Changes between Version 9 and Version 10 of faq


Ignore:
Timestamp:
Apr 9, 2010 10:14:12 AM (10 years ago)
Author:
anonymous
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • faq

    v9 v10  
    7777
    7878* IRC (Internet Relay Chat) is weird! What is a changate? Who is Fox? Who is CIA?
     79
     80= CURRENT SITE FAQ =
     81
     82Skip navigation
     83I2P Logo
     84FAQ
     85English Deutsch 中文 Français
     86Русский
     87Dark  Light
     88
     89Welcome to I2P
     90
     91Download
     92
     93News
     94 Announcements
     95 Meetings
     96 Roadmap
     97 Task list
     98
     99About I2P
     100 FAQ
     101 Forums
     102 Bounties
     103 Get involved
     104 Donate!
     105 I2P Team
     106 Hall of Fame
     107
     108Documentation
     109 How does it work?
     110 Tech intro
     111 Howto docs
     112 Applications
     113
     114Development
     115 API
     116 Licenses
     117 Trac
     118
     119Syndie
     120
     121Links
     122
     123Mirror
     124Mirror 2
     125Mirror 3
     126Secure Site
     127Secure Mirror
     128
     129Impressum
     130I2P - FREQUENTLY ASKED QUESTIONS
     131I think I found a bug, where can I report it? (link)
     132
     133Here are some places, pick one or more.
     134
     135    * trac.i2p2.i2p ticket
     136    * forum.i2p
     137    * paste.i2p2.i2p and follow up on IRC #i2p
     138    * Discuss with the developers on IRC #i2p
     139
     140Please include relevant information from the router logs and wrapper logs.
     141I'm missing lots of hosts in my addressbook. What are some good subscription links? (link)
     142
     143The default subscription is to http://www.i2p2.i2p/hosts.txt which is updated rarely. If you don't have another subscription, you may often have to use "jump" links which is annoying.
     144
     145Here are some other public addressbook subscription links. You may wish to add one or two to your susidns subscription list. You don't need to add all of them, as they sync with each other periodically. The links using a cgi-bin application employ various strategies to minimize the number of duplicate addresses delivered, so they should be more efficient. Note that subscribing to a hosts.txt service is an act of "trust", as a malicious subscription could give you incorrect addresses. So think about whether you want to trust any of these. The operators of these services may have various policies for listing hosts. Presence on this list does not imply endorsement.
     146
     147    * http://i2host.i2p/cgi-bin/i2hostetag
     148    * http://stats.i2p/cgi-bin/newhosts.txt
     149    * http://tino.i2p/hosts.txt
     150
     151What happened to *.i2p.net? What happened to jrandom? Is I2P dead? (link)
     152
     153Jrandom was the lead developer of i2p and Syndie for several years. We expect jrandom to be absent for at least the remainder of 2008. The *.i2p.net domains were left in a non-functioning state after a power outage at the hosting company.
     154
     155See this page for jrandom's parting message and additional information on the migration of *.i2p.net to this website.
     156
     157I2P is not dead, it remains in active development and we anticipate several releases in 2009.
     158My router is using too much CPU?!? (link)
     159
     160There are many possible causes of high CPU usage. Here is a checklist:
     161
     162    * Are you using Sun Java or some other version? (type java -version at a command prompt to find out) We have several reports of high CPU usage when using other Java versions.
     163    * Are you running a BitTorrent client over i2p? Try reducing the number of torrents, the bandwidth limits, or try turning it off completely to see if that helps.
     164    * Are your bandwidth limits too high? Perhaps too much traffic is going through your computer, and it is overloaded. Try reducing share bandwidth percentage on config.jsp.
     165    * Are you running the latest version of I2P? Recent versions have several performance improvements and bug fixes.
     166    * Have you configured I2P with enough memory? Look at the memory graph on graphs.jsp to see if the memory usage is "pegged", which means the JVM is spending most of its time in garbage collection. Increase the wrapper.java.maxmemory setting in wrapper.config.
     167    * Is the CPU usage simply higher than you would like, or is it pegged at 100% for a long time? If it's pegged, this could be a bug. Look in the logs for clues.
     168    * You may be using the Java-based BigInteger library instead of the native version, especially if you are running on a new or unusual OS or hardware (64-bit, OS X, OpenSolaris, etc.). See the jbigi page for instructions on diagnosing, building, and testing methods.
     169    * If your native jbigi library is working fine, the biggest user of CPU may be routing traffic for participating tunnels. This uses CPU because at each hop a layer of encryption must be decoded. You can limit participating traffic in two ways - by reducing the share bandwidth on config.jsp, or by setting router.maxParticipatingTunnels=nnn on configadvanced.jsp.
     170
     171I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them? (link)
     172
     173Hmm. I2P is an anonymous network, so that's a tricky one. I2P is designed for everyone and not to censor out some/any kind of data. The best way to keep your PC free of (encrypted) traffic you dislike is to not use I2P. Freedom of speech has some costs. But let's address your question in three parts:
     174
     175    * Distribution - All traffic on I2P is encrypted in multiple layers. You don't know a message's contents, source, or destination. All traffic you route is internal to the I2P network, you are not an exit node (outproxy). Your only alternative is to refuse to route any traffic, by setting your share bandwidth or maximum participating tunnels to 0 (see above). It would be nice if you didn't do this, you should help the network by routing traffic for others. Over 95% of users route traffic for others.
     176    * Storage - I2P does not do distributed storage of content. You must be thinking of Freenet. You are not storing anybody else's content.
     177    * Access - If there are some eepsites you don't like, don't go there. Or, use a blocking proxy like Privoxy or some type of "net nanny".
     178
     179My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong? (link)
     180
     181No. This is normal. All routers adjust dynamically to changing network conditions and demands.
     182My router has been up for several minutes and has zero or very few connections (link)
     183
     184The reseed URL has changed. If this is your first install and you have installed an old (0.6.1.30 or earlier) release, or you have not run I2P in a long time, you must change the URL and then click "Reseed" on the console to find other routers. After your router is running, on configadvanced.jsp, add the line i2p.reseedURL=http://netdb.i2p2.de/ OR i2p.reseedURL=http://i2pdb.tin0.de/netDb/ (either should work), then click "Apply", then click the "reseed" link on the left.
     185
     186This works if you are running 0.6.1.27 or later. If you are running release 0.6.1.31 or later, you probably don't need to do this. If you are running release 0.6.1.26 or earlier, either follow the manual reseed instructions below or install the latest release. Possible alternate method - add wrapper.java.additional.5=-Di2p.reseedURL=http://netdb.i2p2.de/ to wrapper.config, shutdown the router completely, then start again, then click "reseed". Let us know if this works.
     187My router has very few active peers, is this OK? (link)
     188
     189If it has 10 or more, it is OK. Changes in releases 0.6.1.31 and 0.6.1.32 improved the efficiency of the router and effectively reduced the number of active peers. The router should maintain connections to a few peers at all times. The best way to stay "better-connected" to the network is to share more bandwidth.
     190Is my router an "exit node" to the regular Internet? I don't want it to be. (link)
     191
     192No. Unlike Tor, "exit nodes" or "outproxies" are not an inherent part of the network. Only volunteers who set up and run separate applications will relay traffic to the regular Internet. There are very very few of these.
     193I can't access regular Internet sites through I2P. (link)
     194
     195See above. There are very few HTTP "outproxies", they are not an inherent part of the network, and they may not be up. In addition, the old outproxies squid.i2p, true.i2p, and krabs.i2p have vanished. The only outproxy at the moment is false.i2p. To use it, edit your i2ptunnel settings for eepProxy and set your outproxy list to 'false.2p' (only). Then stop and restart the eepProxy. If it doesn't work, the outproxy is not up. It is not I2P's fault. If your primary reason to use an anonymous network is to anonymously access sites on the regular Internet, you should probably try Tor.
     196I can't access https:// or ftp:// sites through I2P. (link)
     197
     198Within I2P, there is no need for HTTPS, as all traffic is encrypted end-to-end. FTP is not supported for technical reasons.
     199
     200For HTTPS or FTP access to the regular Internet, there are no HTTPS or FTP "outproxies". HTTPS is possible if somebody would like to set one up. FTP is probably not. Actually, just about any other sort of outproxy might work, try setting it up with a standard tunnel and see. As explained several times above, outproxies of any type are not a core part of the network, they are services run by individuals and they may or may not be operational at any given time. If you would like to set up some type of outproxy, carefully research the potential risks. The I2P community may or may not be able to help with the technical aspects, feel free to ask.
     201Is using an outproxy safe? (link)
     202
     203You have to decide for yourself. It depends on what you are doing, your threat model, and how much you trust the outproxy operator.
     204
     205Like Tor, I2P does not magically encrypt the Internet. You are vulnerable to snooping by the outproxy operator. The Tor FAQ does a good job of explaining this. There is no HTTPS outproxy in I2P, and you cannot hide your traffic from an HTTP outproxy operator.
     206
     207In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels ("shared clients"). There is additional discussion about this on zzz.i2p.
     208How do I access IRC, BitTorrent, or other services on the regular Internet? (link)
     209
     210You can't. Somebody must set up an outproxy for each service. There are only two types of outproxies running right now: HTTP and email. There is no SOCKS outproxy. If you need this you should probably try Tor.
     211Most of the eepsites within I2P are down? (link)
     212
     213If you consider every eepsite that has ever been created, yes, most of them are down. People and eepsites come and go. A good way to get started in I2P is check out a list of eepsites that are currently up. inproxy.tino.i2p and perv.i2p track active eepsites.
     214How do I set up my own eepsite? (link)
     215
     216Click on the My Eepsite Link on the top of your router console for instructions.
     217Why is I2P so slow? (link)
     218
     219Why are downloads, torrents, web browsing, and everything else so slow on I2P? The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth. Anonymity isn't free.
     220
     221In addition, you and everybody else probably need to increase your bandwidth limits. Two key settings are the inbound and outbound bandwidth limiters on the configuration page. With the default settings of 32KBps you will generally get no better than 15KBps data transfer in I2PSnark. Increasing the settings (but keeping within your actual connection limitations) will increase the potential transfer rate for I2PSnark and all other applications.
     222
     223Also, do you have sufficient share bandwidth configured to allow participating tunnels to route through your router? Believe it or not, allowing participating traffic keeps you well-integrated in the network and helps your own transfer speeds.
     224
     225I2P is a work in progress. Lots of improvements and fixes are being implemented, and generally speaking, running the latest release will help your performance. If you haven't, install the latest release.
     226Bittorrent / I2PSnark / Azureus I2P Plugin Questions? (link)
     227
     228See the I2P Bittorrent FAQ (outside I2P)
     229How do I connect to IRC within I2P? (link)
     230
     231On the I2PTunnel configuration page, start the ircProxy. Then tell your IRC client to connect to localhost port 6668.
     232How can I access the web console from my other machines or password protect it? (link)
     233
     234For security purposes, the router's admin console by default only listens for connections on the local interface. However, with a little hacking, you can make it reachable remotely:
     235
     236   1. Open up clients.config and replace
     237      clientApp.0.args=7657 127.0.0.1 ./webapps/
     238      with
     239      clientApp.0.args=7657 0.0.0.0 ./webapps/
     240   2. Go to http://localhost:7657/configadvanced.jsp and add a new option: consolePassword=foo (or whatever password you want)
     241   3. Go to http://localhost:7657/index.jsp and hit "Graceful restart", which restarts the JVM and reloads the client applications
     242
     243After that fires up, you should now be able to reach your console remotely. You will be prompted for a username and password though - the username is "admin" and the password is whatever you specified in step 2 above. Note: the 0.0.0.0 above specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP.
     244How can I use applications from my other machines? (link)
     245
     246By default, the router I2CP interface (port 7654) binds to address 127.0.0.1. To bind to 0.0.0.0, set the router advanced configuration option i2cp.tcp.bindAllInterfaces=true and restart.
     247Whats an "eepsite"? (link)
     248
     249An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444), and browsing to the site.
     250What do the Active x/y numbers mean in the router console? (link)
     251
     252x is the number of peers you've sent or received a message from successfully in the last minute, y is the number of peers seen in the last hour or so.
     253Is it possible to use I2P as a SOCKS proxy? (link)
     254
     255The SOCKS proxy is working as of release 0.7.1. SOCKS 4/4a/5 are supported. There is no SOCKS outproxy so it is of limited use.
     256
     257In addition, many applications leak sensitive information that could identify you on the Internet. I2P only filters connection data, but if the program you intend to run sends this information as content, I2P has no way to protect your anonymity. For example, some mail applications will send the IP address of the machine they are running on to a mail server. There is no way for I2P to filter this, thus using I2P to 'socksify' existing applications is possible, but extremely dangerous.
     258
     259If you would like more information on the socks proxy application anyway, there are some helpful hints on the socks page.
     260What ports does I2P use? (link)
     261
     262Okay, here's a rundown of the default ports (everything is configurable through various settings, of course):
     263
     264    * Internet-facing ports Note: New installs as of release 0.7.8 do not use port 8887; they select a random port between 9000 and 32000 when the program is run for the first time. The selected port is shown on the router configuration page.
     265          o Outbound UDP from the random port noted on the configuration page to arbitrary remote UDP ports, allowing replies
     266          o Outbound TCP from random high ports to arbitrary remote TCP ports
     267          o (optional, but recommended) Inbound UDP to the port noted on configuration page from arbitrary locations
     268          o (optional, but recommended) Inbound TCP to the port noted on configuration page from arbitrary locations
     269            Inbound TCP may be disabled on the configuration page.
     270          o Outbound UDP on port 123, allowing replies
     271            This is necessary for I2P's internal time sync (via SNTP - querying a random SNTP host in pool.ntp.org or another server you specify)
     272
     273    * Local I2P ports, listening only to local connections by default, except where noted:
     274          o 1900: UPnP SSDP UDP multicast listener. Cannot be changed. Binds to all interfaces. May be disabled on config.jsp.
     275          o 2827: BOB bridge, a higher level socket API for clients Disabled by default. May be enabled/disabled on configclients.jsp. May be changed in the bob.config file.
     276          o 4444: HTTP proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
     277          o 6668: IRC proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
     278          o 7652: UPnP HTTP TCP event listener. Binds to the LAN address. May be changed with advanced config i2np.upnp.HTTPPort=nnnn. May be disabled on config.jsp.
     279          o 7653: UPnP SSDP UDP search response listener. Binds to all interfaces. May be changed with advanced config i2np.upnp.SSDPPort=nnnn. May be disabled on config.jsp.
     280          o 7654: I2P Client Protocol port, used by client apps. May be changed with the advanced configuration option i2cp.port but this is not recommended. May be changed to bind to all interfaces with the advanced configuration option i2cp.tcp.bindAllInterfaces=true. May be changed to bind to a specific interface with the advanced configuration option i2cp.hostname=1.2.3.4.
     281          o 7655: UDP for SAM bridge, a higher level socket API for clients Only opened when a SAM V3 client requests a UDP session. May be enabled/disabled on configclients.jsp. May be changed in the clients.config file with the SAM command line option sam.udp.port=nnnn.
     282          o 7656: SAM bridge, a higher level socket API for clients Disabled by default for new installs as of release 0.6.5. May be enabled/disabled on configclients.jsp. May be changed in the clients.config file.
     283          o 7657: Your router console May be disabled in the clients.config file. May also be configured to be bound to a specific interface or all interfaces in that file.
     284          o 7658: Your eepsite May be disabled in the clients.config file. May also be configured to be bound to a specific interface or all interfaces in the jetty.xml file.
     285          o 7659: Outgoing mail to smtp.postman.i2p May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
     286          o 7660: Incoming mail from pop.postman.i2p May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
     287          o 8998: mtn.i2p2.i2p (Monotone - disabled by default) May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
     288          o 32000: local control channel for the service wrapper
     289
     290The local I2P ports and the I2PTunnel ports do not need to be reachable from remote machines, but *should* be reachable locally. You can also create additional ports for I2PTunnel instances via http://localhost:7657/i2ptunnel/ (and in turn, would need to get your firewall to allow you local access, but not remote access, unless desired).
     291
     292So, to summarize, nothing needs to be reachable by unsolicited remote peers, but if you can configure your NAT/firewall to allow inbound UDP and TCP to port 8887, you'll get better performance. You will also need to be able to send outbound UDP packets to arbitrary remote peers (blocking IPs randomly with something like PeerGuardian only hurts you - don't do it).
     293How do I reseed manually? (link)
     294
     295An I2P router only needs to reseed once, to join the network for the first time. Reseeding is nothing more than sending plain HTTP GET requests to fetch a directory listing and download multiple "routerInfo" files from a predefined reseed URL.
     296
     297A typical symptom of a failed reseed is the "Known" indicator (on the left sidebar of the router console) displaying a very small value (often less than 5) which does not increase. This can occur, among other things, if your firewall limits outbound traffic, and blocked the reseed request.
     298
     299To reseed an I2P router manually, do the following:
     300
     301    * Stop your I2P router
     302    * Open http://i2pdb.tin0.de/netDb/ or http://netdb.i2p2.de/ using a web browser
     303    * Save a dozen "routerInfo" files to your I2P "netDb" directory (ignore the "leaseSet" files)
     304    * Alternate method (easier): Download http://i2pdb.tin0.de/latest.zip and unzip it into your I2P "netDb" directory.
     305    * Start your I2P router
     306
     307I have a question! (link)
     308
     309Great! Find us on IRC irc.freenode.net #i2p or post to the forum and we'll post it here (with the answer, hopefully).
     310