FAQ: Software Troubleshooting

[Shoalsteed]

I2P Router Help What systems will I2P run on? I2P is written in the Java programming language. It has been tested on Windows, Linux, FreeBSD and OSX. An Android port is also available.

In terms of memory usage, I2P is configured to use 128 MB of RAM by default. This is sufficient for browsing and IRC usage. However, other activities may require greater memory allocation. For example, if one wishes to run a high-bandwidth router, participate in I2P torrents or serve high-traffic hidden services, a higher amount of memory is required.

In terms of CPU usage, I2P has been tested to run on modest systems such as the Raspberry Pi range of single-board computers. As I2P makes heavy use of cryptographic techniques, a stronger CPU will be better suited to handle the workload generated by I2P as well as tasks related to the rest of the system (i.e. Operating System, GUI, Other processes e.g. Web Browsing).

A comparison of some of the available Java Runtime Environments (JRE) is available here: https://trac.i2p2.de/wiki/java. Using Sun/Oracle Java or OpenJDK is recommended.

Is installing Java required to use I2P? While the main I2P client implementation requires Java, there are several alternative clients which don't require Java.

How do I configure my browser? The proxy config for different browsers is on a separate page with screenshots. More advanced configs with external tools, such as the browser plug-in FoxyProxy or the proxy server Privoxy, are possible but could introduce leaks in your setup.

How do I connect to IRC within I2P? A tunnel to the main IRC server within I2P, Irc2P, is created when I2P is installed (see the I2PTunnel configuration page), and is automatically started when the I2P router starts. To connect to it, tell your IRC client to connect to localhost 6668. HexChat-like client users can create a new network with the server localhost/6668 (remember to tick "Bypass proxy server" if you have a proxy server configured). Weechat users can use the following command to add a new network:

/server add irc2p localhost/6668

How do I set up my own I2P Site? The I2P software provides its own anonymous I2P webserver (traditionally referred to as an eepsite). To serve your own content, simply edit the files in the webserver's root directory and the site will be public once you follow the instructions found on the Web Server page http://127.0.0.1:7658/help/.

What is an "I2P Site?" Formerly called an eepSite, an I2P Site is a website that is hosted anonymously, a hidden service which is accessible through your web browser. It can be accessed by setting your web browser's HTTP proxy to use the I2P web proxy (typically it listens on localhost port 4444), and browsing to the site. Detailed instructions for configuring your browse can be found on the browser configuration page.

How Does I2P find ".i2p" websites? The I2P Address Book application maps human-readable names to long-term destinations, associated with services, making it more like a hosts file or a contact list than a network database or a DNS service. It's also local-first there is no recognized global namespace, you decide what any given .i2p domain maps to in the end. The middle-ground is something called a "Jump Service" which provides a human-readable name by redirecting you to a page where you will be asked "Do you give the I2P router permission to call $SITE_CRYPTO_KEY the name $SITE_NAME.i2p" or something to that effect. Once it's in your address book, you can generate your own jump URL's to help share the site with others.

How do I add addresses to the Address Book? You cannot add an address without knowing at least the base32 or base64 of the site you want to visit. The "hostname" which is human-readable is only an alias for the cryptographic address, which corresponds to the base32 or base64. Without the cryptographic address, there is no way to access an I2P Site, this is by design. Distributing the address to people who do not know it yet is usually the responsibility of the Jump service provider. Visiting an I2P Site which is unknown will trigger the use of a Jump service. stats.i2p is the most reliable Jump service.

If you're hosting a site via i2ptunnel, then it won't have a registration with a jump service yet. To give it a URL locally, then visit the configuration page and click the button that says "Add to Local Address Book." Then go to http://127.0.0.1:7657/dns to look up the addresshelper URL and share it.

What do the Active x/y numbers mean in the router console? x is the number of peers you've sent or received a message from successfully in the last minute, y is the number of peers seen in the last hour or so. Try hovering your cursor over the other lines of information for a brief description.

In wrapper.log I see an error that states "Protocol family unavailable" when loading the Router Console Often this error will occur with any network enabled java software on some systems that are configured to use IPv6 by default. There are a few ways to solve this:

On Linux based systems, you can echo 0 > /proc/sys/net/ipv6/bindv6only Look for the following lines in wrapper.config.

wrapper.java.additional.5=-Djava.net.preferIPv4Stack=true

wrapper.java.additional.6=-Djava.net.preferIPv6Addresses=false

If the lines are there, uncomment them by removing the "#"s. If the lines are not there, add them without the "#"s. Another option would be to remove the ::1 from ~/.i2p/clients.config WARNING: For any changes to wrapper.config to take effect, you must completely stop the router and the wrapper. Clicking Restart on your router console will NOT reread this file! You must click Shutdown, wait 11 minutes, then start I2P.

Most of the I2P Sites within I2P are down? If you consider every I2P Site that has ever been created, yes, most of them are down. People and I2P Sites come and go. A good way to get started in I2P is check out a list of I2P Sites that are currently up. http://identiguy.i2p.xyz tracks active I2P Sites.

Why is I2P listening on port 32000? The Tanuki java service wrapper that we use opens this port —bound to localhost— in order to communicate with software running inside the JVM. When the JVM is launched it is given a key so it can connect to the wrapper. After the JVM establishes its connection to the wrapper, the wrapper refuses any additional connections.

More information can be found in the wrapper documentation.

How do I access IRC, BitTorrent, or other services on the regular Internet? Unless an outproxy has been specifically set up for the service you want to connect to, this cannot be done. There are only three types of outproxies running right now: HTTP, HTTPS, and email. Note that there is no SOCKS outproxy. If this type of service is required, we recommend that you use Tor. Please be aware that the Tor project recommends against using BitTorrent over Tor, as there are serious anonymity-related issues associated with doing so.

[Shoalsteed]

Sidebar Messages

While I2P will work fine behind most firewalls, your speeds and network integration will generally improve if the I2P port is forwarded for both UDP and TCP. If you think you have opened up your firewall and I2P still thinks you are firewalled, remember that you may have multiple firewalls, for example both software packages and external hardware routers. If there is an error, the logs may also help diagnose the problem.

OK: Your UDP port does not appear to be firewalled.

Firewalled: Your UDP port appears to be firewalled. As the firewall detection methods are not 100% reliable, this may occasionally be displayed in error. However, if it appears consistently, you should check whether both your external and internal firewalls are open for your port. I2P will work fine when firewalled, there is no reason for concern. When firewalled, the router uses "introducers" to relay inbound connections. However, you will get more participating traffic and help the network if you open your firewall. If you think you have already done so, remember that you may have both a hardware and a software firewall, or be behind an additional, institutional firewall you cannot control. Also, some routers cannot correctly forward both TCP and UDP on a single port, or may have other limitations or bugs that prevent them from passing traffic through to I2P.

Testing: The router is currently testing whether your UDP port is firewalled.

Hidden: The router is not configured to publish its address, therefore it does not expect incoming connections. Hidden mode is automatically enabled for added protection in certain countries. Too see the countries that are on this list refer to the Strict Countries List. WARN - Firewalled and Fast: You have configured I2P to share more than 128KBps of bandwidth, but you are firewalled. While I2P will work fine in this configuration, if you really have over 128KBps of bandwidth to share, it will be much more helpful to the network if you open your firewall.

WARN - Firewalled and Floodfill: You have configured I2P to be a floodfill router, but you are firewalled. For best participation as a floodfill router, you should open your firewall.

WARN - Firewalled with Inbound TCP Enabled: You have configured inbound TCP, however your UDP port is firewalled, and therefore it is likely that your TCP port is firewalled as well. If your TCP port is firewalled with inbound TCP enabled, routers will not be able to contact you via TCP, which will hurt the network. Please open your firewall or disable inbound TCP above.

WARN - Firewalled with UDP Disabled: You have configured inbound TCP, however you have disabled UDP. You appear to be firewalled on TCP, therefore your router cannot accept inbound connections. Please open your firewall or enable UDP.

ERR - Clock Skew: Your system's clock is skewed, which will make it difficult to participate in the network. Correct your clock setting if this error persists.

ERR - Private TCP Address: You must never advertise an unroutable IP address such as 127.0.0.1 or 192.168.1.1 as your external address. Correct the address or disable inbound TCP on the Network Configuration page.

ERR - SymmetricNAT: I2P detected that you are firewalled by a Symmetric NAT. I2P does not work well behind this type of firewall. You will probably not be able to accept inbound connections, which will limit your participation in the network.

ERR - UDP Port In Use - Set i2np.udp.internalPort=xxxx in advanced config and restart: I2P was unable to bind to the configured port noted on the advanced network configuration page . Check to see if another program is using the configured port. If so, stop that program or configure I2P to use a different port. This may be a transient error, if the other program is no longer using the port. However, a restart is always required after this error.

ERR - UDP Disabled and Inbound TCP host/port not set: You have not configured inbound TCP with an address and port on the Network Configuration page, however you have disabled UDP. Therefore your router cannot accept inbound connections. Please configure a TCP host and port on the Network Configuration page or enable UDP.

ERR - Client Manager I2CP Error - check logs: This is usually due to a port 7654 conflict. Check the logs to verify. Do you have another I2P instance running? Stop the conflicting program and restart I2P.

[Shoalsteed]

Connection Issues

My router has been up for several minutes and has zero or very few connections New installations of I2P carry out the reseeding process automatically, as well as when the number of known peers falls to a drastically low value. If you need to carry out a reseed of your router, please see the reseed instructions.

How do I reseed manually? An I2P router only needs to be seeded once, to join the network for the first time. Reseeding involves fetching multiple "RouterInfo" files (bundled into a signed zip-file) from at least two predefined server URLs picked from a volunteer-run group of non-private internet HTTPS servers.

A typical symptom of a failed reseed is the "Known" indicator (on the left sidebar of the router console) displaying a very small value (often less than 5) which does not increase. This can occur, among other things, if your local firewall limits outbound traffic or if the reseed request is blocked entirely.

If you are stuck behind an ISP firewall or filter, you can use the following manual method (non-automated technical solution) to join the I2P network.

As of release 0.9.33, you may also configure your router to reseed through a proxy. Go to http://localhost:7657/configreseed and configure the proxy type, hostname, and port.

Joining the I2P Network using a reseed file Please contact a known trustworthy friend who has a running I2P router, and ask them for help with reseeding your I2P router. Request that they send you a reseed file exported from their running I2P router. It is vital that the file is exchanged over a secure channel, e.g. encrypted to avoid external tampering (PGP Sign, Encrypt and Verified with a trusted public key). The file itself is unsigned, so please accept files only from known trusted friends. Never import a reseed file if you can not verify its source.

To import the received i2preseed.zip file into your local I2P router:

Go to http://localhost:7657/configreseed Under "Manual Reseed from File" click "Browse..." Select the i2preseed.zip file Click "Reseed from File" Check the log for the following message: Reseed got 100 router infos from file with 0 errors

Sharing a reseed file For trusted friends you can use your local I2P router to give them a jump start:

Go to http://localhost:7657/configreseed Under "Create Reseed File" click "Create reseed file" Securely send the i2preseed.zip file to your friend Do not reveal this file in any case to unknown users, since it contains sensitive private data (100 RouterInfo) from your own I2P router! In order to protect your anonymity: you may wait a few random hours/days before you share the file with your trusted friend. It is also advisable to use this procedure sparingly (< 2 per week).

General guidelines for manual reseeding of I2P Do not publicly publish the reseed file or share these files with a friend of a friend! This file should be used only for a very limited number of friends (< 3)! The file is valid only a few days (< 20)!

Internet Access/Performance

I can't access regular Internet sites through I2P. I2P is primarily not intended, nor designed, to be used as a proxy to the regular internet. With that said, there are services which are provided by volunteers that act as proxies to non-private internet based content - these are referred to as "outproxies" on the I2P network. There is an outproxy configured by default in I2P's HTTP client tunnel - false.i2p. While this service does currently exist, there is no guarantee that it will always be there as it is not an official service provided by the I2P project. If your main requirement from an anonymous network is the ability to access non-private internet resources, we would recommend using Tor.

I can't access https:// or ftp:// sites through I2P. HTTPS Within I2P, there is no requirement to use HTTPS. All traffic is encrypted end-to-end, any further encryption, e.g. with the use of HTTPS, doesn't create any further anonymity-related benefits. However, if one would like to use HTTPS or has a requirement to do so, the existing default I2P HTTP Proxy has support for HTTPS traffic. Any hidden service operator would have to specifically set up and enable HTTPS access.

FTP FTP is not supported for technical reasons. There are no FTP "outproxies" to the Internet—it may not even be possible to set up one. Any other kind of outproxy may work if it's set up with a standard tunnel. If you would like to set up some type of outproxy, carefully research the potential risks. The I2P community may or may not be able to help with the technical aspects, feel free to ask. As explained several times above, any existing outproxy isn't a core part of the network. They are services run by individuals and they may or may not be operational at any given time. My router is using a large amount of CPU, what can I do about this? There are many possible causes of high CPU usage. Here is a checklist:

Java Runtime Environment Try to use either OpenJDK or Sun/Oracle Java if it's available for your system. You can check which version of java you have installed by typing java -version at a command/shell prompt. Performance tends to suffer with other implementations of java. File sharing applications, e.g. BitTorrent Are you running a BitTorrent client over I2P? Try reducing the number of torrents, the bandwidth limits, or try turning it off completely to see if that helps.

High bandwidth settings Are your bandwidth limits set too high? It is possible that too much traffic is going through your I2P router and it is overloaded. Try reducing the setting for share bandwidth percentage on the configuration page.

I2P Version Make sure that you're running the latest version of I2P to get the benefits of increased performance and bug fixes.

Memory allocation Has enough memory been set aside for use by I2P? Look at the memory graph on the graphs page to see if the memory usage is "pegged"—the JVM is spending most of its time in garbage collection. Increase the setting wrapper.java.maxmemory in the file wrapper.config.

Bursts of high-usage vs. constant 100% usage Is the CPU usage simply higher than you would like, or is it pegged at 100% for a long time? If it is pegged, this could be a bug. Look in the logs for clues.

Java-related You may be using the Java-based BigInteger library instead of the native version, especially if you are running on a new or unusual OS or hardware (OpenSolaris, mipsel, etc.). See the jbigi page for instructions on diagnosing, building, and testing methods.

Participating tunnels If your native jbigi library is working fine, the biggest user of CPU may be routing traffic for participating tunnels. This uses CPU because at each hop a layer of encryption must be decoded. You can limit participating traffic in two ways - by reducing the share bandwidth on the confignet page, or by setting router.maxParticipatingTunnels=nnn on the configadvanced page.

My router has very few active peers, is this OK?

If your router has 10 or more active peers, everything is fine. The router should maintain connections to a few peers at all times. The best way to stay "better-connected" to the network is to share more bandwidth. The amount of bandwidth that is shared by the router can be changed on the configuration page: http://localhost:7657/config

My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong?

No, there isn't anything wrong. This is normal behavior. All routers adjust dynamically to changing network conditions and demands. Routers come online and go offline depending on whether the system it is installed on is operational or not, as well as whether there is an available network connection. Your router is constantly updating its local Network Database. Tunnels which your router is participating in expire every 10 minutes and may or may not be rebuilt through your router.

What makes downloads, torrents, web browsing, and everything else slower on I2P as compared to the regular internet? The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth. We can try to clarify this with the aid of a diagram:

In this diagram, the path that some I2P traffic takes as it travels through the network is traced. A user's I2P router is denoted by the box labeled 'A' and an I2P Hidden Service (for example, the http://stats.i2p website) is labelled as 'B'. Both the client and the server are using 3-hop tunnels, these hops are represented by the boxes labelled 'P', 'Q', 'R', 'X', 'Y', 'Z', 'P_1', 'Q_1', 'R'_1, 'X_1', 'Y_1' and 'Z_1'.

The boxes labelled 'P', 'Q' and 'R' represent an outbound tunnel for A while the boxes labelled 'X_1', 'Y_1', 'Z_1' represent an outbound tunnel for 'B'. Similarly, the boxes labelled 'X', 'Y' and 'Z' represent and inbound tunnel for 'B' while the boxes labelled 'P_1', 'Q_1' and 'R_1' represent an inbound tunnel for 'A'. The arrows in between the boxes show the direction of traffic. The text above and below the arrows detail some example bandwidth between a pair of hops as well as example latencies.

When both client and server are using 3-hop tunnels throughout, a total of 12 other I2P routers are involved in relaying traffic. 6 peers relay traffic from the client to the server which is split into a 3-hop outbound tunnel from 'A' ('P', 'Q', 'R') and a 3-hop inbound tunnel to 'B' ('X', 'Y', 'Z'). Similarly, 6 peers relay traffic from the server to back to the client.

First, we can consider latency - the time that it takes for a request from a client to traverse the I2P network, reach the the server and traverse back to the client. Adding up all latencies we see that:

40 + 100 + 20 + 60 + 80 + 10 + 30 ms (client to server)

• 60 + 40 + 80 + 60 + 100 + 20 + 40 ms (server to client)

  TOTAL: 740 ms The total round-trip time in our example adds up to 740 ms - certainly much higher than what one would normally see while browsing regular internet websites.

Second, we can consider available bandwidth. This is determined through the slowest link between hops from the client and server as well as when traffic is being transmitted by the server to the client. For traffic going from the client to the server, we see that the available bandwidth in our example between hops 'R' & 'X' as well as hops 'X' & 'Y' is 32 KB/s. Despite higher available bandwidth between the other hops, these hops will act as a bottleneck and will limit the maximum available bandwidth for traffic from 'A' to 'B' at 32 KB/s. Similarly, tracing the path from server to client shows that there is maximum bandwidth of 64 KB/s - between hops 'Z_1' & 'Y_1, 'Y_1' & 'X_1' and 'Q_1' & 'P_1'.

It is recommended to increase your bandwidth limits. This helps the network by increasing the amount of available bandwidth which will in turn improve your I2P experience. Bandwidth settings are located on the http://localhost:7657/config page. Please be aware of your internet connection's limits as determined by your ISP, and adjust your settings accordingly.

Additionally, setting a sufficient amount of shared bandwidth - this allows for participating tunnels to be routed through your I2P router. Allowing participating traffic keeps your router well-integrated in the network and improves your transfer speeds.

Improvements and fixes are being implemented constantly. Running the latest release will help your performance, and help keep you and the rest of the network safe.

[Shoalsteed]

https://github.com/Shoalsteed/UX/issues/36 ( this was sent to IDK to update the site originally, it is what is being referenced here.