Changes between Version 12 and Version 13 of faq


Ignore:
Timestamp:
Apr 9, 2010 11:10:36 AM (9 years ago)
Author:
duck
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • faq

    v12 v13  
    55''duck: section for the curious but unknowing potential users. shouldnt be too technical, just the first X questions that get asked by those not having used I2P before. I hate the title newbie though, too derogative''
    66
    7 * Why do I need I2P?
     7 * Why do I need I2P?
    88
    9 * I've heard of Tor. What's different about I2P? Should I use both?
     9 * I've heard of Tor. What's different about I2P? Should I use both?
    1010
    1111''duck: awesome question, needs to be compressed for maximum effect.''
    1212
    13 * What is the difference between I2P and Freenet.
     13 * What is the difference between I2P and Freenet.
    1414
    1515''duck: do people still know Freenet? couple years ago it was the privacy thing that everybody was aware of. any other (regional) candidates?''
    1616
    17 * Is it safe? Has the code been audited?
     17 * Whats an "eepsite"?
     18
     19 * Is it safe? Has the code been audited?
    1820
    1921''duck: splendid stuff, suggest rephrasing to atleast mention privacy / anonymity. safe is too generic.''
    20 
     22 
     23 * Is my router an "exit node" to the regular Internet? I don't want it to be.
     24 
     25 * I have a question!
     26 
    2127= Geek / Academic =
    2228
     
    2430powerusers but NOT developers.''
    2531
    26 * What crypto is used?
     32 * What crypto is used?
    2733 
    28 * How does I2P bootstrap?
     34 * How does I2P bootstrap?
    2935
    30 * How safe is this 'bootstrap' process?
     36 * How safe is this 'bootstrap' process?
    3137
    3238''duck: what is safe? who'd ask this question? not sure about this one''
    3339
    34 * What is a floodfill?
     40 * What is a floodfill?
    3541
    3642''duck: how will they know about floodfill? can we rephrase it elsewhere to make this floodfill clear at the first point of introduction.''
    3743
    38 * Will I2P be able to cope with a huge influx of new users? (Does it scale?)
     44 * Will I2P be able to cope with a huge influx of new users? (Does it scale?)
     45 
     46 * What ports does I2P use?
     47 
     48 * What happened to *.i2p.net? What happened to jrandom? Is I2P dead?
    3949
    4050= Paranoid =
    4151
    42 * How can I be sure I'm not being spied on?
     52 * How can I be sure I'm not being spied on?
    4353
    44 * Do they know I will be running I2P?
     54 * Do they know I will be running I2P?
     55 
     56 * Is using an outproxy safe?
    4557
    46 * Steganography rants
     58 * Steganography rants
    4759
    4860= Political / Ethical / Philosphical =
    4961
    50 * Isn't I2P encouraging copyright infringement?
     62 * Isn't I2P encouraging copyright infringement?
    5163
    52 * Criminal Activity (snuff/bestiality/cp/terrorism etc)
     64 * Criminal Activity (snuff/bestiality/cp/terrorism etc)
     65 
     66 * I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them?
    5367
    5468= Operation =
    5569
    56 == Problems ==
     70 * I'm missing lots of hosts in my addressbook. What are some good subscription links?
     71 
     72 * My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong?
    5773
    58 * I2P is running, but I can't get to my gmail (or other regular websites) .. (https://)
     74 * My router is using too much CPU?!?
     75 
     76 * My router has very few active peers, is this OK?
     77 
     78 * I can't access regular Internet sites through I2P.
     79 
     80 * I2P is running, but I can't get to my gmail (or other regular websites) .. (https://)
     81 
     82 * I can't access https:// or ftp:// sites through I2P.
     83 
     84 * How do I connect to IRC within I2P?
    5985
    60 * I have I2P running and I'm on #i2p (so I think I'm done setting up) but I can't load any eepsites (though I don't know I'm coming into irc through a changate)?
     86 * How do I access IRC, BitTorrent, or other services on the regular Internet?
     87
     88 * Most of the eepsites within I2P are down?
     89
     90 * How do I set up my own eepsite?
     91
     92 * Why is I2P so slow?
     93 
     94 * What do the Active x/y numbers mean in the router console?
     95
     96 * Is it possible to use I2P as a SOCKS proxy?
     97
     98 * How do I reseed manually?
     99
     100 * I think I found a bug, where can I report it?
     101
     102 * I have I2P running and I'm on #i2p (so I think I'm done setting up) but I can't load any eepsites (though I don't know I'm coming into irc through a changate)?
     103 
     104 ''duck: where is this question going?''
    61105
    62106== Configuration ==
    63107
    64 * Connect to router from the LAN
     108 * How can I access the web console from my other machines or password protect it?
    65109
    66 * Password protect the router
     110 * How can I use applications from my other machines?
    67111
    68 * Startup I2P automatically
     112 * How do I startup I2P automatically on boot time?
    69113
    70114= Other =
     
    72116''duck: I dont think these should be part of the I2P core FAQ.''
    73117
    74 * WTF is all this noise about Seedless?
     118 * Bittorrent / I2PSnark / Azureus I2P Plugin Questions?
    75119
    76 * I've heard a rumor of something called I2FS. What is it?
     120 * WTF is all this noise about Seedless?
    77121
    78 * IRC (Internet Relay Chat) is weird! What is a changate? Who is Fox? Who is CIA?
     122 * I've heard a rumor of something called I2FS. What is it?
    79123
    80 = CURRENT SITE FAQ =
    81 I2P - FREQUENTLY ASKED QUESTIONS
     124 * IRC (Internet Relay Chat) is weird! What is a changate? Who is Fox? Who is CIA?
    82125
    83 I think I found a bug, where can I report it? (link)
    84 
    85 Here are some places, pick one or more.
    86 
    87     * trac.i2p2.i2p ticket
    88     * forum.i2p
    89     * paste.i2p2.i2p and follow up on IRC #i2p
    90     * Discuss with the developers on IRC #i2p
    91 
    92 Please include relevant information from the router logs and wrapper logs.
    93 
    94 I'm missing lots of hosts in my addressbook. What are some good subscription links? (link)
    95 
    96 The default subscription is to http://www.i2p2.i2p/hosts.txt which is updated rarely. If you don't have another subscription, you may often have to use "jump" links which is annoying.
    97 
    98 Here are some other public addressbook subscription links. You may wish to add one or two to your susidns subscription list. You don't need to add all of them, as they sync with each other periodically. The links using a cgi-bin application employ various strategies to minimize the number of duplicate addresses delivered, so they should be more efficient. Note that subscribing to a hosts.txt service is an act of "trust", as a malicious subscription could give you incorrect addresses. So think about whether you want to trust any of these. The operators of these services may have various policies for listing hosts. Presence on this list does not imply endorsement.
    99 
    100     * http://i2host.i2p/cgi-bin/i2hostetag
    101     * http://stats.i2p/cgi-bin/newhosts.txt
    102     * http://tino.i2p/hosts.txt
    103 
    104 What happened to *.i2p.net? What happened to jrandom? Is I2P dead? (link)
    105 
    106 Jrandom was the lead developer of i2p and Syndie for several years. We expect jrandom to be absent for at least the remainder of 2008. The *.i2p.net domains were left in a non-functioning state after a power outage at the hosting company.
    107 
    108 See this page for jrandom's parting message and additional information on the migration of *.i2p.net to this website.
    109 
    110 I2P is not dead, it remains in active development and we anticipate several releases in 2009.
    111 My router is using too much CPU?!? (link)
    112 
    113 There are many possible causes of high CPU usage. Here is a checklist:
    114 
    115     * Are you using Sun Java or some other version? (type java -version at a command prompt to find out) We have several reports of high CPU usage when using other Java versions.
    116     * Are you running a BitTorrent client over i2p? Try reducing the number of torrents, the bandwidth limits, or try turning it off completely to see if that helps.
    117     * Are your bandwidth limits too high? Perhaps too much traffic is going through your computer, and it is overloaded. Try reducing share bandwidth percentage on config.jsp.
    118     * Are you running the latest version of I2P? Recent versions have several performance improvements and bug fixes.
    119     * Have you configured I2P with enough memory? Look at the memory graph on graphs.jsp to see if the memory usage is "pegged", which means the JVM is spending most of its time in garbage collection. Increase the wrapper.java.maxmemory setting in wrapper.config.
    120     * Is the CPU usage simply higher than you would like, or is it pegged at 100% for a long time? If it's pegged, this could be a bug. Look in the logs for clues.
    121     * You may be using the Java-based BigInteger library instead of the native version, especially if you are running on a new or unusual OS or hardware (64-bit, OS X, OpenSolaris, etc.). See the jbigi page for instructions on diagnosing, building, and testing methods.
    122     * If your native jbigi library is working fine, the biggest user of CPU may be routing traffic for participating tunnels. This uses CPU because at each hop a layer of encryption must be decoded. You can limit participating traffic in two ways - by reducing the share bandwidth on config.jsp, or by setting router.maxParticipatingTunnels=nnn on configadvanced.jsp.
    123 
    124 I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them? (link)
    125 
    126 Hmm. I2P is an anonymous network, so that's a tricky one. I2P is designed for everyone and not to censor out some/any kind of data. The best way to keep your PC free of (encrypted) traffic you dislike is to not use I2P. Freedom of speech has some costs. But let's address your question in three parts:
    127 
    128     * Distribution - All traffic on I2P is encrypted in multiple layers. You don't know a message's contents, source, or destination. All traffic you route is internal to the I2P network, you are not an exit node (outproxy). Your only alternative is to refuse to route any traffic, by setting your share bandwidth or maximum participating tunnels to 0 (see above). It would be nice if you didn't do this, you should help the network by routing traffic for others. Over 95% of users route traffic for others.
    129     * Storage - I2P does not do distributed storage of content. You must be thinking of Freenet. You are not storing anybody else's content.
    130     * Access - If there are some eepsites you don't like, don't go there. Or, use a blocking proxy like Privoxy or some type of "net nanny".
    131 
    132 My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong? (link)
    133 
    134 No. This is normal. All routers adjust dynamically to changing network conditions and demands.
    135 My router has been up for several minutes and has zero or very few connections (link)
    136 
    137 The reseed URL has changed. If this is your first install and you have installed an old (0.6.1.30 or earlier) release, or you have not run I2P in a long time, you must change the URL and then click "Reseed" on the console to find other routers. After your router is running, on configadvanced.jsp, add the line i2p.reseedURL=http://netdb.i2p2.de/ OR i2p.reseedURL=http://i2pdb.tin0.de/netDb/ (either should work), then click "Apply", then click the "reseed" link on the left.
    138 
    139 This works if you are running 0.6.1.27 or later. If you are running release 0.6.1.31 or later, you probably don't need to do this. If you are running release 0.6.1.26 or earlier, either follow the manual reseed instructions below or install the latest release. Possible alternate method - add wrapper.java.additional.5=-Di2p.reseedURL=http://netdb.i2p2.de/ to wrapper.config, shutdown the router completely, then start again, then click "reseed". Let us know if this works.
    140 My router has very few active peers, is this OK? (link)
    141 
    142 If it has 10 or more, it is OK. Changes in releases 0.6.1.31 and 0.6.1.32 improved the efficiency of the router and effectively reduced the number of active peers. The router should maintain connections to a few peers at all times. The best way to stay "better-connected" to the network is to share more bandwidth.
    143 Is my router an "exit node" to the regular Internet? I don't want it to be. (link)
    144 
    145 No. Unlike Tor, "exit nodes" or "outproxies" are not an inherent part of the network. Only volunteers who set up and run separate applications will relay traffic to the regular Internet. There are very very few of these.
    146 I can't access regular Internet sites through I2P. (link)
    147 
    148 See above. There are very few HTTP "outproxies", they are not an inherent part of the network, and they may not be up. In addition, the old outproxies squid.i2p, true.i2p, and krabs.i2p have vanished. The only outproxy at the moment is false.i2p. To use it, edit your i2ptunnel settings for eepProxy and set your outproxy list to 'false.2p' (only). Then stop and restart the eepProxy. If it doesn't work, the outproxy is not up. It is not I2P's fault. If your primary reason to use an anonymous network is to anonymously access sites on the regular Internet, you should probably try Tor.
    149 I can't access https:// or ftp:// sites through I2P. (link)
    150 
    151 Within I2P, there is no need for HTTPS, as all traffic is encrypted end-to-end. FTP is not supported for technical reasons.
    152 
    153 For HTTPS or FTP access to the regular Internet, there are no HTTPS or FTP "outproxies". HTTPS is possible if somebody would like to set one up. FTP is probably not. Actually, just about any other sort of outproxy might work, try setting it up with a standard tunnel and see. As explained several times above, outproxies of any type are not a core part of the network, they are services run by individuals and they may or may not be operational at any given time. If you would like to set up some type of outproxy, carefully research the potential risks. The I2P community may or may not be able to help with the technical aspects, feel free to ask.
    154 Is using an outproxy safe? (link)
    155 
    156 You have to decide for yourself. It depends on what you are doing, your threat model, and how much you trust the outproxy operator.
    157 
    158 Like Tor, I2P does not magically encrypt the Internet. You are vulnerable to snooping by the outproxy operator. The Tor FAQ does a good job of explaining this. There is no HTTPS outproxy in I2P, and you cannot hide your traffic from an HTTP outproxy operator.
    159 
    160 In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels ("shared clients"). There is additional discussion about this on zzz.i2p.
    161 How do I access IRC, BitTorrent, or other services on the regular Internet? (link)
    162 
    163 You can't. Somebody must set up an outproxy for each service. There are only two types of outproxies running right now: HTTP and email. There is no SOCKS outproxy. If you need this you should probably try Tor.
    164 Most of the eepsites within I2P are down? (link)
    165 
    166 If you consider every eepsite that has ever been created, yes, most of them are down. People and eepsites come and go. A good way to get started in I2P is check out a list of eepsites that are currently up. inproxy.tino.i2p and perv.i2p track active eepsites.
    167 How do I set up my own eepsite? (link)
    168 
    169 Click on the My Eepsite Link on the top of your router console for instructions.
    170 Why is I2P so slow? (link)
    171 
    172 Why are downloads, torrents, web browsing, and everything else so slow on I2P? The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth. Anonymity isn't free.
    173 
    174 In addition, you and everybody else probably need to increase your bandwidth limits. Two key settings are the inbound and outbound bandwidth limiters on the configuration page. With the default settings of 32KBps you will generally get no better than 15KBps data transfer in I2PSnark. Increasing the settings (but keeping within your actual connection limitations) will increase the potential transfer rate for I2PSnark and all other applications.
    175 
    176 Also, do you have sufficient share bandwidth configured to allow participating tunnels to route through your router? Believe it or not, allowing participating traffic keeps you well-integrated in the network and helps your own transfer speeds.
    177 
    178 I2P is a work in progress. Lots of improvements and fixes are being implemented, and generally speaking, running the latest release will help your performance. If you haven't, install the latest release.
    179 Bittorrent / I2PSnark / Azureus I2P Plugin Questions? (link)
    180 
    181 See the I2P Bittorrent FAQ (outside I2P)
    182 How do I connect to IRC within I2P? (link)
    183 
    184 On the I2PTunnel configuration page, start the ircProxy. Then tell your IRC client to connect to localhost port 6668.
    185 How can I access the web console from my other machines or password protect it? (link)
    186 
    187 For security purposes, the router's admin console by default only listens for connections on the local interface. However, with a little hacking, you can make it reachable remotely:
    188 
    189    1. Open up clients.config and replace
    190       clientApp.0.args=7657 127.0.0.1 ./webapps/
    191       with
    192       clientApp.0.args=7657 0.0.0.0 ./webapps/
    193    2. Go to http://localhost:7657/configadvanced.jsp and add a new option: consolePassword=foo (or whatever password you want)
    194    3. Go to http://localhost:7657/index.jsp and hit "Graceful restart", which restarts the JVM and reloads the client applications
    195 
    196 After that fires up, you should now be able to reach your console remotely. You will be prompted for a username and password though - the username is "admin" and the password is whatever you specified in step 2 above. Note: the 0.0.0.0 above specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP.
    197 How can I use applications from my other machines? (link)
    198 
    199 By default, the router I2CP interface (port 7654) binds to address 127.0.0.1. To bind to 0.0.0.0, set the router advanced configuration option i2cp.tcp.bindAllInterfaces=true and restart.
    200 Whats an "eepsite"? (link)
    201 
    202 An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444), and browsing to the site.
    203 What do the Active x/y numbers mean in the router console? (link)
    204 
    205 x is the number of peers you've sent or received a message from successfully in the last minute, y is the number of peers seen in the last hour or so.
    206 Is it possible to use I2P as a SOCKS proxy? (link)
    207 
    208 The SOCKS proxy is working as of release 0.7.1. SOCKS 4/4a/5 are supported. There is no SOCKS outproxy so it is of limited use.
    209 
    210 In addition, many applications leak sensitive information that could identify you on the Internet. I2P only filters connection data, but if the program you intend to run sends this information as content, I2P has no way to protect your anonymity. For example, some mail applications will send the IP address of the machine they are running on to a mail server. There is no way for I2P to filter this, thus using I2P to 'socksify' existing applications is possible, but extremely dangerous.
    211 
    212 If you would like more information on the socks proxy application anyway, there are some helpful hints on the socks page.
    213 What ports does I2P use? (link)
    214 
    215 Okay, here's a rundown of the default ports (everything is configurable through various settings, of course):
    216 
    217     * Internet-facing ports Note: New installs as of release 0.7.8 do not use port 8887; they select a random port between 9000 and 32000 when the program is run for the first time. The selected port is shown on the router configuration page.
    218           o Outbound UDP from the random port noted on the configuration page to arbitrary remote UDP ports, allowing replies
    219           o Outbound TCP from random high ports to arbitrary remote TCP ports
    220           o (optional, but recommended) Inbound UDP to the port noted on configuration page from arbitrary locations
    221           o (optional, but recommended) Inbound TCP to the port noted on configuration page from arbitrary locations
    222             Inbound TCP may be disabled on the configuration page.
    223           o Outbound UDP on port 123, allowing replies
    224             This is necessary for I2P's internal time sync (via SNTP - querying a random SNTP host in pool.ntp.org or another server you specify)
    225 
    226     * Local I2P ports, listening only to local connections by default, except where noted:
    227           o 1900: UPnP SSDP UDP multicast listener. Cannot be changed. Binds to all interfaces. May be disabled on config.jsp.
    228           o 2827: BOB bridge, a higher level socket API for clients Disabled by default. May be enabled/disabled on configclients.jsp. May be changed in the bob.config file.
    229           o 4444: HTTP proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
    230           o 6668: IRC proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
    231           o 7652: UPnP HTTP TCP event listener. Binds to the LAN address. May be changed with advanced config i2np.upnp.HTTPPort=nnnn. May be disabled on config.jsp.
    232           o 7653: UPnP SSDP UDP search response listener. Binds to all interfaces. May be changed with advanced config i2np.upnp.SSDPPort=nnnn. May be disabled on config.jsp.
    233           o 7654: I2P Client Protocol port, used by client apps. May be changed with the advanced configuration option i2cp.port but this is not recommended. May be changed to bind to all interfaces with the advanced configuration option i2cp.tcp.bindAllInterfaces=true. May be changed to bind to a specific interface with the advanced configuration option i2cp.hostname=1.2.3.4.
    234           o 7655: UDP for SAM bridge, a higher level socket API for clients Only opened when a SAM V3 client requests a UDP session. May be enabled/disabled on configclients.jsp. May be changed in the clients.config file with the SAM command line option sam.udp.port=nnnn.
    235           o 7656: SAM bridge, a higher level socket API for clients Disabled by default for new installs as of release 0.6.5. May be enabled/disabled on configclients.jsp. May be changed in the clients.config file.
    236           o 7657: Your router console May be disabled in the clients.config file. May also be configured to be bound to a specific interface or all interfaces in that file.
    237           o 7658: Your eepsite May be disabled in the clients.config file. May also be configured to be bound to a specific interface or all interfaces in the jetty.xml file.
    238           o 7659: Outgoing mail to smtp.postman.i2p May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
    239           o 7660: Incoming mail from pop.postman.i2p May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
    240           o 8998: mtn.i2p2.i2p (Monotone - disabled by default) May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.
    241           o 32000: local control channel for the service wrapper
    242 
    243 The local I2P ports and the I2PTunnel ports do not need to be reachable from remote machines, but *should* be reachable locally. You can also create additional ports for I2PTunnel instances via http://localhost:7657/i2ptunnel/ (and in turn, would need to get your firewall to allow you local access, but not remote access, unless desired).
    244 
    245 So, to summarize, nothing needs to be reachable by unsolicited remote peers, but if you can configure your NAT/firewall to allow inbound UDP and TCP to port 8887, you'll get better performance. You will also need to be able to send outbound UDP packets to arbitrary remote peers (blocking IPs randomly with something like PeerGuardian only hurts you - don't do it).
    246 How do I reseed manually? (link)
    247 
    248 An I2P router only needs to reseed once, to join the network for the first time. Reseeding is nothing more than sending plain HTTP GET requests to fetch a directory listing and download multiple "routerInfo" files from a predefined reseed URL.
    249 
    250 A typical symptom of a failed reseed is the "Known" indicator (on the left sidebar of the router console) displaying a very small value (often less than 5) which does not increase. This can occur, among other things, if your firewall limits outbound traffic, and blocked the reseed request.
    251 
    252 To reseed an I2P router manually, do the following:
    253 
    254     * Stop your I2P router
    255     * Open http://i2pdb.tin0.de/netDb/ or http://netdb.i2p2.de/ using a web browser
    256     * Save a dozen "routerInfo" files to your I2P "netDb" directory (ignore the "leaseSet" files)
    257     * Alternate method (easier): Download http://i2pdb.tin0.de/latest.zip and unzip it into your I2P "netDb" directory.
    258     * Start your I2P router
    259 
    260 I have a question! (link)
    261 
    262 Great! Find us on IRC irc.freenode.net #i2p or post to the forum and we'll post it here (with the answer, hopefully).
    263