luciewho
commented
2 years ago "Post-install work
After running the installer on windows, simply click on the "Start I2P" button which will bring up the router console, which has further instructions.
On Unix-like systems, I2P can be started as a service using the "i2prouter" script, located in the directory you selected for I2P. Changing to that directory in a console and issuing "sh i2prouter status" should tell you the router's status. The arguments "start", "stop" and "restart" control the service. The router console can be accessed at its usual location. For users on OpenSolaris and other systems for which the wrapper (i2psvc) is not supported, start the router with "sh runplain.sh" instead.
When installing for the first time, please remember to adjust your NAT/firewall if you can, bearing in mind the Internet-facing ports I2P uses, described here among other ports. If you have successfully opened your port to inbound TCP, also enable inbound TCP on the configuration page.
Also, please review and adjust the bandwidth settings on the configuration page, as the default settings of 96 KBps down / 40 KBps up are fairly slow.
If you want to reach I2P Sites via your browser, have a look on the browser proxy setup page for an easy howto.
Your web browser will need to be configured in order to browse web sites on I2P and to utilize the outproxies available within I2P. Below are walkthroughs for some of the most popular browsers."
What ports does I2P use? The ports that are used by I2P can be divided into 2 sections:
Internet-facing ports, which are used for communication with other I2P routers Local ports, for local connections These are described in detail below.
Internet-facing ports Note: Since release 0.7.8, new installs do not use port 8887; a random port between 9000 and 31000 is selected when the program is run for the first time. The selected port is shown on the router configuration page. OUTBOUND UDP from the random port listed on the configuration page to arbitrary remote UDP ports, allowing for replies TCP from random high ports to arbitrary remote TCP ports Outbound UDP on port 123, allowing for replies. This is necessary for I2P's internal time sync (via SNTP - querying a random SNTP host in pool.ntp.org or another server you specify) INBOUND (Optional, recommended) UDP to the port noted on the configuration page from arbitrary locations (Optional, recommended) TCP to the port noted on configuration page from arbitrary locations Inbound TCP can be disabled on the configuration page
Local I2P ports, listening only to local connections by default, except where noted: ( INSERT GRAPH)
How can I access the web console from my other machines or password protect it? For security purposes, the router's admin console by default only listens for connections on the local interface. There are two methods for accessing the console remotely:
SSH Tunnel Configuring your console to be available on a Public IP address with a username & password These are detailed below:
SSH Tunnel If you are running a Unix-like Operating System, this is the easiest method for remotely accessing your I2P console. (Note: SSH server software is available for systems running Windows, for example https://github.com/PowerShell/Win32-OpenSSH) Once you have configured SSH access to your system, the '-L' flag is passed to SSH with appropriate arguments - for example: ssh -L 7657:localhost:7657 (System_IP)
where '(System_IP)' is replaced with your System's IP address. This command forwards port 7657 (the number before the first colon) to the remote system's (as specified by the string 'localhost' between the first and second colons) port 7657 (the number after the second colon). Your remote I2P console will now be available on your local system as 'http://localhost:7657' and will be available for as long as your SSH session is active. If you would like to start an SSH session without initiating a shell on the remote system, you can add the '-N' flag: ssh -NL 7657:localhost:7657 (System_IP)
Configuring your console to be available on a Public IP address with a username & password Open ~/.i2p/clients.config and replace clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/
with clientApp.0.args=7657 ::1,127.0.0.1,(System_IP) ./webapps/
where you replace (System_IP) with your system's public IP address Go to http://localhost:7657/configui and add a console username and password if desired - Adding a username & password is highly recommended to secure your I2P console from tampering, which could lead to de-anonymization. Go to http://localhost:7657/index and hit "Graceful restart", which restarts the JVM and reloads the client applications After that fires up, you should now be able to reach your console remotely. Load the router console at http://(System_IP):7657 and you will be prompted for the username and password you specified in step 2 above if your browser supports the authentication popup. NOTE: You can specify 0.0.0.0 in the above configuration. This specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP. Be careful when using this option as the console will be available on ALL addresses configured on your system. How can I use applications from my other machines? Please see the previous answer for instructions on using SSH Port Forwarding, and also see this page in your console: http://localhost:7657/configi2cp
Is it possible to use I2P as a SOCKS proxy? The SOCKS proxy has been functional since release 0.7.1. SOCKS 4/4a/5 are supported. I2P does not have a SOCKS outproxy so it is limited to use within I2P only.
Many applications leak sensitive information that could identify you on the Internet and this is a risk that one should be aware of when using the I2P SOCKS proxy. I2P only filters connection data, but if the program you intend to run sends this information as content, I2P has no way to protect your anonymity. For example, some mail applications will send the IP address of the machine they are running on to a mail server. There is no way for I2P to filter this, thus using I2P to 'socksify' existing applications is possible, but extremely dangerous.
If you would like more information on the socks proxy application anyway, there are some helpful hints on the socks page.