Python implementation of the PurpleI2P x25519 code from https://github.com/PurpleI2P/i2pd-tools/blob/master/x25519.cpp

Along with a guide on how to set up a server and client to use encrypted LeaseSets!

Learn More about Encrypted LeaseSets:

https://geti2p.net/en/blog/post/2021/09/07/Level-Up-Encrypted-Leasesets

https://geti2p.net/spec/proposals/123-new-netdb-entries#encrypted-ls-with-offline-keys

https://i2pd.readthedocs.io/en/latest/user-guide/tunnels/

https://geti2p.net/spec/encryptedleaseset

https://github.com/PurpleI2P/i2pd/wiki/Publish-encrypted-LeaseSet

https://habr.com/ru/company/itsoft/blog/555604/

Good article on how to set up and use Syncthing over I2P for a truly decentralized sync. Helps work around NAT issues and provides good privacy benefits.

Archive Link: https://archive.ph/amWqR

i2pd

https://github.com/PurpleI2P/i2pd/releases/tag/2.49.0

Changelog

1. Handle SOCK5 authorization with empty user/password and send correct version in response
2. Improve NTCP2 transport session logging
3. Allow 0 hops in explicitPeers
4. Don't allow incoming transport sessions from routers with incorrect timestamp
5. Fixed sending keepalive for sessions with introducers
6. Always select router with ipv4 for tunnel endpoint
7. Fixed crash if deleted BOB destination was shared between few BOB sessions
8. Memory pool for router profiles
9. Removed AVX code
10. Exclude SSU1 introducers from SSU2 addresses
11. Don't create paired inbound tunnel if length is different
12. Fixed padding length for SSU2 path response
13. Don't publish introducers with zero tag
14. Consider all addresses non-published for U and H routers even if they have host/port
15. Don't pick completely unreachable routers for tunnels
16. Separate network and testing status

i2pd-android

https://github.com/PurpleI2P/i2pd-android/releases/tag/2.49.0

About

I2PSnark is an I2P-only BitTorrent client built with Java. This allows you to spin up a docker container with a I2PSnark client which can be managed through the web-ui. This specific I2PSnark application is from the I2P+ team at https://i2pplus.github.io/ and http://skank.i2p using this package http://i2pplus.github.io/installers/I2P+_2.2.0+_i2psnark-standalone.zip.

Testing

Use this .torrent file to test if your I2PSnark client is working:

http://skank.i2p/i2pupdate.zip.torrent

Find More Torrents

http://tracker2.postman.i2p (requires I2P)

https://codeberg.org/Strict3443/qbittorrent-i2p-vnc

I have created a Dockerfile which will compile the latest version of qBittorrent which has experimental I2P support into a docker container with VNC support. The reason for this is my server is headless and I wanted to use the v4.6.x version of qBittorrent, but the qbittorrent-nox version of v4.6.x does not have I2P options yet. So I had to build the GUI version on top of a VNC image.

In doing so, this will build a container that has VNC capabilities where you can utilize a desktop environment to setup the GUI version of qBittorrent with your I2P settings, and then just use the web-ui from there on.

Why?

I am a qBittorrent user and wanted to start downloading and cross-seeding torrents with I2P, so I built this image as a drop in replacement of my linuxserver/qbittorrent docker container and it just works.

Why don't you post the docker image?

I am not sure how yet, and I also left it as a Dockerfile so that you can build this on ARM or x86-64 depending on your needs

Note

This image can be quite heavy and take a long time to build, but until v4.6.x is out of beta, this will do.

See also: https://geti2p.net/en/get-involved/roadmap

This release is going to focus on identifying hardening the netDb against context confusion attacks, refining and elaborating upon the behavior of the blocklist, and mitigating some of the types of spam which have appeared on the network. We will be implementing handling of congestion capabilities, eliminating the majority of lookup spam, and implementing an i2pd-style multiple-netDb design which allows each client to use a different store of LeaseSets than a floodfill running on the same router, providing us with a clear boundary between information sent to and used by clients and information sent to and used by the router. By doing things this way, we can also make make it easier for the netDb to handle obscure cases like multihoming. Please test, test, test, and report your findings, these are big changes and they won't go in unless we are sure they're right.

• Target Release Date: September 12, 2023.
• Major Changes Due Date: August 28 2023
• Tag Freeze Date: September 1, 2023

If you want to run the code I am running, clone the i2p.i2p.2.4.0-test1 branch from git.

Hi, I'm new to I2P and wondering, if the network is growing or shrinking.

I have a small VPS that had little to do, so I run a router there. My router knows of 8,700 other routers (that's pretty constant).

• Would this be a good measure to estimate on how big the network is?
• Do you have a similar number of known routers?
• And is the network growing or shrinking?

Thank you.

Did i2p just become illegal in Russia?

Hello, I am trying to set up i2p on my dedicated server. I had it set up but it seems to have broke recently after messing with some other services on the server (don't ask I honestly don't remember what I changed.) I uninstalled and reinstalled i2p+, and configured it in ~/.i2p/clients.config.d/00... to listen on 192.168.1.1/24 and restarted the router. After that didn't work I tried creating an ssh tunnel to it to access it as localhost, but that didn't load and ssh returned the error "channel 3: open failed: connect failed: Connection refused." If anyone knows anything about setting up a dedicated i2p router on LAN, please help.

Edit - Found this in the logs: 2023/08/02 10:32:58 | INFO | Unable to bind the Router Console to any address on port 7657

Edit 2 - Update: Upon reinstalling i2p+ completely, I was able to get in with an ssh tunnel. Now I will try to open it up to the network and document my changes here in case anyone else runs into the same problem.

Edit 3 - Update: I realized that I am stupid. I was putting the wrong ip in the configuration files in clients.config.d because I thought it was the ip of allowed clients not the ip that it is reachable by. Once I also changed the settings in ~/.i2p/router.config it would redirect to an https version which wouldn't load. I added routerconsole.redirectToHTTPS=false in router.config and it loaded an http page. Next I need to allow lan connections on so I can use it as a dedicated router.

Seems like almost all .i2p sites I see is dead, I think links are dead but b32 ones still work. Is there a maintained repo/site/index with well structured info?

nonbob seems to work :/

If you want to install the latest version of i2pd on OpenBSD -stable

Have a look at the roadmap. Is there anything there you can help with? More info at the forum, eventually.

http://i2pforum.i2p/viewtopic.php?t=1193&sid=d51e909387b77d5a2a07896be8ba0317

So I installed i2p on a Linux Mint VM. I'm able to see i2p sites, but I'm also able to browse clearnet sites, which I thought would not work. Does the default Linux installer configure an exit node by default?

Library supports all I2P SAM features:

• streams, reply-able datagrams and raw datagrams
• session options (example: variable-length inbound/outbound tunnels)

It's well researched, tested and proven in demanding censorship-resistant fully distributed systems, like DIVA.

Test/Coverage reports, see Mastodon link below.

Github: https://github.com/diva-exchange/i2p-sam/releases

Mastodon: https://social.diva.exchange/@social/110707065011077754

Related docker containers: https://hub.docker.com/r/divax/i2p

cross-posted from: https://lemmy.dbzer0.com/post/638840

I found I2P much better than Tor network, and now it supports BitTorrent protocol too https://geti2p.net/en/docs/applications/bittorrent .

Why haven't the pirates migrated to I2P? Why are we still using clearnet and making people backout of seeding cause of DMCA?

Every time I try to create a torrent I get "The connection was reset"

Hello,

I created an ansible role for i2pd. Basically, this allows system administrators who want to take part in the I2P network to automate i2pd deployment.

👉 https://codeberg.org/systemfailure.net/ansible_i2pd

This role works on OpenBSD, Archlinux and Debian.

It doesn't expose all i2pd parameters yet, but it is sufficient to deploy quickly i2pd on machines controlled by ansible, especially on servers, and also allows to store tunnels keys (.dat files).

Comments and contributions welcome 😀

The setup and that it routes over several randomly chosen nodes to self-contained sites reminds of Freenet. How does i2p compare to it?

Announcing the latest release of I2P+ (2.3.0+), a soft-fork of the Java I2P software with an emphasis on presentation, performance, and usability.

Now available for download as an update or a full universal installer for Windows, Linux, BSD and MacOS (Java 1.8 or later supported):

Torrents: http://tracker2.postman.i2p/index.php?view=TPoolDetail&id=1256 Direct downloads via i2pplus.github.io or skank.i2p or via the Tor .onion mirror Git source access: https://gitlab.com/i2p.plus/I2P.Plus/ or http://git.i2p/I2P.Plus/i2p.plus

Recent Changes

• Add a toggle on /configui to activate alternative display font for console and default webapps
• Auto-refresh for /netdb and /stats
• Iconized navigation links in the console configuration section
• Visibility toggle for the settings panel on /graphs
• Fix wrapper (service) issue for new non-Windows installs via universal installer
• Add a peer congestion caps count on /netdb
• Add addresshelper icon link for servers on tunnel manager index if a hostname is configured
• Add auto-refreshing session bans page to /profiles
• Improvements to console and webapp themes
• Console logging improvements

Notes

• The full installers now implement https:// access to the console by default (port 7667); you will need to allow the (self-signed) certificate when prompted in your web browser to access the console. To disable automatic redirection, add the following to your router.config file in ~/.i2p/ -> routerconsole.redirectToHTTPS=false

Installation

Windows

If you have installed I2P from the Easy Installer Bundle, this will need to be uninstalled first and your I2P configuration directory renamed or deleted. For best results and to avoid issues, please ensure any previous I2P installation is uninstalled before proceeeding with the I2P+ installation. You may also wish to rename or remove your existing i2p configuration folder (usually located at %appdata\i2p) to benefit from a clean install with the default I2P+ configuration. Ensure you run the installer as Administrator to avoid issues. Oracle Java JRE (>=1.8) or Microsoft OpenJDK 17 (https://www.microsoft.com/openjdk) recommended. For newer versions of the JRE, or alternative JDK packages, you may need to extract the install.jar from the self-extracting exe file and, as administrator, run the command: java -jar install.jar The installer will install I2P+ as a Windows system service and configure to automatically start at system boot (requires administrator privileges). Control of the service can be managed via http://127.0.0.1:7657/configservice or via the normal Windows methods e.g. services.msc or the task manager services tab.

Linux / BSD / MacOS

Launch the installer (a .jar file with a Windows-specific .exe wrapper which will be ignored) by typing: java -jar ./i2pinstall_2.3.0+.exe at a command prompt, or java -jar ./i2pinstall_2.3.0+.exe -console for a headless (non-GUI) installation. For a console installation, you will need to specify the full installation path (usually /home/user/i2p/) or the installer will use the current directory as the install path.

This release contains fixes for CVE-2023-36325. CVE-2023-36325 is a context-confusion bug which occurred in the bloom filter. An attacker crafts an I2NP message containing a unique messageID, and sends that messageID to a client. The message, after passing through the bloom filter, is not allowed to be re-used in a second message. The attacker then sends the same message directly to the router. The router passes the message to the bloom filter, and is dropped. This leaks the information that the messageID has been seen before, giving the attacker a strong reason to believe that the router is hosting the client. This has been fixed by separting the bloom filter's functionality into different contexts based on whether a message came down a client tunnel, an exploratory tunnel, was sent to the router directly. Under normal circumstances, this attack takes several days to perform successfully and may be confounded by several factors such as routers restarting during the attack phase and sensitivity to false-positives. Users of Java I2P are recommended to update immediately to avoid the attack.

In the course of fixing this context confusion bug, we have revised some of our strategies to code defensively, against these types of leaks. This includes tweaks to the netDb, the rate-limiting mechanisms, and the behavior of floodfill routers.

This release adds not_bob as a second default hosts provider, and adds notbob.i2p and ramble.i2p to the console homepage.

This release also contains a tweakable blocklist. Blocklisting is semi-permanent, each blocked IP address is normally blocked until the router is restarted. Users who observe explosive blocklist growth during sybil attacks may opt-in to shorter timeouts by configuring the blocklist to expire entries at an interval. This feature is off-by-default and is only recommended for advanced users at this time.

This release also includes an API for plugins to modify with the Desktop GUI(DTG). It is now possible to add menu items to the system tray, enabling more intuitive launching of plugins which use native application interfaces.

As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.

DETAILS

Changes

• netDb: Throttle bursts of netDB lookups

• Sybil/Blocklist: Allow users to override blocklist expiration with an interval

• DTG: Provide an API for extending DTG with a plugin

• Addressbook: add notbob's main addressbook to the default subscriptions.

• Console: Add Ramble and notbob to console homepage

Bug Fixes

• Fix replay attack: CVE-2023-36325 Implement handling of multihomed routers in the netDb

• Fully copy new leaseSets when a leaseSet recievedAsPublished overwrites a leaseSet recievedAsReply

I'm trying to access jellyfin remotely over i2p and I want to get the best performance.

Right now I'm having trouble with keeping a stable connection. My connection doesn't need to be fast but it keeps dropping in and out for some reason.

Haven't tried it myself yet, but it does look interesting.

The Invisible Internet Project (I2P) is a network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user’s traffic and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world.

The Invisible Internet Project began in 2002 and has been active since that time.

How Does I2P Protect Me?

The server is hidden from the user and the user from the server. All I2P network traffic is internal to its network. Traffic inside the I2P network does not interact with the Internet directly. It is a layer on top of the Internet.Encrypted unidirectional tunnels are used between you and your peers to send traffic. No one can see where that traffic is coming from, where it is going, or what the contents are. Additionally I2P transports offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.

Distribution All traffic on the I2P network is encrypted. An observer cannot see a message’s contents, source, or destination. All traffic you route as a participant is internal to the I2P network, you are not an exit node. The network does not do distributed storage of its content ( like Freenet or IPFS). By participating as a node you are not storing content for anyone.If there are hidden services which you dislike, you may refrain from visiting them. Your router will not request any content without your specific instruction to do so.

Is Using I2P Dangerous?

The I2P network is an overlay network. There are no dangers in using an overlay network. If you are engaging activities that are illegal or dangerous on the internet, that does not change if you are using an overlay network.

Regarding using overlay networks, the Java implementation includes a “Strict Countries List” that is used to decide how I2P routers should behave within regions where applications like I2P may be limited by law. For example, while no countries that we know of prohibit using I2P, some have broad prohibitions on participating in routing for others. Routers that appear to be in the “Strict” countries will automatically be placed into “Hidden” mode.

When a router is placed into hidden mode, three key things change about its behavior. It will no longer publish a routerInfo to the NetDB, it will no longer accept participating tunnels, and it will reject direct connections to routers in the same country that it is in. These defences make the routers more difficult to enumerate reliably, and prevent them from running afoul of restrictions on routing traffic for others.

OPSEC Keep track of what profiles you maintain and what services you interact with no matter what network you use. Perform personal risk assessments. The I2P Java software ships with very good defaults for hops for privacy without sacrificing performance.

What About “De-Anonymizing” Attacks? Reducing anonymity is typically done by: A) identifying characteristics that are consistent across identities or B) identifying ephemeral characteristics of repeated connections.

Attacks on I2P in the past have relied on correlating NetDB storage and verification. By randomizing the delay between storage and verification, we reduce the consistency with which that verification can be linked to I2P activity, thereby limiting the utility of that data point. Attacks on software configured to work with I2P are out of scope for I2P to solve. When browsing I2P, hosting or using I2P services, it is the responsibility of the user to consider their threat model.

How Do I Connect To the I2P Network?

The core software (Java) includes a router that introduces and maintains a connection with the network. It also provides a handful of applications and configuration options to get you started and personalize your experience.I2Pd is a C++ implementation of the I2P protocol. When using I2Pd you will need to edit configuration files, with Java I2P you can do it all within a user interface.

What Can I Do On The I2P Network?

The network provides an application layer that allows people to use and create familiar apps for daily use. Additionally, the network has its own unique DNS so that you can self host or mirror content on the network. The I2P network functions the same way the Internet does. The Java software includes a BitTorrent client, and email as well as a static website template. Other applications can easily be added to your router console.

What Is the Best OS To Use?

The I2P core software is cross platform. The best OS to use is the one that you feel most comfortable using.

Do I Have To, Or Should I Use I2P in Qubes or Whonix? Am I Not Safe If I Use Something Else?

This depends on your personal threat model. Generally speaking, I2P in Qubes or Whonix are very strong security measures. You can usually use the I2P software with a Firefox or Chromium browser without worry.

It is more important to exercise caution with who you communicate with and how. If you’re doing something that attracts the attention of people with the time and energy to carry out massive, scaled up attacks or sophisticated zero-day attacks, then something extremely thorough like Qubes is an option. On the other hand, if you’re just hosting your blog or surfing I2P sites, then chances are you’re fine just using the OS you’re most comfortable with. The real answer is conscientiousness, don’t say anything you’re not comfortable with somebody repeating.

I Can See My IP Address?

Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P software is public, nobody can see your activities in the network. For instance, you cannot see if a user behind an IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the network.

Firewalled Status?

A firewalled I2P router can still access the I2P network. However, if you want to provide extra capacity to the network, it is necessary to open ports.Open I2P’s port on your modem, router and/or firewall(s) for better connectivity (ideally both UDP and TCP).For more information about Port Forwarding: https://portforward.com/

Browsing Functions in I2P

A properly configured browser supports accessing content on the I2P network ( I2P sites and services ) and accessing clearnet content via the outproxy service specified in the Hidden Services Manager of the I2P router.

Instruction for configuring a browser are outlined here: https://geti2p.net/en/about/browser-config .

There is also a Firefox based extension ( I2P in Private Browsing Mode ) that can be found in the the new experimental Windows installer, or can be added directly from here: https://addons.mozilla.org/en-US/firefox/addon/i2p-in-private-browsing/

Does It Matter What Browser Is Used To Access Content On the I2P Network?

Yes and no. Technically, you can use any browser that has support for proxies. However, some browsers are more secure than others. Also, depending on the browser, it may be more difficult to set up a proxy.

What Browser Should I Use For I2P on Android?

In principle, any browser works, but Privacy Browser is the easiest to set up because it has pre-configured proxy settings for I2P. Instruction can be found here: https://github.com/eyedeekay/Configuring-Privacy-Browser-for-I2P-on-Android#configuring-privacy-browser-for-i2p-on-android

Is It Possible To Install I2P Software on an iPhone?

This is currently not possible without increased effort. If you are tech savvy you can take a look at https://i2pd.readthedocs.io/en/latest/devs/building/ios/. Currently there is no official I2P app available.

What Does It Mean When I See That My I2P Router Needs To Be Integrated Into The Network?

An I2P router needs a few minutes to connect to the network. Sometimes it can take up to an hour.

How Can I tell If The I2P Proxy Is Ready?

You can go to 127.0.0.1:7657/tunnelmgr, if the status of “I2P HTTP Proxy” is green, the proxy is ready and you should be able to surf.

I Cannot Reach I2P Sites

If your router is running and you have shared clients and a browser configured, or are using I2P In Private Browsing Mode and see a proxy ready indicator, check the I2P project website using the link found in /home in the router console. If you can reach that site, then you know that your connection is good and browser is working. If you cannot reach a specific site, please realize that we cannot help you with that.

How Do I Activate the SAM Bridge?

To enable the SAM API: go too http://127.0.0.1:7657/configclients. Find the menu item called “SAM application bridge.” Select “Run at Startup” and press the small arrow to the right of the text.

How Come Router ‘shutdown’ Takes Several Minutes?

Because you are routing traffic for other peers. If you shutdown your router immediately, you interrupt their traffic.