Changes between Version 3 and Version 4 of Ticket #2224, comment 4


Ignore:
Timestamp:
Jun 1, 2018 12:54:30 PM (11 months ago)
Author:
slumlord
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #2224, comment 4

    v3 v4  
    444444            any LAN/WAN IP. Be careful when using this option as the console
    445445            will be available on ALL addresses configured on your system.
     446
     44721 - How can I use applications from my other machines?
     448
     449  Please see the previous answer for instructions on using SSH Port Forwarding,
     450  and also see this page in your console: http://localhost:7657/configi2cp
     451
     45222 - Whats an "eepsite"?
     453
     454  An eepsite is a website that is hosted anonymously, a hidden service which is
     455  accessible through your web browser. It can be accessed by setting your web
     456  browser's HTTP proxy to use the I2P web proxy (typically it listens on
     457  localhost port 4444), and browsing to the site.
     458
     45923 - How do I configure my browser?
     460
     461  The proxy config for different browsers is on a separate page with screenshots.
     462  More advanced configs with external tools, such as the browser plug-in
     463  FoxyProxy or the proxy server Privoxy, are possible but could introduce leaks
     464  in your setup.
     465
     46624 - What do the Active x/y numbers mean in the router console?
     467
     468  x is the number of peers you've sent or received a message from successfully
     469  in the last minute, y is the number of peers seen in the last hour or so. Try
     470  hovering your cursor over the other lines of information for a brief
     471  description.
     472
     47325 - Is it possible to use I2P as a SOCKS proxy?
     474
     475  The SOCKS proxy has been functional since release 0.7.1. SOCKS 4/4a/5 are
     476  supported. I2P does not have a SOCKS outproxy so it is limited to use within
     477  I2P only.
     478
     479  Many applications leak sensitive information that could identify you on the
     480  Internet and this is a risk that one should be aware of when using the I2P
     481  SOCKS proxy. I2P only filters connection data, but if the program you intend to
     482  run sends this information as content, I2P has no way to protect your
     483  anonymity. For example, some mail applications will send the IP address of the
     484  machine they are running on to a mail server. There is no way for I2P to filter
     485  this, thus using I2P to 'socksify' existing applications is possible, but
     486  extremely dangerous.
     487
     488  If you would like more information on the socks proxy application anyway, there
     489  are some helpful hints on the socks page -
     490    http://i2p-projekt.i2p/en/docs/api/socks
     491
     49226 - What ports does I2P use?
     493
     494  The ports that are used by I2P can be divided into 2 sections:
     495  (1) Internet-facing ports, which are used for communication with other I2P
     496      routers
     497  (2) Local ports, for local connections
     498
     499  (1) Internet-facing ports Note: Since release 0.7.8, new installs do not use
     500  port 8887; a random port between 9000 and 31000 is selected when the program
     501  is run for the first time. The selected port is shown on the router
     502  configuration page.
     503     
     504      - OUTBOUND
     505        - UDP from the random port listed on the configuration page to
     506        arbitrary remote UDP ports, allowing for replies
     507        - TCP from random high ports to arbitrary remote TCP ports
     508        - Outbound UDP on port 123, allowing for replies.
     509        This is necessary for I2P's internal time sync (via SNTP -
     510        querying a random SNTP host in pool.ntp.org or another server you
     511        specify)
     512      - INBOUND
     513        - (Optional, recommended) UDP to the port noted on the
     514        configuration page from arbitrary locations
     515        - (Optional, recommended) TCP to the port noted on configuration
     516        page from arbitrary locations
     517        - Inbound TCP can be disabled on the configuration page
     518
     519  (2) Local I2P ports, listening only to local connections by default, except
     520      where noted: (to be formatted into table format)
     521     
     522      - 1900: UPnP SSDP UDP multicast listener. Cannot be changed. Binds to all
     523        interfaces. May be disabled on confignet.jsp.
     524      - 2827: BOB bridge, a higher level socket API for clients Disabled by
     525        default. May be enabled/disabled on configclients.jsp. May be changed
     526        in the bob.config file.
     527      - 4444: HTTP proxy May be disabled or changed on the i2ptunnel page in
     528        the router console. May also be configured to be bound to a specific
     529        interface or all interfaces.
     530      - 4445: HTTPS proxy May be disabled or changed on the i2ptunnel page in
     531        the router console. May also be configured to be bound to a specific
     532        interface or all interfaces.
     533      - 6668: IRC proxy May be disabled or changed on the i2ptunnel page in the
     534        router console. May also be configured to be bound to a specific
     535        interface or all interfaces.
     536      - 7652: UPnP HTTP TCP event listener. Binds to the LAN address. May be
     537        changed with advanced config i2np.upnp.HTTPPort=nnnn. May be disabled
     538        on confignet.jsp.
     539      - 7653: UPnP SSDP UDP search response listener. Binds to all interfaces.
     540        May be changed with advanced config i2np.upnp.SSDPPort=nnnn. May be
     541        disabled on confignet.jsp.
     542      - 7654: I2P Client Protocol port, used by client apps. May be changed to
     543        a different port on configclients.jsp but this is not recommended. May
     544        be to bind to a different interface or all interfaces, or disabled, on
     545        configclients.jsp.
     546      - 7655: UDP for SAM bridge, a higher level socket API for clients Only
     547        opened when a SAM V3 client requests a UDP session. May be
     548        enabled/disabled on configclients.jsp. May be changed in the
     549        clients.config file with the SAM command line option sam.udp.port=nnnn.
     550      - 7656: SAM bridge, a higher level socket API for clients Disabled by
     551        default for new installs as of release 0.6.5. May be enabled/disabled
     552        on configclients.jsp. May be changed in the clients.config file.
     553      - 7657: Your router console May be disabled in the clients.config file.
     554        May also be configured to be bound to a specific interface or all
     555        interfaces in that file.
     556      - 7658: Your eepsite May be disabled in the clients.config file. May also
     557        be configured to be bound to a specific interface or all interfaces in
     558        the jetty.xml file.
     559      - 7659: Outgoing mail to smtp.postman.i2p May be disabled or changed on
     560        the i2ptunnel page in the router console. May also be configured to be
     561        bound to a specific interface or all interfaces.
     562      - 7660: Incoming mail from pop.postman.i2p May be disabled or changed on
     563        the i2ptunnel page in the router console. May also be configured to be
     564        bound to a specific interface or all interfaces.
     565      - 8998: mtn.i2p2.i2p (Monotone - disabled by default) May be disabled or
     566        changed on the i2ptunnel page in the router console. May also be
     567        configured to be bound to a specific interface or all interfaces.
     568      - 31000: Local connection to the wrapper control channel port. Outbound
     569        to 32000 only, does not listen on this port. Starts at 31000 and will
     570        increment until 31999 looking for a free port. To change, see the
     571        wrapper documentation. For more information see below.
     572      - 32000: Local control channel for the service wrapper. To change, see
     573        the wrapper documentation. For more information see below.
     574
     575  The local I2P ports and the I2PTunnel ports do not need to be reachable from
     576  remote machines, but *should* be reachable locally. You can also create
     577  additional ports for I2PTunnel instances via http://localhost:7657/i2ptunnel/
     578  (and in turn, would need to get your firewall to allow you local access, but
     579  not remote access, unless desired).
     580
     581  So, to summarize, nothing needs to be reachable by unsolicited remote peers,
     582  but if you can configure your NAT/firewall to allow inbound UDP and TCP the
     583  outbound facing port, you'll get better performance. You will also need to be
     584  able to send outbound UDP packets to arbitrary remote peers (blocking IPs
     585  randomly with something like PeerGuardian only hurts you - don't do it).
     586
     58727 - Why is I2P listening on port 32000?
     588
     589  The Tanuki java service wrapper that we use opens this port—bound to
     590  localhost—in order to communicate with software running inside the JVM. When
     591  the JVM is launched it is given a key so it can connect to the wrapper. After
     592  the JVM establishes its connection to the wrapper, the wrapper refuses any
     593  additional connections.
     594
     595  More information can be found in the wrapper documentation.
     596
     59728 - How do I reseed manually?
     598
     599  An I2P router only needs to be seeded once, to join the network for the first
     600  time. Reseeding involves fetching multiple "RouterInfo" files (bundled into a
     601  signed zip-file) from at least two predefined server URLs picked from a
     602  volunteer-run group of clearnet HTTPS servers.
     603
     604  A typical symptom of a failed reseed is the "Known" indicator (on the left
     605  sidebar of the router console) displaying a very small value (often less than
     606  5) which does not increase. This can occur, among other things, if your local
     607  firewall limits outbound traffic or if the reseed request is blocked entirely.
     608
     609  If you are stuck behind an ISP firewall or filter, you can use the following
     610  manual method (non-automated technical solution) to join the I2P network.
     611
     612  As of release 0.9.33, you may also configure your router to reseed through a
     613  proxy. Go to http://localhost:7657/configreseed and configure the proxy type,
     614  hostname, and port.
     615
     616  Joining the I2P Network using a reseed file
     617
     618    Please contact a known trustworthy friend who has a running I2P router, and
     619    ask them for help with reseeding your I2P router. Request that they send
     620    you a reseed file exported from their running I2P router. It is vital that
     621    the file is exchanged over a secure channel, e.g. encrypted to avoid
     622    external tampering (PGP Sign, Encrypt and Verified with a trusted public
     623    key). The file itself is unsigned, so please accept files only from known
     624    trusted friends. Never import a reseed file if you can not verify its
     625    source.
     626
     627    To import the received i2preseed.zip file into your local I2P router:
     628
     629      - Go to http://localhost:7657/configreseed
     630      - Under "Manual Reseed from File" click "Browse..."
     631      - Select the i2preseed.zip file
     632      - Click "Reseed from File"
     633
     634    Check the log for the following message: Reseed got 100 router infos from
     635    file with 0 errors
     636
     637  Sharing a reseed file
     638
     639    For trusted friends you can use your local I2P router to give them a jump
     640    start:
     641
     642      - Go to http://localhost:7657/configreseed
     643      - Under "Create Reseed File" click "Create reseed file"
     644      - Securely send the i2preseed.zip file to your friend
     645
     646  Do not reveal this file in any case to unknown users, since it contains
     647  sensitive private data (100 RouterInfo) from your own I2P router! In order to
     648  protect your anonymity: you may wait a few random hours/days before you share
     649  the file with your trusted friend. It is also advisable to use this procedure
     650  sparingly (< 2 per week).
     651
     652  General guidelines for manual reseeding of I2P
     653
     654    - Do not publicly publish the reseed file or share these files with a
     655      friend of a friend!
     656    - This file should be used only for a very limited number of friends (< 3)!
     657    - The file is valid only a few days (< 20)!
     658
     65929 - In wrapper.log I see an error that states "Protocol family unavailable" when
     660     loading the Router Console
     661
     662  Often this error will occur with any network enabled java software on some
     663  systems that are configured to use IPv6 by default. There are a few ways to
     664  solve this:
     665
     666    - On Linux based systems, you can echo 0 > /proc/sys/net/ipv6/bindv6only
     667    - Look for the following lines in wrapper.config.
     668    - #wrapper.java.additional.5=-Djava.net.preferIPv4Stack=true
     669    - #wrapper.java.additional.6=-Djava.net.preferIPv6Addresses=false
     670
     671    If the lines are there, uncomment them by removing the "#"s. If the lines
     672    are not there, add them without the "#"s.
     673
     674  Another option would be to remove the ::1 from ~/.i2p/clients.config
     675
     676  WARNING: For any changes to wrapper.config to take effect, you must
     677  completely stop the router and the wrapper. Clicking Restart on your router
     678  console will NOT reread this file! You must click Shutdown, wait 11 minutes,
     679  then start I2P.
     680
     68130 - Is installing Java required to use I2P?
     682
     683  While the main I2P client implementation requires Java, there are several
     684  alternative clients which don't require Java.
     685    http://i2p-projekt.i2p/en/about/alternative-clients
     686
     68731 - I have a question!
     688
     689  Great! Find us on IRC:
     690    - irc.freenode.net #i2p
     691    - IRC2P #i2p
     692  or post to the forum and we'll post it here (with the answer, hopefully).
     693    - https://i2pforum.net/
     694    - http://i2pforum.i2p/
     695
    446696}}}