[FreeBSD] Can't access local hidden service website via Socks/HTTP proxy after ~1 hour

[Catgasm]

i2pd website stops working after 1-2 hour, running as _i2pd user (created by installer), http and socks proxy works just fine. Also, there was no default config file in /var/db/i2pd so I created mine. No suspicious errors in logfile. Any ideas?

OS: FreeBSD 11.1-RELEASE-p10 (generic kernel)
i2pd: i2pd-2.18.0 (installed from pkg)
kern.maxfiles: 1043143
kern.maxfilesperproc: 938826
kern.openfiles: 2310
kern.ipc.maxsockets: 1043144
kern.ipc.numopensockets: 1916

i2pd.conf:

ipv4 = true
bandwidth = X
floodfill = true
limits.openfiles = 0
limits.coresize = 0
limits.ntcpsoft = 0
limits.ntcphard = 0

[orignal]

set system ulimit to at least 4096

[Catgasm]

Hello, orignal. ulimit -n is bigger than 4096 already (kern.maxfilesperproc: 938826).

root@FreeBSD:~ # ulimit -n
938826

[orignal]

what exactly doesn't work? Nobody can find a LeaseSet, not responding or what?

[Catgasm]

No, everything seems fine, I can browse .i2p websites, my eepsite is also works. But after ~1 hours browser shows me "Connection Interrupted. The document contains no data.". If I reboot i2pd process and try to load my eppsite again - it works as it should.

Stats (10 minute uptime)

Routers: 5026 Floodfills: 1582 LeaseSets: 54
Client Tunnels: 35 Transit Tunnels: 1324

[majestrate]

socks proxy or http proxy?

[Catgasm]

socks and http proxy still working at any time, seems like it doesn't matter. There is no firewall btw.

[orignal]

try another browser just in case

[Catgasm]

Tried Firefox on Linux and Firefox on Windows, tried Seamonkey, same thing. Tried to use another PC as i2p proxy to open my eepsite. Still no luck. I will reinstall i2pd from ports.

[orignal]

check ntp, maybe time sync issue

[Catgasm]

Nope, there was ~47s difference when I synced time but same thing happens.

[Catgasm]

• Tried to reboot PC
• Tried to install i2pd using ports
• Tried to run i2pd as root
• Tried to change tunnel type from http to server Same thing - eepsite stops working after ~1 hour ("The connection was reset") Suggestions?

[orignal]

the suggestion is to look at http://127.0.0.1:7070 and see what's wrong.

[Catgasm]

Can you tell me where exactly should I look? Everything seems to be fine:

Uptime: 6 hours, 41 min, 0 seconds
Network status: OK
Tunnel creation success rate: 42%
Received: 3.14 GiB (171.75 KiB/s)
Sent: 3.29 GiB (181.06 KiB/s)
Transit: 2.80 GiB (150.14 KiB/s)
Data path: /var/db/i2pd
Routers: 4764 Floodfills: 1407 LeaseSets: 82
Client Tunnels: 44 Transit Tunnels: 1118

I2PTunnels -> Server tunnels have both inbound and outbound tunnels for this eepsite.

[orignal]

Find that destination you have troubles with and see if there are tunnels, leasesets, streams, etc,.

[Catgasm]

LeaseSets: 0
Five inbound and outbound tunnels
Tags
Incoming: 20
Outgoing: 8 (hidden)
No stream at all (only heading is visible)

[orignal]

If you try to connect and no LeaseSets most likely you can't find LeaseSet of that destination. And this means that destination is down. Please make sure it's stable first.

[Catgasm]

Then why it loads just fine after I restart i2pd and became broken after some period of time? What should I do? Just wait a couple of days?

[l-n-s]

@Catgasm this error must be reproducible, otherwise we can't help.

If someone else is running on FreeBSD, please let us know about your experience.

[orignal]

Is it broken with particular site or with any site? Try to connect to 333.i2p and see if it works. If it works than the problem is with that address you are connecting to.

[Catgasm]

Orignal, I can browse all .i2p websites without a problem, I just can't host my own eepsite. Well, I CAN host it, it will work as it should within 30-60 minutes after start but then I receive only "The connection was reset" in browser. But I still can browse other .i2p websites. It's not an ulimit problem, I tried to run i2pd as root, I checked ulimit for default _i2pd user. It's not a browser problem. It's not a hardware problem (CPU load is about 5-10% total, lots of free RAM, 1Gb network). It's not a webserver problem - tried to use another one, tried to change settings. I am using Hetzner dedicated server if that matters.

[orignal]

Than why do you think that's a problem with i2pd rather than with your web server? Are you trying to connect through http proxy? It must show relevant i2pd error, like unknown address or "Host not found".

[Catgasm]

Because I tried both nginx and apache, no errors or warnings in logs, restarting them (in case of some hanged connections, locked stuff or something) also gives no effect. Accessing webserver by IP works as it should.

[orignal]

You have to investigate this issue by yourself. Do you have incoming request at you webserver? What do you see in headers? If no, do you see it's LeasSet published? There is no "magic button" to solve the problem and nobody here is going to do it instead you.

[l-n-s]

I will investigate this issue myself, if it happens on my box - will reopen it

[Catgasm]

@orignal no requests at logs (when this eepsite problem appears). Nothing unusual in request headers, host header with b32.i2p, useragent, accept and so on. No response headers at all. I checked Local destination info (I2P Tunnels -> Server tunnels) when I was trying to load local eepsite and now there is a 1 LeaseSet and two streams (because I reloaded page twice).

StreamID | Destination | Sent | Received | Out | In | Buf | RTT | Window | Status
439107008 | txyjt7f2e3xixke6meznhfxhxmm65kvpfepcif2l63ezhecufxga.b32.i2p | 3353 | 707 | 1 | 1 | 0 | 1521 | 1 | 3
1141882115 | txyjt7f2e3xixke6meznhfxhxmm65kvpfepcif2l63ezhecufxga.b32.i2p | 2874 | 654 | 1 | 1 | 0 | 8000 | 1 | 3

[Catgasm]

Reinstalled OS, only i2pd and Apache installed. Same thing - eepsite inaccessible after 1 hour.

Tried i2p (Java) and everything works fine even after 2d uptime.

[r4sas]

Try check release 2.18 repository state, maybe you will find at which commit that starts?

[orignal]

@Catgasm I told you stop complaining the way "nothing works". You have to find out what happens exactly through the logs of both sides (i2pd and apache).

[Catgasm]

How the hell should I find this out if there are nothing unusual in logs? No errors, nothing. And this is not an Apache fault because it's not logging any "reset" requests, so there is problem on i2pd side somewhere. It's not a good sign when this happens even after clean installation of OS, no firewall, only base OS, web-server and i2pd. There are Streams and LeaseSets, in- and out- tunnels. But still local eepsite stops working after some time with no reason. Same installation on Linux works fine, and so do Java i2p. @r4sas OK. But I will also try to run 2.17.0. Just in case.

[g00g1]

I am running into the same issue with unavailability of the hosted eepsite after some period of time.

$ i2pd --version
i2pd version 2.46.1 (0.9.57)
Boost version 1.81.0
OpenSSL 1.1.1t  7 Feb 2023

$ curl -v --proxy socks5h://127.0.0.1:4447 http://<REDACTED, locally hosted eepsite>.b32.i2p/
*   Trying 127.0.0.1:4447...
* Connected to 127.0.0.1 (127.0.0.1) port 4447 (#0)
* SOCKS5 connect to <REDACTED, locally hosted eepsite>.b32.i2p:80 (remotely resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 4447 (#0)
> GET / HTTP/1.1
> Host: <REDACTED, locally hosted eepsite>.b32.i2p
> User-Agent: curl/8.0.1
> Accept: */*
> 
* Empty reply from server
* Closing connection 0
curl: (52) Empty reply from server

$ cat /etc/security/limits.d/i2pd.conf 
i2pd           soft    nofile          40000
i2pd           hard    nofile          65536

I observe exactly the same behavior both for HTTP and SOCKS5 proxies.

[Vort]

@g00g1 first of all, 2.46.1 is too old. It is better to test with version built from latest commit. Second, what type of tunnel you used? server or http? It make sense to try both and look if there will be difference.

[g00g1]

@Vort, after running i2pd node for more than 24 hours it seems like my issue was resolved by updating to 2.47.0.