I2P Documentation Project/I2P Setup

Aus i2pwiki.mk16.de
Zur Navigation springen Zur Suche springen

This is simply a copy of documentation found at: http://echelon.i2p/i2p/i2psetup.txt
It may need updating

I2P

I2P is a rather complex system and not always the default setup fits all users.

The installer will install the files into 2 folder: For linux:

1. the skeleton in ... 2. the user data in /home/$USER/.i2p

For Windows:

1. the skeleton in ... 2. the user data in /user/$USERNAME/applicationdata/roamin/i2p

Remeber to only change the files under the home directory! The skeleton will be used to copy the files into the home directory of other users starting I2P on that computer.

If you want to remove I2P by hand: remove BOTH folders!

I2P needs java runtime, my best experience is with latest oracle JRE/JDK, currently Java 7 update 9. OpenJDK does work, to. Also the Apple Java does work. I2P on android is somewhat special, but does work, too.

On the first start of I2P, I2P tries to gather the current running CPU architecture and OS. With this information it chooeses the correct libjbigi - a highly optimized library to do the most needed I2P crypto functions in hand coded ASM. Also I2P chooses the port for its UDP/TCP transports to other I2P routers. This port is randomly choosen on first start of the I2P router ONLY and is in the range 9000-31000. You can see (and EDIT!) the current port on the page http://127.0.0.1:7657/confignet

Now the I2P router starts up and asks the reseed hosts for seed information - those are just information about other I2P routers. If it got enough information, the I2P router tries to contact the other I2P routers based on the fetched seed informations.

Now for the network: I2P has UPnP integrated and enabled by default - it tries to open and forward the choosen port on TCP and UDP to the I2P running computer. Sometimes this does NOT work fine. In this case you can edit the settings on http://127.0.0.1:7657/confignet to disable UPnP and choose the value your system suits. Usual you should use all auto, but sometime you need to fiddle a bit with these settings. A special note about 2 modes: 1. hidden mode - it does not publish your router information to other I2P routers and make you a BIT more anonymous - but it prohibites participating traffic (aka traffic of other I2P routers going through your node in which you can hide your traffic). AND it does NOT hide your IP! Your I2P router still needs to connect to other I2P routers and on each connect your IP is known to the other one. But the other one does NOT distribute your I2P to other I2P routers or tries to connect to this IP on its own. So: hidden mode does lock you in and no other I2P node connecting to you! 2. laptop mode - on each I2P restart the router ID information and port settings are deleted and randomly set new. Each router has a unique ID and this could be traced to the IPs you use. With this setting this bounding is prohibited. On the cost of other I2P router loosing track of yours on each change. Not much participating (cover) traffic will be produced on your router.

Now, if I2P has connected to other I2P routers, it runs! In your router console you should see some basic information: http://127.0.0.1:7657/home You should set the bandwidth on http://127.0.0.1:7657/config to the values it suits you. Remember: under 16 kbyte/sec you will not have participating (cover) traffic at all! You need some speed and other good values (see e.g. http://echelon.i2p/i2p/i2pspeed.txt ). The share percentage shows how much of your bandwidth is shared for other I2P routers (cover) traffic. Your own traffic is ALWAYS preferred - if you set 100 kbyte/sec and 60% share, you can use up to 100 kbyte/sec for your own and the participating (cover) traffic is cut down automatic!

On the http://127.0.0.1:7657/console router console you do see a lot more stats. Important is the General: section with the network status. I2P does test automatic the reachability of your I2P router on the choosen port for UDP and TCP. Not always this is 100% correct. But even if it tells your "firewalled", I2P will work. Just not as fast and reliable as with ports open and reachable. So it is wise to open and forward the port on your firewall (if I2P UPnP does not work with it).

Now the peers section In leftern router console in the peers section you see some stats about connections to other I2P routers. Active are the numbers of active connections the last 10 min/the last 1h. Fast/high capacity/integrated are classifications of the known routers. Only the fast one are used to built client/server tunnels for the destinations. More about classification on http://echelon.i2p/i2p/i2pspeed.txt and on http://i2p-projekt.i2p/_static/pdf/I2P-PET-CON-2009.1.pdf . To make it clear: you need some active peers and some in the fast tier. If the number of active peers drop too low, I2P router reseeds automatic to get a new list of I2P routers trying to connect to and builtup transfer connections. On each connection from another I2P router some information of unknown I2P routers are exchanged (in hidden mode ONLY received, not sent). With each active connection you get known to other routers. In hidden mode other router do not connect to you, this implies you get far less connections and far less known routers over all. This implies your router does have a very small subset of available routers and maybe does not have the best/fastest routers of all to route your client/server traffic. Also if you are firewalled, it is nearly the same as in hidden mode. Thats why firewalled/hidden mode are slower than usual and why they do have less connections. BUT you can run servers which are reachable for others even in hidden and in firewalled mode.

The tunnel section I2P uses tunnels to transport data from a destination to another destination. Each tunnel do use several I2P peers. More on http://echelon.i2p/i2p/i2pspeed.txt. Exploratory tunnels are used the get known to other peers, rate the other peers in speed and capacity, and for building client tunnels. Those exploartory tunnels are built out of the fast,high capacity, and integrated tiers. Without exploratory tunnel you do not have any ratings of peers and client tunnel. Client tunnels are used by destinations to transfer client data. Each destination have a set of OUT and IN tunnels bound to it. Those client tunnel are built out of the fast tier.

Local Destinations Several destinations are able to run on your I2P peer. By default only the shared clients does run. This one is a "one for all" destination able to serve for a lots of services. The http://127.0.0.1:7657/i2ptunnelmgr destination setup page does show two different kind of destinations: I2P server and I2P client. ATTENTION! That page tells you "Tunnels", but in reality those are destinations with tunnels associated to them. The terminology is not always very easy and clear. The server destinations are services which do run on that I2P peer, e.g. a own eepsite or a tahoe-lafs server.

The client destinations are setup to reach server destinations running on other I2P peers. By default the http and IRC proxy clients to run and offer services on 127.0.0.1 port 4444 for http and port 6668 for IRC. The tunnels in I2P listen on these ports and forward ALL traffic 1:1 to the destinnation: shown in the client tunnel lines. E.g. IRC client tunnel forwards ALL traffic direct to one of them: irc.postman.i2p,irc.freshcoffee.i2p,irc.echelon.i2p. The HTTP client proxy is kinda special: all *.i2p requests are forwarded to the I2P eespite noted in the local addressbook, all NON *.i2p requests are sent to false.i2p, which is a simple http squid proxy into the real internet (very limited and very censored). Client tunnels to reach the https Proxy, the MTN server, the POP3 and SMTP server inside of I2P are also already defined, but are set inactive by default. The stars on leftern part and on http://127.0.0.1:7657/i2ptunnelmgr do show the state of the destination: green - all fine and running yellow - standby. Need some traffic to built up tunnel and work fine (aka some requests needed) red - destination stopped or no tunnel active for destination, aka destination inactive

Backup Tunnels


t.b.c.