i2p

notes

  • server blinded keys are 56 chars instead of 52 and not viewable without the b33 address in flood fill routers
  • java and c++ implementations
    • both have apps on fdroid
    • browser bundle or proxy port
  • https://github.com/PurpleI2P/i2pd-tools/
    • generate blinded master signing key keygen KeyName 11
    • sign server temp key offlinekeys TempKeyName OfflineKey 11 365
    • output b33 for clients keyinfo -b KeyName
    • x25519 util for base64 DH key for lease set auth
  • by default keys with i2pd-tool keygen are 679 bytes: 256 bytes of public elgammal key, 96 bytes of 'random' padding, 32 bytes of ed pubkey, 3 bytes of cert information, 4 bytes of keytype information, 256 bytes of private elgammal key, 32 bytes of private ed signature key

router

## Default: ~/.i2pd/
#tunconf = /var/lib/i2pd/tunnels.conf
#tunnelsdir = /var/lib/i2pd/tunnels.d
#certsdir = /var/lib/i2pd/certificates

## Logs: stdout, file, syslog. stdout by default
#log = file
#logfile = /var/log/i2pd/i2pd.log
#pidfile = /run/i2pd.pid

#port = 4567
daemon = false
## Enable SSU (UDP) transport
ssu = true
## Bandwidth configuration
## L limit bandwidth to 32KBs/sec, O - to 256KBs/sec, P - to 2048KBs/sec, X - unlimited
bandwidth = O
## Max % of bandwidth limit for transit. 0-100. 100 by default
share = 50

## Enable communication through ipv4/6
ipv4 = true
ipv6 = true
[ssu2] ## Enable SSU2 transport
enabled = true
[sam] ## disable SAM Bridge (app control for bitcoin)
enabled = false
[socksproxy] ## disable SOCKS Proxy
enabled = false
[httpproxy] ## Enable HTTP Proxy for eep sites (4444)
enabled = true
[http] ## Enable Web Console (7070)
enabled = true
[ntcp2] ## Enable NTCP2 transport (TCP) (default = true)
enabled = true
[upnp] ## disable UPnP (enabled by default in WINDOWS, ANDROID)
enabled = false
[i2cp] ##  Enable I2CP protocol for torrent clients (7654)
enabled = true

[addressbook] ## Default: reg.i2p at "mainline" I2P Network. ex http://tracker2.postman.i2p http://tube.i2p http://get-monero.i2p
#defaulturl = http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
#subscriptions = http://reg.i2p/hosts.txt,http://identiguy.i2p/hosts.txt,http://stats.i2p/cgi-bin/newhosts.txt,http://rus.i2p/hosts.txt

tunnel configs

  • wireguard server
[wg-simple-server]
type = udpserver # server
keys = wg.dat
host = 127.0.0.1
port = 1337
gzip = false # save cpu not trying to compress encypted wg data
#accesslist = ClientB32Address.b32.i2p,ClientB32Addr.b32.i2p
signaturetype = 11 # blinded
i2cp.leaseSetType = 5 # encypted lease set
#i2cp.leaseSetAuthType = 1 # DH Auth
#i2cp.leaseSetClient.dh.111 = phone:PublicKeyBase64Enc
#i2cp.leaseSetClient.dh.112 = laptop:PublicKeyBase64Enc
#i2cp.leaseSetClient.dh.113 = netbook:PublicKeyBase64Enc
#outbound.quantity = 5 # 16 max
#inbound.quantity = 5
outbound.length = 1 # 8 max
inbound.length = 1

[wg-simple-client]
type = udpclient
destination = ServerB33Address.b32.i2p
port = 1337
gzip = false # save cpu not trying to compress encypted wg data
matchtunnels = true # align tunnels for latency
i2cp.dontPublishLeaseSet = true
#i2cp.leaseSetPrivKey = PrivateBase64Enc
outbound.length = 1 # lower privacy with better speed
inbound.length = 1

dread.i2p=http://dreadtoobigdsrxg4yfspcyjr3k6675vftyco5pyb7wg4pr4dwjq.b32.i2p
z-lib.i2p=http://kkd7tiqf5lv3olqfdnkw4znmmmmnjo2xqlxrp5ntthp6juowaiha.b32.i2p