepsite echelon.i2p

At least the shared clients destination should be up after router startup.

Tunnels in/out Exploratory - number of active exploratory tunnels (see further down for tunnel information) Client - number of active client tunnels Participating - number of routed tunnels (not starting or ending at one of your destinations)

Congestion Job lag - time waiting for a job to be fulfilled, should be as low as possible Message delay - delay until a message is send out of I2P Tunnel lag - round trip time on tunnels Handle backlog - number of jobs waiting to be fulfilled, should be 0 Rejecting tunnels - reason why no new participating tunnels are accepted

Router console head menu

Description of the top menu in router console

In the upper menu you can select some included applications and go to some statistical data.

upper menu

In the first line you see the links to the integrated applications: Susimail - small mail client to be used with postman's email service SusiDNS - small addressbook service tool (for easy short names inside of I2P) I2PSnark - included web based I2P torrent client My Eepsite - included jetty server with which you can publish anonymous

In the line below you see links to configuration and statistical data pages: I2PTunnel - site to setup and change local destinations (defaults) Tunnels - overview over active tunnels and change their options in running session Profiles - speed/capacity profiling data of known routers, floodfill information and shitlist NetDB - Leaseset information and stats of known I2P routers Logs - latest logs Jobs - running jobs Graphs - graphs of selected statistical data Stats - collected statistics of running I2P session

Bandwidth settings

limits and transfers

The bandwidth settings are on upper part of the page http://127.0.0.1:7657/config.jsp which will appear after hitting the Configuration link in leftern status console menu. It looks like: bandwidth

Setup your bandwidth wisely - I2P will use a lot of bandwidth if you do not limit it. Know your linespeed! Your linespeed is shown on your dsl or cable modem information page or in your contract with your internet provider.

Note to following terms: I use old ones, I do not like the SI terms. But for your convenience I tell you: Mbit = MiBit? kbit = KiBit? kbyte = KiByte?

To calculate those values, just divide the Mbit value by 8 and you get the MByte value. And 1024 kByte are 1 MByte.

Most common terms for internet lines are: 64 kbit roughly 8 kbyte/sec 0.008 MB/sec 512 kbit roughly 50 kbyte/sec 0.050 MB/sec 1 Mbit roughly 10 kbyte/sec 0.1 MB/sec 10 Mbit roughly 1100 kbyte/sec 1 MB/sec 100 Mbit roughly 11000 kbyte/sec 11 MB/sec

For german DSL: 1000er roughly 100kb/sec 0.1 MB/sec 12000er roughly 200kb/sec 0.2 MB/sec 6000er roughly 600kb/sec 0.6 MB/sec 16000er roughly 1600kb/sec 1.6 MB/sec 50000er roughly 5000kb/sec 5 MB/sec

Set your bandwidth limits slightly under your line speed. This will not kill your line while heavy I2P usage. This setting for bandwidth is the first and last limiter after/ahead of your internet line. All I2P based traffic is limited by this setting. This includes the usual overhead, all data send/received by all I2P applications running on that router and the traffic routed for other routers (participating tunnels). Most of those applications got their own bandwidth limiter, but this one is the general one for everything together on your node!

The settings for bandwidth share describes how much of your bandwidth will be maximum allowed to be shared for participating tunnels (traffic that does not end or origin at your I2P router). In default setup own traffic (data that ends or origins at your router, e.g. if you visit eepsites or use torrents via I2P) will be preferred over shared bandwidth. It will cut down the shared bandwidth as long as you need the traffic local. But to always get a nice speed for own traffic and be nice to the I2P net, I prefer the setting of share like this: 100% if lowest bandwidth setting is >1024kb/sec

80% if lowest bandwidth setting is >30kb/sec 50% if lowest bandwidth setting is >16kb/sec

There is no shared bandwidth under 16kb/sec. This way it will left enough space for the I2P net not to kill participating tunnels if you need more bandwidth than usual.

Remember: I2P is a self containing network, all traffic produced by I2P must be routed via I2P routers. If you do not share any bandwidth, the others I2P routers need to take up that load! There are NO dedicated fast routing servers provided by the I2P team - the users itself are building the network. The more bandwidth is shared by single routers, the faster single transfers will happen!

Be careful with your traffic allotment of your provider - I2P will produce a lot of traffic if you will not limit it. Two ways to limit the bandwidth are included into I2P: One way is described above, the other one is by limiting the amount of participating tunnels your router accepts. I2P prefers tunnels over bandwidth - if needed I2P will build up more tunnels and reduce bandwidth on existent tunnels. If no tunnels can be built, users will not be able to setup a new destination and participate in I2P. To maintain a good experience for all users on I2P we need to cope with allowing enough tunnels to be build and let those tunnels get enough bandwidth.

Limit your participating tunnels on the configadvanced.jsp page with adding the line: router.maxParticipatingTunnels=500 Set the number to one of these values:

participating tunnels resulting bandwidth 3 2500 1500 kb/sec - high value with high CPU load! 1500 900 kb/sec 800 500 kb/sec 500 300kb/sec 200 150 kb/sec 150 70 kb/sec

Notice: even failed tunnel requests will result in a participating tunnel. Which results in far more participating tunnels unused than used if the network is under load.

It is wise to first limit the bandwidth and afterwards the participating tunnels, e.g. set some more participating tunnels and let I2P reach the bandwidth limit instead of the participating tunnels limit.

If you set your bandwidth limit higher than 1 MB/sec and participating tunnels over 3000 I2P will hardly reach your limits. I2P tries to spread the load upon a lot of capable routers and not to let one router get all tunnels (out for security and reliability reasons).

Configuration

The configuration of your I2P is not a trivial job and takes some time and knowledge to do it the perfect way. For luck I2P runs fairly well in default setup - as long as your PC have sufficient resources to run I2P. Nevertheless you should at least setup the core settings bandwidth and connectivity on this page.

For more advanced setup and tweaks of your I2P router you need to select the links on the upper menu on http://127.0.0.1:7657/config.jsp site and adapt those settings to your needs and wishes.

configuration submenu

First point "Network" is already open and contains the bandwidth and connectivity settings you should already have aopted to your needs. Second point Service contains options to start and stop I2P and the setting to open a browser on startup. Next point Update tweaks the automatic update of your I2P router. Tunnels page let you tweak current destinations for active I2P session only. On clients page you are able to enable SAM bridge or disable unwanted webapps. Peers page is meant to manual adjust single values for single routers, including shitlisting. Keyring page prepares the functionality to encrypt your destination IDs and let user add a public key to local keyring. On logging page the behavior of the logs page is controlled. Same on stats page for stats logging and graphs. Last entry advanced finally shows you the box for all config line options.

iMule tips & tricks

iMule is a nice application to easy share files and be anonymous. But there were some questions left to be asked on forum over an over again which is why I setup this text. First rule: Do not run iMule with the internal router. Use the usual I2P router instead and enable the SAM bridge in I2P on your clients config page. Afterwards restart I2P with a click on the restart button. Second rule: Always use latest version. Current version is iMule 1.4.5.

After the first start of iMule you need to setup the config of iMule. Open the configuration settings and make your changes. E.g. set the number of tunnels to 2 and the number of hops to max 2 - even 1 is enough for iMule. Now decide which files and directories you want to share. iMule needs to hash the files and this action takes some time. Decide wisely which directory you want to share - do NOT share your complete c:\ drive on windows or your complete home directory on linux. The hashing of the files takes part after clicking on the OK button. It will take some time and on each restart iMule will check if those files are still available. Now it is time to restart iMule. After the restart all should be fine and iMule should connect itself to your running I2P router. If iMule does NOT connect to your I2P router, go and lookout for any hints on badness - e.g. I2P not up and running, firewall active on 127.0.0.1 or any other texts. Those will be shown in iMule in the lower text box in connection tab and in I2P under the logs page . A small badness on windows appears on every restart of iMule: left of the graph is another window just not big enough to be seen. It displays all the other routers in the kad database stats. Just click on the left border of the graph window under connection tab and drag it to the right.

Tips for running iMule:

  • the arrows are always red even if you are connected!
  • wait, wait, wait. It takes time after a first start to publish your hashes of your files into the kad database
  • search generic. iMule database is not really big but growing
  • you can chat with the other users!
Last modified 9 years ago Last modified on Jan 18, 2011 5:50:59 AM