In terms of memory usage, I2P is configured to use 128 MB of RAM by default. This is sufficient for browsing and IRC usage. However, other activities may require greater memory allocation. For example, if one wishes to run a high-bandwidth router, participate in I2P torrents or serve high-traffic hidden services, a higher amount of memory is required.
In terms of CPU usage, I2P has been tested to run on modest systems such as the Raspberry Pi range of single-board computers. As I2P makes heavy use of cryptographic techniques, a stronger CPU will be better suited to handle the workload generated by I2P as well as tasks related to the rest of the system (i.e. Operating System, GUI, Other processes e.g. Web Browsing).
A comparison of some of the available Java Runtime Environments (JRE) is available here: https://trac.i2p2.de/wiki/java. Using Sun/Oracle Java or OpenJDK is recommended.
Sementara implementasi klien I2P utama membutuhkan Java, ada beberapa alternatif klien yang tidak memerlukan Java.
An eepsite is a website that is hosted anonymously, a hidden service which is accessible through your web browser. It can be accessed by setting your web browser's HTTP proxy to use the I2P web proxy (typically it listens on localhost port 4444), and browsing to the site.
x is the number of peers you've sent or received a message from successfully in the last minute, y is the number of peers seen in the last hour or so. Try hovering your cursor over the other lines of information for a brief description.
No. Unlike Tor, "exit nodes" - or "outproxies" as they are referred to on the I2P network - are not an inherent part of the network. Only volunteers who specifically set up and run separate applications will relay traffic to the regular Internet. There are very, very few of these. By default, I2P's HTTP Proxy (configured to run on port 4444) includes a single outproxy: false.i2p. This is run on a voluntary basis by Meeh. There is an outproxy guide available on our forums, if you would like to learn more about running an outproxy.
Yes, and this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections.
While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.
I2P is primarily not intended, nor designed, to be used as a proxy to the regular internet. With that said, there are services which are provided by volunteers that act as proxies to clearnet based content - these are referred to as "outproxies" on the I2P network. There is an outproxy configured by default in I2P's HTTP client tunnel - false.i2p. While this service does currently exist, there is no guarantee that it will always be there as it is not an official service provided by the I2P project. If your main requirement from an anonymous network is the ability to access clearnet resources, we would recommend using Tor.
I2P does not encrypt the Internet, neither does Tor - for example, through Transport Layer Security (TLS). I2P and Tor both aim to transport your traffic as-is securely and anonymously over the corresponding network, to its destination. Any unencrypted traffic generated at your system will arrive at the outproxy (on I2P) or the exit node (on Tor) as unencrypted traffic. This means that you are vulnerable to snooping by the outproxy operators. One way to protect your outproxy traffic against this is to ensure that any traffic that will be handled by the outproxy is encrypted with TLS.
For more information, you may read the Tor FAQ's answer to this question: https://www.torproject.org/docs/faq#CanExitNodesEavesdrop
In addition, you may be vulnerable to collusion between the outproxy operator and operators of other I2P services, if you use the same tunnels ("shared clients"). There is additional discussion about this on zzz.i2p. This discussion has been mirrored on our forums as well.
Ultimately, this is a question that only you can answer because the correct answer depends on your browsing behaviour, your threat model, and how much you choose to trust the outproxy operator.
I2P is an anonymous network - it is designed to withstand attempts at blocking or censoring of content, thus providing a means for communication that anyone can use. I2P traffic that transits through your router is encrypted with several layers of encryption. Except in the case of a serious security vulnerability (of which none are currently known), it is not possible to know what the contents of the traffic are and thus not possible to distinguish between traffic which one is opposed to or not opposed to. We consider the 3 parts of the question:
All traffic on I2P is encrypted in multiple layers. You don't know a message's contents, source, or destination. All traffic you route is internal to the I2P network, you are not an exit node (referred to as an outproxy in our documentation). Your only alternative is to refuse to route any traffic, by setting your share bandwidth or maximum participating tunnels to 0 (see above). It would be nice if you didn't do this, you should help the network by routing traffic for others. Over 95% of users route traffic for others.
I2P does not do distributed storage of content, this has to be specifically installed and configured by the user (with Tahoe-LAFS, for example). That is a feature of a different anonymous network, Freenet. By running I2P, you are not storing content for anyone.
If there are hidden services which you dislike, you may refrain from visiting them. Your router will not request any content without your specific instruction to do so.
The proxy config for different browsers is on a separate page with screenshots. More advanced configs with external tools, such as the browser plug-in FoxyProxy or the proxy server Privoxy, are possible but could introduce leaks in your setup.
A tunnel to the main IRC server within I2P, Irc2P, is created when I2P is installed (see the I2PTunnel configuration page), and is automatically started when the I2P router starts.
To connect to it, tell your IRC client to connect to
HexChat-like client users can create a new network with the server
localhost/6668 (remember to tick "Bypass proxy server" if you have a proxy server configured).
Weechat users can use the following command to add a new network:
/server add irc2p localhost/6668
Click on the Website link at the top of your router console for instructions.
The ports that are used by I2P can be divided into 2 sections:
- Internet-facing ports, which are used for communication with other I2P routers
- Local ports, for local connections
These are described in detail below.
- Internet-facing ports
Note: Since release 0.7.8, new installs do not use port 8887; a random port between 9000 and 31000 is selected when the program is run for the first time. The selected port is shown on the router configuration page.
- UDP from the random port listed on the configuration page to arbitrary remote UDP ports, allowing for replies
- TCP from random high ports to arbitrary remote TCP ports
- Outbound UDP on port 123, allowing for replies. This is necessary for I2P's internal time sync (via SNTP - querying a random SNTP host in pool.ntp.org or another server you specify)
- Local I2P ports, listening only to local connections by default, except where noted:
PORT PURPOSE DESKRIPSI 1900 UPnP SSDP UDP multicast listener Cannot be changed. Binds to all interfaces. May be disabled on confignet. 2827 BOB bridge A higher level socket API for clients. Disabled by default. May be enabled/disabled on configclients. May be changed in the bob.config file. 4444 HTTP proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces. 4445 HTTPS proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces. 6668 IRC proxy May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces. 7652 HTTP TCP event listener Binds to the LAN address. May be changed with advanced config
i2np.upnp.HTTPPort=nnnn. May be disabled on confignet.
7653 UPnP SSDP UDP search response listener Binds to the LAN address. May be changed with advanced config
i2np.upnp.SSDPPort=nnnn. May be disabled on confignet.
7654 I2P Client Protocol port Used by client apps. May be changed to a different port on configclients but this is not recommended. May be to bind to a different interface or all interfaces, or disabled, on configclients. 7655 UDP for SAM bridge A higher level socket API for clients Only opened when a SAM V3 client requests a UDP session. May be enabled/disabled on configclients. May be changed in the
clients.configfile with the SAM command line option
7656 SAM bridge A higher level socket API for clients Disabled by default for new installs as of release 0.6.5. May be enabled/disabled on configclients. May be changed in the
7657 Your router console May be disabled in the
clients.configfile. May also be configured to be bound to a specific interface or all interfaces in that file.
7658 Your eepsite May be disabled in the
clients.configfile. May also be configured to be bound to a specific interface or all interfaces in the
7659 Outgoing mail to smtp.postman.i2p 7660 Outgoing mail to smtp.postman.i2p 8998 mtn.i2p-projekt.i2p (Monotone) 31000 Local connection to the wrapper control channel port Outbound to 32000 only, does not listen on this port. Starts at 31000 and will increment until 31999 looking for a free port. To change, see the wrapper documentation. For more information see below. 32000 Local control channel for the service wrapper To change, see the wrapper documentation. For more information see below.
Port I2P lokal dan port I2PTunnel tidak perlu dapat dicapai dari remote machine, tetapi *harus* dapat dijangkau oleh komputer anda secara locakl anda juga dapat membuat tambahan port untuk I2PTunnel instances melalui http://localhost:7657/i2ptunnel / (dan pada gilirannya, akan perlu membuat firewall anda untuk memungkinkan anda akses lokal, tetapi akses remote tidak, kecuali jika diinginkan).
Jad kesimpulannya, tidak ada yang perlu dicapai oleh remote peer yang tidak diketahui, tetapi jika anda dapat mengkonfigurasi NAT/firewall anda supaya inbound UDP dan TCP outbound facing port , anda akan mendapatkan kinerja yang lebih baik. Anda juga perlu untuk dapat mengirimkan paket-paket UDP outbound kepada arbitrary remote peers (memblokir IP secara acak dengan aplikasi seperti PeerGuardian hanya menyulitkan anda - jangan melakukan hal ini).
This question can be answered in 3 parts:
- My router often displays a message saying "Website Not Found In Addressbook", why do I see this message?
Human-readable addresses such as http://website.i2p are references to a long, random string known as a destination. These references are registered and stored at addressbook services such as stats.i2p, which is run by zzz. You will often encounter a "b32" address. A "b32" is a hash (specifically, a SHA256 hash) of the destination. This hash is appended with ".b32.i2p" and serves as a convenient way to link to your hidden service, without requiring any registration on an addressbook service.
It is possible to add subscriptions to your router's configuration which may reduce the frequency of these messages.
- What is an addressbook subscription?
This is a list of files hosted on various I2P websites each of which contain a list of I2P hosts and their associated destinations.
The addressbook is located at http://localhost:7657/dns where further information can be found.
- What are some good addressbook subscription links?
You may try the following:
For security purposes, the router's admin console by default only listens for connections on the local interface. There are two methods for accessing the console remotely:
- SSH Tunnel
- Configuring your console to be available on a Public IP address with a username & password
These are detailed below:
- SSH Tunnel
If you are running a Unix-like Operating System, this is the easiest method for remotely accessing your I2P console. (Note: SSH server software is available for systems running Windows, for example https://github.com/PowerShell/Win32-OpenSSH)
Once you have configured SSH access to your system, the '-L' flag is passed to SSH with appropriate arguments - for example:
ssh -L 7657:localhost:7657 (System_IP)
ssh -NL 7657:localhost:7657 (System_IP)
- Configuring your console to be available on a Public IP address with a username & password
clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/
clientApp.0.args=7657 ::1,127.0.0.1,(System_IP) ./webapps/
- Go to http://localhost:7657/configui and add a console username and password if desired - Adding a username & password is highly recommended to secure your I2P console from tampering, which could lead to de-anonymization.
- Go to http://localhost:7657/index and hit "Graceful restart", which restarts the JVM and reloads the client applications
http://(System_IP):7657and you will be prompted for the username and password you specified in step 2 above if your browser supports the authentication popup.
NOTE: You can specify 0.0.0.0 in the above configuration. This specifies an interface, not a network or netmask. 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP. Be careful when using this option as the console will be available on ALL addresses configured on your system.
Please see the previous answer for instructions on using SSH Port Forwarding, and also see this page in your console: http://localhost:7657/configi2cp
The SOCKS proxy has been functional since release 0.7.1. SOCKS 4/4a/5 are supported. I2P does not have a SOCKS outproxy so it is limited to use within I2P only.
Many applications leak sensitive information that could identify you on the Internet and this is a risk that one should be aware of when using the I2P SOCKS proxy. I2P only filters connection data, but if the program you intend to run sends this information as content, I2P has no way to protect your anonymity. For example, some mail applications will send the IP address of the machine they are running on to a mail server. There is no way for I2P to filter this, thus using I2P to 'socksify' existing applications is possible, but extremely dangerous.
Jika anda ingin informasi lebih lanjut tentang aplikasi proxy SOCKS, ada beberapa petunjuk di SOCKS page.
Router I2P hanya perlu mendapat seed satu kali untuk bergabung dengan jaringan untuk pertama kalinya. Reseeding melibatkan pengambilan beberapa file "RouterInfo" (dibundel menjadi file zip bertanda tangan) dari setidaknya dua URL server yang telah ditentukan yang diambil dari kelompok server clearnet HTTPS yang dikelola secara sukarela.
Gejala khas reseed yang gagal adalah indikator "Known" (di bilah sisi kiri konsol router) yang menampilkan nilai yang sangat kecil (seringkali kurang dari 5) yang tidak bertambah. Hal ini dapat terjadi, antara lain, jika firewall lokal anda membatasi lalu lintas keluar atau jika permintaan reseed diblokir seluruhnya.
Jika Anda terjebak di balik firewall atau filter ISP, anda dapat menggunakan metode manual berikut (solusi teknis non-otomatis) untuk bergabung dengan jaringan I2P.
Mulai dari rilis 0.9.33, Anda dapat mengatur router untuk melakukan reseed melalui proxy. Buka http://localhost:7657/configreseed lalu atur tipe proxy hostname, dan port.
Bergabung dengan Jaringan I2P dengan menggunakan file reseed
Silahkan hubungi teman terpercaya yang diketahui yang memiliki router I2P yang sedang berjalan, dan mintalah bantuan untuk memperbaiki reseed router I2P anda. Minta mereka mengirimkan reseed file dari router I2P yang sedang berjalan. Sangat penting bahwa file dikirim melalui saluran yang aman, mis. dienkripsi untuk menghindari gangguan eksternal (PGP Sign, Encrypt dan Verified with a trusted public key). File itu sendiri tidak bertanda tangan, jadi tolong terima file hanya dari teman terpercaya yang dikenal. Jangan pernah mengimpor file bekas jika anda tidak dapat memverifikasi sumbernya.
Untuk mengimpor file i2preseed.zip yang diterima ke router I2P lokal anda:
- Kunjungi http://localhost:7657/configreseed
- Di menu "Manual Reseed from File" klik "Browse..."
- Pilih file i2preseed.zip
- Klik "Reseed from File"
Cek log untuk pesan ini:
Reseed got 100 router infos from file with 0 errors
Berbagi file yang telah di-reseed
Untuk teman tepercaya, anda dapat menggunakan router I2P lokal anda untuk membantu mereka untuk memulai:
- Kunjungi http://localhost:7657/configreseed
- Di menu "Create Reseed File" klik "Create reseed file"
- Kirim secara aman file i2preseed.zipke teman anda
Jangan mengungkapkan file ini dalam hal apapun kepada pengguna yang tidak dikenal, karena berisi data pribadi yang sensitif (100 RouterInfo) dari router I2P anda sendiri! Untuk melindungi anonimitas anda: anda mungkin menunggu beberapa jam / hari secara acak sebelum anda berbagi file dengan teman tepercaya anda. Sebaiknya gunakan prosedur ini dengan jarang (<2 per minggu).
Pedoman umum untuk reseeding I2P secara manual
- Jangan publikasikan file yang sudah di-reseed ulang atau bagikan file ini dengan teman dari teman!
- File ini harus digunakan hanya untuk jumlah teman yang sangat terbatas (<3)!
- File ini valid beberapa hari (<20)!
Unless an outproxy has been specifically set up for the service you want to connect to, this cannot be done. There are only three types of outproxies running right now: HTTP, HTTPS, and email. Note that there is no SOCKS outproxy. If this type of service is required, we recommend that you use Tor. Please be aware that the Tor project recommends against using BitTorrent over Tor, as there are serious anonymity-related issues associated with doing so.
Within I2P, there is no requirement to use HTTPS. All traffic is encrypted end-to-end, any further encryption, e.g. with the use of HTTPS, doesn't create any further anonymity-related benefits. However, if one would like to use HTTPS or has a requirement to do so, the existing default I2P HTTP Proxy has support for HTTPS traffic. Any hidden service operator would have to specifically set up and enable HTTPS access.
FTP is not supported for technical reasons. There are no FTP "outproxies" to the Internet—it may not even be possible to set up one. Any other kind of outproxy may work if it's set up with a standard tunnel. If you would like to set up some type of outproxy, carefully research the potential risks. The I2P community may or may not be able to help with the technical aspects, feel free to ask. As explained several times above, any existing outproxy isn't a core part of the network. They are services run by individuals and they may or may not be operational at any given time.
Ada banyak kemungkinan penyebab dari penggunaan CPU yang tinggi. Berikut adalah daftarnya:
Java Runtime Environment
Try to use either OpenJDK or Sun/Oracle Java if it's available for your system. You can check which version of java you have installed by typing
java -versionat a command/shell prompt. Performance tends to suffer with other implementations of java.
File sharing applications, e.g. BitTorrent
Apakah anda menjalankan klien BitTorrent di dalam I2P? Coba kurangi jumlah torrent, batasan bandwidth, atau coba matikan, lihat apakah hal ini bisa membantu.
High bandwidth settings
Are your bandwidth limits set too high? It is possible that too much traffic is going through your I2P router and it is overloaded. Try reducing the setting for share bandwidth percentage on the configuration page.
Pastikan bahwa anda sedang menjalankan versi terbaru dari I2P untuk mendapatkan manfaat dari peningkatan kinerja dan perbaikan bug.
Has enough memory been set aside for use by I2P? Look at the memory graph on the graphs page to see if the memory usage is "pegged"—the JVM is spending most of its time in garbage collection. Increase the setting
wrapper.java.maxmemoryin the file
Bursts of high-usage vs. constant 100% usage
Is the CPU usage simply higher than you would like, or is it pegged at 100% for a long time? If it is pegged, this could be a bug. Look in the logs for clues.
You may be using the Java-based BigInteger library instead of the native version, especially if you are running on a new or unusual OS or hardware (OpenSolaris, mipsel, etc.). See the jbigi page for instructions on diagnosing, building, and testing methods.
If your native jbigi library is working fine, the biggest user of CPU may be routing traffic for participating tunnels. This uses CPU because at each hop a layer of encryption must be decoded. You can limit participating traffic in two ways - by reducing the share bandwidth on the confignet page, or by setting router.maxParticipatingTunnels=nnn on the configadvanced page.
New installations of I2P carry out the reseeding process automatically, as well as when the number of known peers falls to a drastically low value. If you need to carry out a reseed of your router, please see the reseed instructions.
If your router has 10 or more active peers, everything is fine. The router should maintain connections to a few peers at all times. The best way to stay "better-connected" to the network is to share more bandwidth. The amount of bandwidth that is shared by the router can be changed on the configuration page: http://localhost:7657/config
No, there isn't anything wrong. This is normal behavior. All routers adjust dynamically to changing network conditions and demands. Routers come online and go offline depending on whether the system it is installed on is operational or not, as well as whether there is an available network connection. Your router is constantly updating its local Network Database. Tunnels which your router is participating in expire every 10 minutes and may or may not be rebuilt through your router.
The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth. We can try to clarify this with the aid of a diagram:
In this diagram, the path that some I2P traffic takes as it travels through the network is traced. A user's I2P router is denoted by the box labeled 'A' and an I2P Hidden Service (for example, the http://stats.i2p website) is labelled as 'B'. Both the client and the server are using 3-hop tunnels, these hops are represented by the boxes labelled 'P', 'Q', 'R', 'X', 'Y', 'Z', 'P_1', 'Q_1', 'R'_1, 'X_1', 'Y_1' and 'Z_1'.
The boxes labelled 'P', 'Q' and 'R' represent an outbound tunnel for A while the boxes labelled 'X_1', 'Y_1', 'Z_1' represent an outbound tunnel for 'B'. Similarly, the boxes labelled 'X', 'Y' and 'Z' represent and inbound tunnel for 'B' while the boxes labelled 'P_1', 'Q_1' and 'R_1' represent an inbound tunnel for 'A'. The arrows in between the boxes show the direction of traffic. The text above and below the arrows detail some example bandwidth between a pair of hops as well as example latencies.
When both client and server are using 3-hop tunnels throughout, a total of 12 other I2P routers are involved in relaying traffic. 6 peers relay traffic from the client to the server which is split into a 3-hop outbound tunnel from 'A' ('P', 'Q', 'R') and a 3-hop inbound tunnel to 'B' ('X', 'Y', 'Z'). Similarly, 6 peers relay traffic from the server to back to the client.
First, we can consider latency - the time that it takes for a request from a client to traverse the I2P network, reach the the server and traverse back to the client. Adding up all latencies we see that:
40 + 100 + 20 + 60 + 80 + 10 + 30 ms (client to server) + 60 + 40 + 80 + 60 + 100 + 20 + 40 ms (server to client) ----------------------------------- TOTAL: 740 ms
The total round-trip time in our example adds up to 740 ms - certainly much higher than what one would normally see while browsing regular internet websites.
Second, we can consider available bandwidth. This is determined through the slowest link between hops from the client and server as well as when traffic is being transmitted by the server to the client. For traffic going from the client to the server, we see that the available bandwidth in our example between hops 'R' & 'X' as well as hops 'X' & 'Y' is 32 KB/s. Despite higher available bandwidth between the other hops, these hops will act as a bottleneck and will limit the maximum available bandwidth for traffic from 'A' to 'B' at 32 KB/s. Similarly, tracing the path from server to client shows that there is maximum bandwidth of 64 KB/s - between hops 'Z_1' & 'Y_1, 'Y_1' & 'X_1' and 'Q_1' & 'P_1'.
We recommend increasing your bandwidth limits. This helps the network by increasing the amount of available bandwidth which will in turn improve your I2P experience. Bandwidth settings are located on the http://localhost:7657/config page. Please be aware of your internet connection's limits as determined by your ISP, and adjust your settings accordingly.
We also recommend setting a sufficient amount of shared bandwidth - this allows for participating tunnels to be routed through your I2P router. Allowing participating traffic keeps your router well-integrated in the network and improves your transfer speeds.
I2P is a work in progress. Lots of improvements and fixes are being implemented, and, generally speaking, running the latest release will help your performance. If you haven't, install the latest release.
Seringkali error ini akan terjadi dengan software Java yang jaringannya diaktifkan pada beberapa sistem operasi yang dikonfigurasi untuk menggunakan IPv6 secara default. Ada beberapa cara untuk memecahkan masalah ini:
Pada sistem berbasis Linux, anda dapat
echo 0 > /proc/sys/net/ipv6/bindv6only
- Cari baris berikut dalam
Jika baris tersebut ada, hilangkan tanda komentar dengan menghapus "#". Jika baris tersebut tidak tambahkan mereka tanpa "#".
PERINGATANn: untuk setiap perubahan
wrapper.config dapat bekerja, anda harus benar-benar menghentikan router dan wrapper. Mengklik Restart console router tidak akan mengaktifkan file ini! Anda harus klik Shutdown, tunggu 11 menit, kemudian mulai lagi I2P.
Jika anda mempertimbangkan setiap eepsite yang pernah dibuat, ya, sebagian besar dari mereka sedang tidak aktif. Orang dan eepsites datang dan pergi. Cara yang baik untuk memulai di I2P adalah melihat daftar eepsites yang sedang aktif. http://identiguy.i2p.xyz melacak eepsites aktif
The Tanuki java service wrapper that we use opens this port —bound to localhost— in order to communicate with software running inside the JVM. When the JVM is launched it is given a key so it can connect to the wrapper. After the JVM establishes its connection to the wrapper, the wrapper refuses any additional connections.
More information can be found in the wrapper documentation.
You may report any bugs/issues that you encounter on our bugtracker, which is available over both clearnet and I2P. We have a discussion forum, also available on I2P and clearnet. You can join our IRC channel as well: either through our IRC network, IRC2P, or on Freenode.
- Our Bugtracker:
- Our forums: i2pforum.net
- Join #i2p-dev Discuss with the developers on IRC
Please include relevant information from the router logs page which is available at: http://127.0.0.1:7657/logs. We request that you share all of the text under the 'I2P Version and Running Environment' section as well as any errors or warnings displayed in the various logs displayed on the page.
Great! Find us on IRC: