wiki:I2Pguide

Echelon's Guide to I2P, v0.3

for all users

After a while on I2P and a lot of time in #i2p-chat I saw more help and information is needed for the users of I2P. Until the official homepage is redone this guide will show you basic information and extended knowledge to use and understand I2P better. I2P

I2P is a solution to provide anonymous communication in the non-anonymous Internet. To accomplish that goal it uses different techniques like encryption and routing data via other users of I2P.

  • Preface - important to read
  • General information
  • Router information - description of the left-hand menu
  • Head menu - description of the head menu
  • Bandwidth - basic information for bandwidth settings
  • Configuration - overview over all configuration pages
  • iMule - tips and tricks to iMule

Preface

Facts that you must know about I2P

  1. There is NO 100% anonymity!

I2P just tries to reach as near as it could get up to 100% and still be usable by the users.

  1. I2P does not hide the fact you run I2P (it does NOT hide the IP address)!

I2P tries to get rid of the binding IP-destination (service). E.G. you could see all the IPs of the users who run I2P and you get the so called "destination ID" of a service. But you cannot determine which user (which IP or router) runs which destination.

  1. Building up this anonymity costs bandwidth!

Although I2P is P2P friendly you will hardly get faster speeds than 20-40 kb/sec on a single connection. That's due to the fact of I2P techniques of being anonymous. Do not expect RAW line speeds on I2P!

  1. The I2P net is very dynamic.

If you get decent speed for a download right now, it will change the next 10 minutes. Users join and leave - the more users share bandwidth to I2P, the better the experience for each of them will be.

  1. I2P needs special adapted software!

As basically all existent software is not aware of anonymity (e.g. browsers send out their version and other information to the Internet), I2P needs special adapted software. There is already a wide bunch of adapted software available to be used within I2P (look on my eepsite).

  1. I2P is closed-network!

The I2P team (which is not paid for the job it does) does not want to burden the risk of being a outproxy into the usual Internet upon every user of I2P. E.g. the risk of being a open proxy for spam emails or DOS attacks of websites or other users browsing illegal web pages through their router. That's why I2P works ONLY in its own network. You cannot get P2P data from usual network/trackers/web pages.

Router information

Description of the left-hand menu in router console

In this status console window you will always see life statistics of your running I2P session.

left menu

I2P - the link under the picture will bring you back to start page of your router

Configuration - important configurations for your I2P router Help - some basic help links

Ident - your identification of your I2P router. DO NOT PUBLISH IT! It is bound to your IP. Version - running I2P version, should be at least 0.7.2 Uptime - I2P running time Now - actual time - sync your clock with ntp. If time differs to much (5 min) your I2P will suffer badly Reachability - reachability of your I2P ports, discovered by other I2P routers connecting to them

restart/shutdown - buttons to restart or shutdown I2P nicely. Does not accept new tunnels and wait 11 minutes until all old tunnels are timed out

Peers - list of active UDP/NTCP connection Active - count of I2P routers yours had connection with in 5 min/60 min rate Fast - number of routers in fast tier (see Profiles) High capacity - number of routers in high capacity tier Well integrated - number of known well integrated routers Known - number of seen different router IDs in last 24h

Bandwidth rates of speed in 1s average, 5 min and over all uptime of running session Used - total amount of data sent and received in active session by I2P router

Local destinations list of active destinations (server and clients) on local I2P router. e.g. *shared clients - pool of tunnel for applications not running on separate destinations *echelon.i2p - in this case my eepsite echelon.i2p

At least the shared clients destination should be up after router startup.

Tunnels in/out Exploratory - number of active exploratory tunnels (see further down for tunnel information) Client - number of active client tunnels Participating - number of routed tunnels (not starting or ending at one of your destinations)

Congestion Job lag - time waiting for a job to be fulfilled, should be as low as possible Message delay - delay until a message is send out of I2P Tunnel lag - round trip time on tunnels Handle backlog - number of jobs waiting to be fulfilled, should be 0 Rejecting tunnels - reason why no new participating tunnels are accepted

Configuration

The configuration of your I2P is not a trivial job and takes some time and knowledge to do it the perfect way. For luck I2P runs fairly well in default setup - as long as your PC have sufficient resources to run I2P. Nevertheless you should at least setup the core settings bandwidth and connectivity on this page.

For more advanced setup and tweaks of your I2P router you need to select the links on the upper menu on http://127.0.0.1:7657/config.jsp site and adapt those settings to your needs and wishes.

configuration submenu

First point "Network" is already open and contains the bandwidth and connectivity settings you should already have adopted to your needs. Second point Service contains options to start and stop I2P and the setting to open a browser on startup. Next point Update tweaks the automatic update of your I2P router. Tunnels page let you tweak current destinations for active I2P session only. On clients page you are able to enable SAM bridge or disable unwanted webapps. Peers page is meant to manual adjust single values for single routers, including shit-listing. Keyring page prepares the functionality to encrypt your destination IDs and let user add a public key to local keyring. On logging page the behaviour of the logs page is controlled. Same on stats page for stats logging and graphs. Last entry advanced finally shows you the box for all config line options.

Connectivity

On this page you set all the connectivity options and transports for your I2P router. It has been made fairly easy with UPnP in version 0.7.4 and above - default settings are fine for nearly all users and UPnP pokes a hole into firewalls. Nevertheless you can disable UPnP and make all settings as you like. Remember to click on "Save changes" to save all changes you made on this page. You need to restart I2P for this changes to take effect! First box is set by default and enables UPnP, the link behind shows you the actual state of UPnP. Remove the check will disable UPnP. The IP configuration will try to guess your external reachable IP address and use this and the default port to connect to other I2P nodes, and to let other I2P nodes connect to your node. The options are quite self explaining:

  • use all automatic - let I2P get IP and port on its own
  • disable UPnP IP address detection - IP address is not detected by UPnP
  • Ignore local interface IP address - local IP addresses like 192.168.0.1 will be ignored
  • Use SSU IP address detection only - IP address is only detected by SSU
  • Specify hostname or IP - you can set your IP address or hostname (dyndns) by hand in this box
  • hidden mode - your router will not publish any IP reachability information into the net, it will prevent participating traffic on your router, setting this option will restart your I2P router

UDP configuration will only let you select the port on which other I2P routers could connect to your I2P router via the UDP transport.

TCP configuration is nearly the same as IP configuration.

  • use auto-detected IP address - will detect and list your IP address here
  • always use auto-detected IP address - will use always auto detected IP address and will result in the not-firewalled mode.
  • specify hostname or IP - set your IP by hand in this box if auto detected IP is the wrong one, dyndns is fine, to.
  • disable inbound - disables your inbound TCP transport which results in the firewalled mode - no other I2P router connects to your TCP port.
  • completely disable - disables out and incoming TCP connects, setting this option will restart your I2P router.

As for TCP port selection you can select the same port as for UDP or you can enter a specific port on which other routers connect via TCP transport to your router.

In quite common setups the default settings of port 8887 and all other on auto with UPnP active is the best solution. Changing the ports will let to be your router be unique - mostly all routers use the default ports, a different port makes you be seen easy. The specify IP by hand for IP and TCP is only useful if you got more than one interface in your setup and you want I2P to bind to one special. The hidden mode is kinda special. Remember one of the main points on the preface site - I2P does NOT hide your IP. It publishes your IP and port information to the other routers for them to be able to connect to your router. This information is needed to built up a network and route tunnels via reachable routers. Nevertheless you can prohibit the distribution of your IP/port information and use only the information you get from first preseeding and on connecting to the routers you got from preseeding. This will NOT prohibit the routers you connect to from getting known of the fact you are connecting to them, but your IP/port will not be distributed across other routers and no other router will connect to you and will not try to route participating traffic across your router. The hidden node breaks a important part of the network for your router and will reduce the speed with which you participate in the I2P network and it will not cover your traffic with some participating traffic by other users.

Bandwidth settings

limits and transfers

The bandwidth settings are on upper part of the page http://127.0.0.1:7657/config.jsp which will appear after hitting the Configuration link in left-hand status console menu. It looks like: bandwidth

Setup your bandwidth wisely - I2P will use a lot of bandwidth if you do not limit it. Know your line speed! Your line speed is shown on your dsl or cable modem information page or in your contract with your internet provider.

Note to following terms: I use old ones, I do not like the SI terms. But for your convenience I tell you: Mbit = MiBit? kbit = KiBit? kbyte = KiByte?

To calculate those values, just devide the Mbit value by 8 and you get the MByte value. And 1024 kByte are 1 MByte.

Most common terms for internet lines are: 64 kbit roughly 8 kbyte/sec 0.008 MB/sec 512 kbit roughly 50 kbyte/sec 0.050 MB/sec 1 Mbit roughly 10 kbyte/sec 0.1 MB/sec 10 Mbit roughly 1100 kbyte/sec 1 MB/sec 100 Mbit roughly 11000 kbyte/sec 11 MB/sec

For german DSL: 1000er roughly 100kb/sec 0.1 MB/sec 12000er roughly 200kb/sec 0.2 MB/sec 6000er roughly 600kb/sec 0.6 MB/sec 16000er roughly 1600kb/sec 1.6 MB/sec 50000er roughly 5000kb/sec 5 MB/sec

Set your bandwidth limits slightly under your line speed. This will not kill your line while heavy I2P usage. This setting for bandwidth is the first and last limiter after/ahead of your internet line. All I2P based traffic is limited by this setting. This includes the usual overhead, all data send/received by all I2P applications running on that router and the traffic routed for other routers (participating tunnels). Most of those applications got their own bandwidth limiter, but this one is the general one for everything together on your node!

The settings for bandwidth share describes how much of your bandwidth will be maximum allowed to be shared for participating tunnels (traffic that does not end or origin at your I2P router). In default setup own traffic (data that ends or origins at your router, e.g. if you visit eepsites or use torrents via I2P) will be preferred over shared bandwidth. It will cut down the shared bandwidth as long as you need the traffic local. But to always get a nice speed for own traffic and be nice to the I2P net, I prefer the setting of share like this: 100% if lowest bandwidth setting is >1024kb/sec

80% if lowest bandwidth setting is >30kb/sec 50% if lowest bandwidth setting is >16kb/sec

There is no shared bandwidth under 16kb/sec. This way it will left enough space for the I2P net not to kill participating tunnels if you need more bandwidth than usual.

Remember: I2P is a self containing network, all traffic produced by I2P must be routed via I2P routers. If you do not share any bandwidth, the others I2P routers need to take up that load! There are NO dedicated fast routing servers provided by the I2P team - the users itself are building the network. The more bandwidth is shared by single routers, the faster single transfers will happen!

Be careful with your traffic allotment of your provider - I2P will produce a lot of traffic if you will not limit it. Two ways to limit the bandwidth are included into I2P: One way is described above, the other one is by limiting the amount of participating tunnels your router accepts. I2P prefers tunnels over bandwidth - if needed I2P will build up more tunnels and reduce bandwidth on existent tunnels. If no tunnels can be built, users will not be able to setup a new destination and participate in I2P. To maintain a good experience for all users on I2P we need to cope with allowing enough tunnels to be build and let those tunnels get enough bandwidth.

Limit your participating tunnels on the configadvanced.jsp page with adding the line: router.maxParticipatingTunnels=500 Set the number to one of these values:

participating tunnels resulting bandwidth 3 2500 1500 kb/sec - high value with high CPU load! 1500 900 kb/sec 800 500 kb/sec 500 300kb/sec 200 150 kb/sec 150 70 kb/sec

Notice: even failed tunnel requests will result in a participating tunnel. Which results in far more participating tunnels unused than used if the network is under load.

It is wise to first limit the bandwidth and afterwards the participating tunnels, e.g. set some more participating tunnels and let I2P reach the bandwidth limit instead of the participating tunnels limit.

If you set your bandwidth limit higher than 1 MB/sec and participating tunnels over 3000 I2P will hardly reach your limits. I2P tries to spread the load upon a lot of capable routers and not to let one router get all tunnels (out for security and reliability reasons).

iMule tips & tricks

iMule is a nice application to easy share files and be anonymous. But there were some questions left to be asked on forum over an over again which is why I setup this text. First rule: Do not run iMule with the internal router. Use the usual I2P router instead and enable the SAM bridge in I2P on your clients config page. Afterwards restart I2P with a click on the restart button. Second rule: Always use latest version. Current version is iMule 1.4.5.

After the first start of iMule you need to setup the config of iMule. Open the configuration settings and make your changes. E.g. set the number of tunnels to 2 and the number of hops to max 2 - even 1 is enough for iMule. Now decide which files and directoris you want to share. iMule needs to hash the files and this action takes some time. Decide wisely which directory you want to share - do NOT share your complete c:\ drive on windows or your complete home directory on linux. The hashing of the files takes part after clicking on the OK button. It will take some time and on each restart iMule will check if those files are still available. Now it is time to restart iMule. After the restart all should be fine and iMule should connect itself to your running I2P router. If iMule does NOT connect to your I2P router, go and lookout for any hints on badness - e.g. I2P not up and running, firewall active on 127.0.0.1 or any other texts. Those will be shown in iMule in the lower text box in connection tab and in I2P under the logs page . A small badness on windows appears on every restart of iMule: left of the graph is another window just not big enough to be seen. It displays all the other routers in the kad database stats. Just click on the left border of the graph window under connection tab and drag it to the right.

Tips for running iMule:

  • the arrows are always red even if you are connected!
  • wait, wait, wait. It takes time after a first start to publish your hashes of your files into the kad database
  • search generic. iMule database is not really big but growing
  • you can chat with the other users!
Last modified 7 years ago Last modified on Jan 18, 2011 4:25:18 AM

Attachments (3)

Download all attachments as: .zip