wiki:faq

Version 10 (modified by anonymous, 10 years ago) (diff)

Additions and amendments to the site FAQ.

Curious Newbie

duck: section for the curious but unknowing potential users. shouldnt be too technical, just the first X questions that get asked by those not having used I2P before. I hate the title newbie though, too derogative

  • Why do I need I2P?
  • I've heard of Tor. What's different about I2P? Should I use both?

duck: awesome question, needs to be compressed for maximum effect.

  • What is the difference between I2P and Freenet.

duck: do people still know Freenet? couple years ago it was the privacy thing that everybody was aware of. any other (regional) candidates?

  • Is it safe? Has the code been audited?

duck: splendid stuff, suggest rephrasing to atleast mention privacy / anonymity. safe is too generic.

Geek / Academic

duck: section for those who have tried I2P, and are interested in the internals / limits, etc. powerusers but NOT developers.

  • What crypto is used?

  • How does I2P bootstrap?
  • How safe is this 'bootstrap' process?

duck: what is safe? who'd ask this question? not sure about this one

  • What is a floodfill?

duck: how will they know about floodfill? can we rephrase it elsewhere to make this floodfill clear at the first point of introduction.

  • Will I2P be able to cope with a huge influx of new users? (Does it scale?)

Paranoid

  • How can I be sure I'm not being spied on?
  • Do they know I will be running I2P?
  • Steganography rants

Political / Ethical / Philosphical

  • Isn't I2P encouraging copyright infringement?
  • CP

Operation

Problems

  • I2P is running, but I can't get to my gmail (or other regular websites) .. (https://)
  • I have I2P running and I'm on #i2p (so I think I'm done setting up) but I can't load any eepsites (though I don't know I'm coming into irc through a changate)?

Configuration

  • Connect to router from the LAN
  • Password protect the router
  • Startup I2P automatically

Other

duck: I dont think these should be part of the I2P core FAQ.

  • WTF is all this noise about Seedless?
  • I've heard a rumor of something called I2FS. What is it?
  • IRC (Internet Relay Chat) is weird! What is a changate? Who is Fox? Who is CIA?

CURRENT SITE FAQ

Skip navigation I2P Logo FAQ English Deutsch 中文 Français Русский Dark Light

Welcome to I2P

Download

News

Announcements Meetings Roadmap Task list

About I2P

FAQ Forums Bounties Get involved Donate! I2P Team Hall of Fame

Documentation

How does it work? Tech intro Howto docs Applications

Development

API Licenses Trac

Syndie

Links

Mirror Mirror 2 Mirror 3 Secure Site Secure Mirror

Impressum I2P - FREQUENTLY ASKED QUESTIONS I think I found a bug, where can I report it? (link)

Here are some places, pick one or more.

  • trac.i2p2.i2p ticket
  • forum.i2p
  • paste.i2p2.i2p and follow up on IRC #i2p
  • Discuss with the developers on IRC #i2p

Please include relevant information from the router logs and wrapper logs. I'm missing lots of hosts in my addressbook. What are some good subscription links? (link)

The default subscription is to http://www.i2p2.i2p/hosts.txt which is updated rarely. If you don't have another subscription, you may often have to use "jump" links which is annoying.

Here are some other public addressbook subscription links. You may wish to add one or two to your susidns subscription list. You don't need to add all of them, as they sync with each other periodically. The links using a cgi-bin application employ various strategies to minimize the number of duplicate addresses delivered, so they should be more efficient. Note that subscribing to a hosts.txt service is an act of "trust", as a malicious subscription could give you incorrect addresses. So think about whether you want to trust any of these. The operators of these services may have various policies for listing hosts. Presence on this list does not imply endorsement.

What happened to *.i2p.net? What happened to jrandom? Is I2P dead? (link)

Jrandom was the lead developer of i2p and Syndie for several years. We expect jrandom to be absent for at least the remainder of 2008. The *.i2p.net domains were left in a non-functioning state after a power outage at the hosting company.

See this page for jrandom's parting message and additional information on the migration of *.i2p.net to this website.

I2P is not dead, it remains in active development and we anticipate several releases in 2009. My router is using too much CPU?!? (link)

There are many possible causes of high CPU usage. Here is a checklist:

  • Are you using Sun Java or some other version? (type java -version at a command prompt to find out) We have several reports of high CPU usage when using other Java versions.
  • Are you running a BitTorrent client over i2p? Try reducing the number of torrents, the bandwidth limits, or try turning it off completely to see if that helps.
  • Are your bandwidth limits too high? Perhaps too much traffic is going through your computer, and it is overloaded. Try reducing share bandwidth percentage on config.jsp.
  • Are you running the latest version of I2P? Recent versions have several performance improvements and bug fixes.
  • Have you configured I2P with enough memory? Look at the memory graph on graphs.jsp to see if the memory usage is "pegged", which means the JVM is spending most of its time in garbage collection. Increase the wrapper.java.maxmemory setting in wrapper.config.
  • Is the CPU usage simply higher than you would like, or is it pegged at 100% for a long time? If it's pegged, this could be a bug. Look in the logs for clues.
  • You may be using the Java-based BigInteger? library instead of the native version, especially if you are running on a new or unusual OS or hardware (64-bit, OS X, OpenSolaris?, etc.). See the jbigi page for instructions on diagnosing, building, and testing methods.
  • If your native jbigi library is working fine, the biggest user of CPU may be routing traffic for participating tunnels. This uses CPU because at each hop a layer of encryption must be decoded. You can limit participating traffic in two ways - by reducing the share bandwidth on config.jsp, or by setting router.maxParticipatingTunnels=nnn on configadvanced.jsp.

I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them? (link)

Hmm. I2P is an anonymous network, so that's a tricky one. I2P is designed for everyone and not to censor out some/any kind of data. The best way to keep your PC free of (encrypted) traffic you dislike is to not use I2P. Freedom of speech has some costs. But let's address your question in three parts:

  • Distribution - All traffic on I2P is encrypted in multiple layers. You don't know a message's contents, source, or destination. All traffic you route is internal to the I2P network, you are not an exit node (outproxy). Your only alternative is to refuse to route any traffic, by setting your share bandwidth or maximum participating tunnels to 0 (see above). It would be nice if you didn't do this, you should help the network by routing traffic for others. Over 95% of users route traffic for others.
  • Storage - I2P does not do distributed storage of content. You must be thinking of Freenet. You are not storing anybody else's content.
  • Access - If there are some eepsites you don't like, don't go there. Or, use a blocking proxy like Privoxy or some type of "net nanny".

My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong? (link)

No. This is normal. All routers adjust dynamically to changing network conditions and demands. My router has been up for several minutes and has zero or very few connections (link)

The reseed URL has changed. If this is your first install and you have installed an old (0.6.1.30 or earlier) release, or you have not run I2P in a long time, you must change the URL and then click "Reseed" on the console to find other routers. After your router is running, on configadvanced.jsp, add the line i2p.reseedURL=http://netdb.i2p2.de/ OR i2p.reseedURL=http://i2pdb.tin0.de/netDb/ (either should work), then click "Apply", then click the "reseed" link on the left.

This works if you are running 0.6.1.27 or later. If you are running release 0.6.1.31 or later, you probably don't need to do this. If you are running release 0.6.1.26 or earlier, either follow the manual reseed instructions below or install the latest release. Possible alternate method - add wrapper.java.additional.5=-Di2p.reseedURL=http://netdb.i2p2.de/ to wrapper.config, shutdown the router completely, then start again, then click "reseed". Let us know if this works. My router has very few active peers, is this OK? (link)

If it has 10 or more, it is OK. Changes in releases 0.6.1.31 and 0.6.1.32 improved the efficiency of the router and effectively reduced the number of active peers. The router should maintain connections to a few peers at all times. The best way to stay "better-connected" to the network is to share more bandwidth. Is my router an "exit node" to the regular Internet? I don't want it to be. (link)

No. Unlike Tor, "exit nodes" or "outproxies" are not an inherent part of the network. Only volunteers who set up and run separate applications will relay traffic to the regular Internet. There are very very few of these. I can't access regular Internet sites through I2P. (link)

See above. There are very few HTTP "outproxies", they are not an inherent part of the network, and they may not be up. In addition, the old outproxies squid.i2p, true.i2p, and krabs.i2p have vanished. The only outproxy at the moment is false.i2p. To use it, edit your i2ptunnel settings for eepProxy and set your outproxy list to 'false.2p' (only). Then stop and restart the eepProxy. If it doesn't work, the outproxy is not up. It is not I2P's fault. If your primary reason to use an anonymous network is to anonymously access sites on the regular Internet, you should probably try Tor. I can't access https:// or ftp:// sites through I2P. (link)

Within I2P, there is no need for HTTPS, as all traffic is encrypted end-to-end. FTP is not supported for technical reasons.

For HTTPS or FTP access to the regular Internet, there are no HTTPS or FTP "outproxies". HTTPS is possible if somebody would like to set one up. FTP is probably not. Actually, just about any other sort of outproxy might work, try setting it up with a standard tunnel and see. As explained several times above, outproxies of any type are not a core part of the network, they are services run by individuals and they may or may not be operational at any given time. If you would like to set up some type of outproxy, carefully research the potential risks. The I2P community may or may not be able to help with the technical aspects, feel free to ask. Is using an outproxy safe? (link)

You have to decide for yourself. It depends on what you are doing, your threat model, and how much you trust the outproxy operator.

Like Tor, I2P does not magically encrypt the Internet. You are vulnerable to snooping by the outproxy operator. The Tor FAQ does a good job of explaining this. There is no HTTPS outproxy in I2P, and you cannot hide your traffic from an HTTP outproxy operator.

In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels ("shared clients"). There is additional discussion about this on zzz.i2p. How do I access IRC, BitTorrent, or other services on the regular Internet? (link)

You can't. Somebody must set up an outproxy for each service. There are only two types of outproxies running right now: HTTP and email. There is no SOCKS outproxy. If you need this you should probably try Tor. Most of the eepsites within I2P are down? (link)

If you consider every eepsite that has ever been created, yes, most of them are down. People and eepsites come and go. A good way to get started in I2P is check out a list of eepsites that are currently up. inproxy.tino.i2p and perv.i2p track active eepsites. How do I set up my own eepsite? (link)

Click on the My Eepsite Link on the top of your router console for instructions. Why is I2P so slow? (link)

Why are downloads, torrents, web browsing, and everything else so slow on I2P? The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth. Anonymity isn't free.

In addition, you and everybody else probably need to increase your bandwidth limits. Two key settings are the inbound and outbound bandwidth limiters on the configuration page. With the default settings of 32KBps you will generally get no better than 15KBps data transfer in I2PSnark. Increasing the settings (but keeping within your actual connection limitations) will increase the potential transfer rate for I2PSnark and all other applications.

Also, do you have sufficient share bandwidth configured to allow participating tunnels to route through your router? Believe it or not, allowing participating traffic keeps you well-integrated in the network and helps your own transfer speeds.

I2P is a work in progress. Lots of improvements and fixes are being implemented, and generally speaking, running the latest release will help your performance. If you haven't, install the latest release. Bittorrent / I2PSnark / Azureus I2P Plugin Questions? (link)

See the I2P Bittorrent FAQ (outside I2P) How do I connect to IRC within I2P? (link)

On the I2PTunnel configuration page, start the ircProxy. Then tell your IRC client to connect to localhost port 6668. How can I access the web console from my other machines or password protect it? (link)

For security purposes, the router's admin console by default only listens for connections on the local interface. However, with a little hacking, you can make it reachable remotely:

  1. Open up clients.config and replace clientApp.0.args=7657 127.0.0.1 ./webapps/ with clientApp.0.args=7657 0.0.0.0 ./webapps/
  2. Go to http://localhost:7657/configadvanced.jsp and add a new option: consolePassword=foo (or whatever password you want)
  3. Go to http://localhost:7657/index.jsp and hit "Graceful restart", which restarts the JVM and reloads the client applications

After that fires up, you should now be able to reach your console remotely. You will be prompted for a username and password though - the username is "admin" and the password is whatever you specified in step 2 above. Note: the 0.0.0.0 above specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP. How can I use applications from my other machines? (link)

By default, the router I2CP interface (port 7654) binds to address 127.0.0.1. To bind to 0.0.0.0, set the router advanced configuration option i2cp.tcp.bindAllInterfaces=true and restart. Whats an "eepsite"? (link)

An eepsite is a website that is hosted anonymously - you can access it by setting your web browser's HTTP proxy to use the web proxy (typically it listens on localhost port 4444), and browsing to the site. What do the Active x/y numbers mean in the router console? (link)

x is the number of peers you've sent or received a message from successfully in the last minute, y is the number of peers seen in the last hour or so. Is it possible to use I2P as a SOCKS proxy? (link)

The SOCKS proxy is working as of release 0.7.1. SOCKS 4/4a/5 are supported. There is no SOCKS outproxy so it is of limited use.

In addition, many applications leak sensitive information that could identify you on the Internet. I2P only filters connection data, but if the program you intend to run sends this information as content, I2P has no way to protect your anonymity. For example, some mail applications will send the IP address of the machine they are running on to a mail server. There is no way for I2P to filter this, thus using I2P to 'socksify' existing applications is possible, but extremely dangerous.

If you would like more information on the socks proxy application anyway, there are some helpful hints on the socks page. What ports does I2P use? (link)

Okay, here's a rundown of the default ports (everything is configurable through various settings, of course):

  • Internet-facing ports Note: New installs as of release 0.7.8 do not use port 8887; they select a random port between 9000 and 32000 when the program is run for the first time. The selected port is shown on the router configuration page.

o Outbound UDP from the random port noted on the configuration page to arbitrary remote UDP ports, allowing replies o Outbound TCP from random high ports to arbitrary remote TCP ports o (optional, but recommended) Inbound UDP to the port noted on configuration page from arbitrary locations o (optional, but recommended) Inbound TCP to the port noted on configuration page from arbitrary locations

Inbound TCP may be disabled on the configuration page.

o Outbound UDP on port 123, allowing replies

This is necessary for I2P's internal time sync (via SNTP - querying a random SNTP host in pool.ntp.org or another server you specify)

  • Local I2P ports, listening only to local connections by default, except where noted:

o 1900: UPnP SSDP UDP multicast listener. Cannot be changed. Binds to all interfaces. May be disabled on config.jsp. o 2827: BOB bridge, a higher level socket API for clients Disabled by default. May be enabled/disabled on configclients.jsp. May be changed in the bob.config file. o 4444: HTTP proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces. o 6668: IRC proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces. o 7652: UPnP HTTP TCP event listener. Binds to the LAN address. May be changed with advanced config i2np.upnp.HTTPPort=nnnn. May be disabled on config.jsp. o 7653: UPnP SSDP UDP search response listener. Binds to all interfaces. May be changed with advanced config i2np.upnp.SSDPPort=nnnn. May be disabled on config.jsp. o 7654: I2P Client Protocol port, used by client apps. May be changed with the advanced configuration option i2cp.port but this is not recommended. May be changed to bind to all interfaces with the advanced configuration option i2cp.tcp.bindAllInterfaces=true. May be changed to bind to a specific interface with the advanced configuration option i2cp.hostname=1.2.3.4. o 7655: UDP for SAM bridge, a higher level socket API for clients Only opened when a SAM V3 client requests a UDP session. May be enabled/disabled on configclients.jsp. May be changed in the clients.config file with the SAM command line option sam.udp.port=nnnn. o 7656: SAM bridge, a higher level socket API for clients Disabled by default for new installs as of release 0.6.5. May be enabled/disabled on configclients.jsp. May be changed in the clients.config file. o 7657: Your router console May be disabled in the clients.config file. May also be configured to be bound to a specific interface or all interfaces in that file. o 7658: Your eepsite May be disabled in the clients.config file. May also be configured to be bound to a specific interface or all interfaces in the jetty.xml file. o 7659: Outgoing mail to smtp.postman.i2p May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces. o 7660: Incoming mail from pop.postman.i2p May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces. o 8998: mtn.i2p2.i2p (Monotone - disabled by default) May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces. o 32000: local control channel for the service wrapper

The local I2P ports and the I2PTunnel ports do not need to be reachable from remote machines, but *should* be reachable locally. You can also create additional ports for I2PTunnel instances via http://localhost:7657/i2ptunnel/ (and in turn, would need to get your firewall to allow you local access, but not remote access, unless desired).

So, to summarize, nothing needs to be reachable by unsolicited remote peers, but if you can configure your NAT/firewall to allow inbound UDP and TCP to port 8887, you'll get better performance. You will also need to be able to send outbound UDP packets to arbitrary remote peers (blocking IPs randomly with something like PeerGuardian? only hurts you - don't do it). How do I reseed manually? (link)

An I2P router only needs to reseed once, to join the network for the first time. Reseeding is nothing more than sending plain HTTP GET requests to fetch a directory listing and download multiple "routerInfo" files from a predefined reseed URL.

A typical symptom of a failed reseed is the "Known" indicator (on the left sidebar of the router console) displaying a very small value (often less than 5) which does not increase. This can occur, among other things, if your firewall limits outbound traffic, and blocked the reseed request.

To reseed an I2P router manually, do the following:

I have a question! (link)

Great! Find us on IRC irc.freenode.net #i2p or post to the forum and we'll post it here (with the answer, hopefully).