I recently heard about DHT support on I2Psnark, and got curious whether qBittorrent supports this feature on I2P as well. When I first set up qBittorrent to work with I2P, the guide I used instructed to disable DHT, PeX and Local Peer Discovery due to lacking support and security risks. Has anything changed? Is libtorrent still lagging behind on these features?
Explore the various I2P versions, each designed for secure, anonymous networking across different platforms and use cases. This page showcases images and links to key I2P software and tools. #I2P #CyberSecurity #PrivacyMatters
--Stolen and reposted here, sorry zab, but I hope you're fine with some extra promotion--
Hi,
[...]
After about a year off MuWire is back to the land of the living and the network has ~50 active users at any given time. Here is how to set it up and connect:
Download the connections.txt file and save it somewhere
Depending on your operating system:
On Windows, download the MuWire-0.8.14-beta2.exe installer and run it. It will install everything you need to run MuWire. Skip to step 5.
On Linux, you need to install Java 17 or newer. This will be different on each distribution
On Mac, you need to install Java from [here] (https://jdk.java.net/22/) (available for both Intel and Apple Silicon).
Download the [MuWire-0.8.14-beta2.zip] (http://muwire-0.8.14-beta2.zip/) file and unzip it. Run the bin/MuWire script to launch MuWire.
Go through the MuWire setup wizard. When the main window appears, select Connections (top-left menu) -> Import connections and select the connections.txt file you saved in step 1.
Watch the bottom right of the main window - there is an icon like a molecule with the number of active connections to the MuWire network. As soon as MuWire connects, you can use it to search, share, download, message other users and more.
This release, I2P 2.6.0, continues our work by fixing bugs, adding features, and improving the network's reliability.
Newer routers will be favored when selecting floodfill routers. I2PSnark received features which improve the performance of PeX(Peer Exchange), in addition to bug fixes. Legacy transport protocols are being removed, simplifying the code in the UDP transports. Locally-hosted destination will be reachable by local clients without requesting their LeaseSet, improving performance and testability. Additional tweaks were made to peer selection strategies.
I2P no longer allows I2P-over-Tor, connections from Tor exit IP addresses are now blocked. We discourage this because it degrades the performance of I2P and uses up the resources of Tor exits for no benefit. If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each. Non-exit relays and Tor clients are unaffected by this and do not need to change anything.
As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.
RELEASE DETAILS
Changes
Router: Increase minimum version for floodfill routers
Before we begin: Snap(and AppImages) are still not official packages. This still an experimental package and just a side-project of mine.
A few years ago, I got way too interested in these semi-novel packaging systems that the various distributions came out with. I went on a rampage of experimental package creation, often without necessarily knowing the future of the packages themselves. Many versions ago, the most popular of those packages broke in a particu`larly annoying way, and I did not have time to fix it. Until a few weeks ago, that is, and now, it's actually a lot easier for me to be sure that what I'm packaging is going to actually work because I can generate and test the packages continuously.
TL:DR the Snap, which I created, then broke, is now fixed, and it's likely to stay that way. If you are a snap user stuck on an old version, update as soon as possible.
It is generated using jpackage combined with the Easy-Install source. As a package, it functions like the Easy-Install bundle and not like the .deb or .jar installers.
https://snapcraft.io/i2pi2p
What's the real point? Nobody really cares about Snapcraft that much, except maybe Canonical. A lot of people don't even like them. That's not why there's a Snap of I2P now. The reason there's a Snap of I2P now, and that this experiment was not discontinued outright, is because it demonstrates the power of jpackage, the technology underlying the Easy-Install Bundles for Windows, to generate self-contained images that can easily be adapted to Linux package formats. Once you can stick a jpackage inside a Snap, you can just as easily stick it inside of an AppImage. A slightly different manifest format will leave you with a working Flatpak. The same applies to docker-compose and probably many other tools. Or, you can just stick it all into a .zip file and treat it like an I2P portable installation. The files your packaging are always the same, and are simply generated by jpackageing a custom I2P router launcher.
On Linux... not so much. That's because Linux isn't Linux. There's a Debian package, but OpenSuse is its own thing. Is there a way to get I2P, Snark, etc. up and running there without having to jump through too many hoops?
I2P 2.5.1 is being released to address Denial-of-Service Attacks affecting the I2P network and services. With this release we disable the IP-based parts of the Sybil attack detection tool which were targeted to amplify the effect and duration of the attack. This should help the network return to normal operation. Those of you who have disabled the Sybil attack detection tool may safely re-enable it. Adjustments to other subsystems to improve RouterInfo validation and peer selection have also been made.
As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.
The I2P network is currently under a Denial-of-Service attack. This attack affects I2P and i2pd but in different ways and is having a serious effect on network health. Reachability of I2P sites is badly degraded.
Java I2P users are suggested to disable the sybil attack tool, delete the sybil-blocklist, and re-start their routers.
To disable the sybil attack detector tool
Open the sybil attack detector in your router console at http://127.0.0.1:7657/netdb?f=3&m=15
Change "Background Analysis Run Frequency" to "Never"
del %LocalAppData%\i2p\sybil-analysis\blocklist-sybil.txt"
When you are finished, re-start your I2P router.
If you are hosting a service inside I2P and it is hosted on a Floodfill router, you should consider multihoming the service on a Floodfill-disabled router to improve reachability. Other mitigations are being discussed but a long-term, backward-compatible solution is still being worked on.
"I2P network reliability is currently degraded due to a novel and persistent attack. Please be patient as we work on mitigations. If you have not yet updated to the latest release 2.5.0, please do so as it provides some defences."
For i2pd users, you can try building their latest from GitHub which may help.
I host i2p on a rpi 3 in order to use it as a mutualize gateway for my private network.
i2p consume so much ressources that I couldn't even curl it's web interfaces. It try to get some info on what are the hardware requirements, but didn't find anything.
What are the minimal hardware requirements for the current version of i2p ?
Is it a good idea to mutualise a gateway on a private server ?
If so, is it a good idea to give access to this gateway through a VPN ?
This is a pre-release of the I2P Easy-Install Bundle for Windows. This changes how the I2P bundle and browser profile manager are installed and integrated with the host system. The Easy-Install bundle is now a "portable" system that can be moved to different locations within or between Windows file-systems while retaining all built-in functionality. A shortcut for starting the I2P router is still provided by the installer for convenience, but the shortcuts for starting the I2P Browser are now integrated with the I2P desktop UI.
The browser profile manager itself has been split away from the monolithic I2P router+Java/jpackage, and moved into an I2P plugin managed by the router. While this was done primarily to reduce how complex the existing code was, this also results in behavior which is closer to the main distribution of I2P for Windows and will lead to a more flexible installer, which can bundle additional default plugins and may be suitable for installation as a Windows service. I2P Plugins can also be updated independently of the router that hosts them, so it will be possible to update the browser profile manager independently of the router itself. It also means that the browser profile manager can be un-installed by uninstalling the plugin, and much more importantly that the browser profile manager is now compatible with all Java I2P distributions.
Why a dev build 3 weeks before the release?
By further delineating the components of the bundle, these changes also affected how the release process happens. In particular the build process of each component has been encapsulated in a CI description which can be reproduced on a local PC. This simplifies and automates the build process by ensuring that up-to-date build tools are installed in a brand-new container for every build. In effect this should speed up the release process for I2P Easy-Install for Windows considerably. This release is a test-run of the new process, so I can document what is going on. It breaks down roughly like this:
It takes ~22 minutes to compile all the targets for the i2p.plugins.firefox and make the resulting artifacts available. During this process, I must insert 1 HSM and enter 1 password. (This part used to be about 30 steps, now it takes 1)
It takes ~22 minutes to compile all the targets for the i2p.firefox project and make the resulting artifacts available. This process produces only unsigned artifacts identified by their hashes, and is non-interactive. (This part used to be around 60 steps the first time, and 40 steps each additional time)
i2p.firefox updates are signed in their .su3 form. The NSIS-powered .exe installer is the current updater. The next step is to sign just this installer and generate a torrent of the result. (This process used to depend on the previous build process and couldn't be done independently. Now it takes about 30 seconds)
Generate and sign a newsfeed to notify the users of an update. This process is the only process that is slower when containerized, because there are dozens of feeds to be signed in their respective containers. It takes about an hour.
For you the end user, nothing much should change. You'll get your updates a lot faster, and have more options available for testing. The same installer is used for the updater, and the process is handled the same way. However for developers, testers, and maintainers, this release will result in big changes for the better.
This release still embeds a 2.4.0 Java I2P router. No changes have been made to update the embedded router. Network behavior will be unchanged until the official 2.5.0 release.
Anyone know how to switch browser in i2p mobile? I opted for the built in one, but it's kind of limited and I can't seem to change it.
I have Firefox installed but can't select it as the default.
After the very challenging 2.3.0 and 2.4.0 release cycles we're going to have a long release cycle this time, targeting an April release. This release will feature performance improvements and new application features.
To keep track of newly merged features, follow along at: https://git.idk.i2p/i2p-hackers/i2p.i2p/-/merge_requests?scope=all&state=merged&milestone_title=2.5.0
Target Release Date: April 29, 2024.
Major Changes Due Date: March 31, 2024
Tag Freeze Date: December April 11, 2023
If you want to run the code I am (Usually) running, use the master branch from git.
So i would like to increase my upload bandwidth of i2psnark but it doesn't let me go beyond 9.999. I have a 500/500 fiber connection with no cap and like to share bit more then only the 9.999 KBs.
EDIT: I manage to solve it thanks to sopuli.xyz
I changed the i2psnark.upbw.max ration inside ~/local/share/containers/storage/volumes/i2p_i2phome/_data/i2psnark.config.d/i2psnark.config"
the perhaps odd file locations is due to me using podman in rootles mode
From i2p on reddit. Link is to an i2p page so start up your i2p instances.
In this tutorial, I will show how you can make your own private XMPP server, where you will have full control of your user data, messages, groups, files, all of that federated over anonymizing networks such as tor and i2p.
a) a locally installable I2P(d) testnetwork is available in the public domain. Here is the link to github: https://github.com/h-phil/i2pd-testnet-kubernetes . I2Pd (C++) is supported, I2P java not. The author of the testnet might or might not fix that issue. So: PRs are welcome for those who need Java I2P support. This kurbernetes-based testnet (which scales very well) is a side effect of the I2P de-anonymization study (academic work) which has been finished mid of January 2024 (see below).
b) Independent (of the I2P[d] developers) de-anonymization study (academic research, sponsered by diva.exchange, done at Lucerne University of Applied Science, Switzerland): results in a nutshell "there have been no patterns found, using passive network surveillance technologies, to relate a Lease Set to a Router Info - hence it was not possible to de-anonymize an I2P service provider by just using mass surveillance technology".
Remark 1: the study is NOT trying to identify/exploit bugs within the I2P software to de-anonymize service providers within the I2P network (in this context, this is not interesting for the researchers - the overall I2P architecture is the interesting part).
Remark 2: there are two areas of "I2P de-anonymization" research sponsored by diva.exchange - one is focussing on "taking over I2P tunnel control by harrassing network participants" the other one is focussing on "de-anonymization using network surveillance technologies in combination with pattern recognition".
The study will be published sooner or later on academic channels. To get notified, follow here: https://x.com/@DigitalValueX or https://social.diva.exchange/@social (mastodon)
c) I2P Docker / I2P-SAM news: docker images (https://hub.docker.com/r/divax/i2p) and a complete I2P SAM library (https://github.com/diva-exchange/i2p-sam) are updated regularily. The docker images and the SAM library are used in the academic context. They are well tested and reliable.
I am on a tor site and it has 2 links to an i2p site. The first says "I2P [b32]" and has a link of http://acruexirfkgcqhwxyu75v7dtahr3a44hmbfygngsvubmkrbd6axa.b32.i2p/. This link works in my browser configured for i2p. The second link just says "I2P" and has a url of http://mysu.i2p/ which fails to load. Any ideas?
We are thrilled to share our latest development with the community: CheckI2P.com. This tool is designed for anyone using the Invisible Internet Project (I2P) and seeks a fast and reliable way to verify their connection to an I2P Outproxy.
What is CheckI2P.com?
CheckI2P.com is a straightforward web tool that instantly informs you whether your internet traffic is being correctly routed through an I2P Outproxy. When you visit the site, you'll receive one of two messages:
"You are NOT using a known outproxy" – indicating that your current setup is not connected through an I2P Outproxy.
"You are connected to [insert outproxy name]" – confirming that your connection is securely routed through a recognized I2P Outproxy.
Why This Matters
For those not familiar, I2P is a network layer that allows for censorship-resistant, secure, and anonymous communication. Using an Outproxy is crucial for accessing regular websites outside the I2P network.
Contribute to the Project
We are constantly looking to expand our list of recognized outproxies. If you're aware of any reliable outproxies not currently included, feel free to suggest them in the comments. Moreover, for those who are technically inclined, contributions through Pull Requests are greatly appreciated at our GitHub repository: https://github.com/WaxySteelWorm/checki2p.com
Future Plans
Our vision for CheckI2P.com goes beyond its current functionality. We aim to integrate additional tools for testing various I2P functions, thereby making it a comprehensive resource for I2P users. Your feedback on the current iteration and suggestions for future features are immensely valuable to us.
Prowlarr has a setting for per indexer proxy. It seems most people use this for FlareSolverr but it also supports http and socks. I have i2p working and I can set up i2p as a proxy in a browser and everything works. But when I configure it in prowlarr I get an error 500. Has anyone else gotten this to work this way? I've only found a guide for setting up prowlarr with i2p globally but that breaks clearnet trackers.
So I'm trying to bridge to physical locations together. At one location I control the firewall and at the other I don't. I would normally use Wireguard but its all dynamic IPs so it would break every so often.
My though was to use I2P to create a bridge between the 2 places. I will use 0 hops on each with encrypted lease sets.
Is this a sain setup? What drawbacks will this have and will it be problematic? Also what security should I use for my encrypted lease set? I want only one device to connect and no others.
This release, I2P 2.4.0, continues our effort to improve the security and stability of the I2P network. It contains significant improvements to the Network Database, an essential structure within the I2P network used for discovering your peers.
The congestion handling changes will improve network stability by giving routers the ability to relieve congested peers by avoiding them. This will help the network limit the effect of tunnel spam. It will also help the network heal during and after DDoS attacks.
The NetDb changes also help secure individual routers and the applications that use them. Routers can now defend against attackers by separating the NetDB into multiple "Sub-DB's" which we use to prevent information leaks between applications and the router. This also improves the information available to Java routers about their NetDB activity and simplifies our support for multihoming applications.
Also included are a number of bug fixes and enhancements across the I2PSnark and SusiMail applications.
As usual, we recommend that you update to this release. The best way to maintain security and help the network is to run the latest release.
RELEASE DETAILS
Changes
i2psnark: Uncomment and fix local torrent file picker
NetDB: Lookup handler/throttler fixes
Router: Restructure netDb to isolate data received as a client from data received as a router
Router: Implement handling and penalties for congestion caps
Router: Temporarily ban routers publishing in the future
Transports: Disable SSU 1
Bug Fixes
Addressbook: Workaround for i2p-projekt.i2p etag bug (Gitlab #454)
Console: Clear out "proxy must be running" status after success
Console: Don't lose tabs in log messages
Console: Fix sidebar not immediately showing results of manual update check
Console: Fix visibility of radio/checkboxes (light theme)
Console: Prevent overflow of sidebar status
Debian: Change JRE dependency order (Gitlab #443, Debian #1024461)
i2psnark: Increase comment bucket size to reduce duplicates
i2psnark: Prevent start-all from within search results erroring (Gitlab #445)
i2ptunnel: Exempt tunnel name from XSS filter (Gitlab #467)
i2ptunnel: Fix gzip footer check in GunzipOutputStream (Gitlab #458)
I2P+ is an enhanced version of I2P that aims to deliver a superior user experience. Updated themes, easier to understand configuration and diagnostics, and an enhanced feature set make I2P+ a compelling alternative to the official I2P release. Additionally, I2P+ implements improvements to the router's network performance and, for routers that are firewalled, can significantly increase participating traffic and network responsiveness.
Is I2P+ compatible with I2P?
The changes relate to user interaction and enhanced presentation of the console and webapps, in addition to network performance improvements, leaving the underyling crypto untouched, so it remains 100% compatible with I2P. On the network, an I2P+ router will identify as a normal I2P router. Updating from I2P to I2P+, or from I2P+ to I2P, is as simple as providing the router with the relevant update file and restarting.
Installation
If you're running a manually installed version of I2P (from the Java installer, not the Easy Installer Bundle, nor a Linux repository or .deb file), updating is as simple as dropping the i2pupdate.zip file into your I2P application folder and restarting the router. Note: Do not extract the zip file, simply copy it to the I2P application folder and restart I2P... I2P will extract the zip automatically and update. (Java 1.8 or later required). For information about migrating from a repo or .deb install, visit the I2P+ site linked below.
To enable updates for I2P+, visit the update page at http://127.0.0.1:7657/configupdate and enable unsigned development updates. The default update address will inform you of release updates, or for development updates (aka rolling release), replace the address with: http://skank.i2p/dev/i2pupdate.zip
Note: If you have installed I2P from the Easy Installer Bundle, this will need to be uninstalled first and your configuration directory renamed or deleted - see the included INSTALL.txt file for more info.
New in this release (2.4.0+):
Complete console and webapp translations for all listed languages
Optimized and improved Javascript for both the console and I2PSnark
Improved page rendering for console and webapps
I2PSnark filter bar rewritten to use search query parameters instead of Javascript
Additional "Connected" filter option for I2PSnark
Fix lightbox image display feature in I2PSnark
Improved rendering times for identicons
Reverse the order of in-console wrapper logs to match router logs (newest entry first)
Add a magnet column to I2PSnark's main view with a toggle to switch between magnets and links
Process tunnel control requests in the Tunnel Manager in situ to avoid a page reload
Display page load bar when checking for router updates and display latest update info
Indicate on /jobs when table cells are updated
Add security and cache-control headers to resources served by I2PTunnel HTTP server when not present
Improvements to console and webapp themes
Console logging improvements
Note: Update contains a new GeoIP database and full translations for all available languages.
More information
Please visit: skank.i2p or i2pplus.github.io
Changelog: skank.i2p/changelog.html or i2pplus.github.io/changelog.html
Source code is available from: gitlab.com/i2pplus/I2P.Plus or git.skank.i2p/i2pplus/I2P.Plus
Torrent Pool of the latest releases: tracker2.postman.i2p/index.php?view=TPoolDetail&id=1256
Copied from an excellent post by sugarw0000kie on that other site. All credit for the guide to them.
Finally messed around with this and didn't see much about it, feel free to remove if breaking any rules
For this to work you'll need prowlarr, qbittorrent, and the other arrs (radarr/sonarr/readarr etc) and of course i2p router. (You could just use prowlarr to simplify searching for things without sonarr/radarr integration, then you’d just need prowlarr/qbittorrent with i2p)
In prowlarr, we need to set up proxy through i2p. So go settings-->general--> click enable proxy
This seems to work
!
enter your hostname (default 127.0.0.1) and port 4444 or whatever you have your http proxy set to in your i2p install. Make sure to set the ignored addresses with .com/.net etc (* denotes wildcard), so it won't request non i2p addresses through the router, otherwise i believe it will try to search any of your other indexers through i2p which is probably not good
Now you should be able to add Postman tracker like any other tracker in prowlarr as long as it's able to use your router as the proxy
aughta come up like this
!
From here you will need to make sure you have qbittorrent working with i2p. There is a guide floating around for this but to add to that you'll want to get the lt20 version, as the other one (i believe the default download) does not yet offer i2p support
In your i2p router you'll want to make sure your SAM bridge is enabled. Then in qbittorrent go preferences-->connection and enable i2p and put in your router with hostname and port 7656 (i believe that's the default correct me if i'm wrong)
it should look like this, if you don't see this option under \"Connection\" you probly don't have the lt20 version
!
Biglybt doesn't seem to have integration with the *arrs, but assuming you have qbittorrent setup with i2p from there it's a matter of going into radarr/sonarr and adding it as a download client like normal.
If you've never done this before, in qbittorrent under Web ui enable the web interface, should be able to leave the ip address blank (or otherwise enter how sonarr/radarr would need to access it) and enter an unused port like 6969. Put in login credentials. go to localhost:6969 or w/e you used and check that you can see the web interface from qbittorrent.
what mine looks like
!
on sonarr/radarr side, go settings-->download client--> and enter the ip address and port you gave it as well as the username/password. Usually helpful to add a category. Hit the test button to ensure it works
meanwhile in the *arrs
!
(If you just want to use prowlarr w/o sonarr radarr integration to the steps are the same to connect qbittorrent, just done in prowlarr itself. It can be used like a search engine along with all of your clearnet torrent/usenet indexers this way)