Configuring I2P services (revision 2)

Introduction

This page describes how Alexis Huxley installed and configured I2P.

Notes for next time

  1. some time after installation it became necessary to install i2p-keyring (presumably because the repo became signed and apt-get updates failed)

Installation the I2P way

This method was last used 18/04/2020. It is based on the official instructions.

  1. Run: 
    apt-get install apt-transport-https curl
echo "deb https://deb.i2p2.de/ buster main" > \
        /etc/apt/sources.list.d/i2p.list
curl -o /tmp/i2p-debian-repo.key.asc \
        https://geti2p.net/_static/i2p-debian-repo.key.asc
apt-key add /tmp/i2p-debian-repo.key.asc
apt-get update
apt-get install i2p i2p-keyring
dpkg-reconfigure i2p

    and configure it as follows:

    1. when asked if i2p should be started at boot time, select ‘Yes’.
    2. when asked what user the service should run as, accept the default.
    3. when asked how much memory i2p may use, set it to  4096MB.
    4. when asked if the I2P daemon be confined with AppArmor, accept the default.
  2. Stop I2P by running: 
    systemctl stop i2p

    (Later sections of this document expect i2p to be stopped.)

  3. To allow the I2P console to be accessible from the local network:
    1. Run: 
      cp -a /var/lib/i2p/i2p-config/clients.config.bak /var/lib/i2p/i2p-config/clients.config
    2. Edit /var/lib/i2p/i2p-config/clients.config and make the following changes: 
      clientApp.0.args=7657 0.0.0.0 ./webapps/
  4. To allow the I2P web proxy to be access from the local network, complete the following sub-procedure:
    1. Run: 
      cp -a /var/lib/i2p/i2p-config/i2ptunnel.config.bak /var/lib/i2p/i2p-config/i2ptunnel.config
    2. Edit /var/lib/i2p/i2p-config/i2ptunnel.config and make the following changes: 
      tunnel.0.interface=0.0.0.0
  5. For the purposes of the configuration section below, run the following command: 
    I2P_USER=i2psvc
I2P_GROUP=i2psvc
I2PSNARK_DIR=/var/lib/i2p/i2p-config/i2psnark

Installation the manual way

This method was last used 05/08/2018.

  1. Install prerequisites: 
    apt-get install openjdk-8-jre-headless
  2. If upgraded then, as root, clean up old versions: 
    killall -9 -u i2p
mkdir /var/tmp/i2p.delete-soon
mv /usr/local/opt/i2p-* /var/tmp/i2p.delete-soon
mv /etc/init.d/i2p /var/tmp/i2p.delete-soon
rm /usr/local/opt/i2p
rm /etc/*.d/*i2p*
userdel i2p   #  this also deletes i2p group
  3. Install: 
    VERSION=0.9.35
groupadd --system i2p
useradd --system --gid i2p --create-home --home /usr/local/opt/i2p --shell /bin/bash i2p
mv /usr/local/opt/i2p /usr/local/opt/i2p-$VERSION
ln -s i2p-$VERSION /usr/local/opt/i2p
cd /tmp && wget 
su - i2p
java -jar /tmp/i2p*.jar -console
  4. This next bit is not copy-and-pastable; do it one step at a time, manually: 
    1                        #  continue
<ENTER>                  #  accept default path
1                        #  confirm
./i2prouter start        #  start
sleep 60                 #  allow time for creation of config files; don't worry about firewall issues just yet
./i2prouter stop         #  stop
exit
  5. Create init.d scripts: 
    {
    cat <<'EOF'
#!/bin/sh -e
### BEGIN INIT INFO
# Provides:          i2p
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start or stop the i2p router.
### END INIT INFO
EOF
    echo "NAME=i2p"
    echo "DAEMON=/usr/local/opt/i2p-$VERSION/i2prouter"
    echo "USER=i2p"
    echo "PIDFILE=/usr/local/opt/i2p-$VERSION/.i2p/i2p.pid"
    cat <<'EOF'
[ -x $DAEMON ] || exit 0
. /lib/lsb/init-functions

case "$1" in
    start)   log_daemon_msg "Starting i2p router" "$NAME"
             start-stop-daemon --start --background \
                 --pidfile $PIDFILE --chuid $USER --exec $DAEMON -- start
             log_end_msg 0 ;;
    stop)    log_daemon_msg "Stopping i2p router" "$NAME"
             start-stop-daemon --stop --pidfile $PIDFILE --chuid $USER
             log_end_msg 0 ;;
    restart) $0 stop
             $0 start ;;
    *)       echo "Usage: /etc/init.d/$NAME { start | stop | restart }"
             exit 2 ;;
esac
EOF
} > /etc/init.d/i2p
chmod 755 /etc/init.d/i2p
systemctl enable i2p
  6. To allow the I2P console to be accessible from the local network:
    1. Edit ~i2p/.i2p/clients.config and make the following changes: 
      clientApp.0.args=7657 0.0.0.0 ./webapps/
  7. To allow the I2P web proxy to be access from the local network, complete the following sub-procedure:
    1. Edit ~i2p/i2ptunnel.config and make the following changes: 
      tunnel.0.interface=0.0.0.0
  8. For the purposes of the configuration section below, run the following command: 
    I2P_USER=i2p
I2P_GROUP=i2p
I2PSNARK_DIR=/usr/local/opt/i2p/.i2p/i2psnark

Configuration

Regardless of which way you installed and configured I2p, some configuration is common to both methods.

  1. Stop I2P by running: 
    systemctl stop i2p
  2. To decrease disk IO and hopefully improve performance do the following:
    1. Run the following commands: 
      cd /var/lib/i2p/i2p-config
mv netDb netDb.old
mv peerProfiles peerProfiles.old
ln -s /dev/shm/var-lib-i2p-i2p-config-netDb/netDb
ln -s /dev/shm/var-lib-i2p-i2p-config-peerProfiles peerProfiles
cp /lib/systemd/system/i2p.service /etc/systemd/system/i2p.service
    2. Locate the section: 
      AppArmorProfile=system_i2p
ExecStartPre=/bin/mkdir -p /tmp/i2p-daemon

      and change it to:

      AppArmorProfile=system_i2p
ExecStartPre=/bin/mkdir /dev/shm/var-lib-i2p-i2p-config-netDb /dev/shm/var-lib-i2p-i2p-config-peerProfiles
ExecStartPre=/bin/chown -R ${I2PUSER}:${I2PUSER} /dev/shm/var-lib-i2p-i2p-config-netDb /dev/shm/var-lib-i2p-i2p-config-peerProfiles
ExecStartPre=/bin/mkdir -p /tmp/i2p-daemon
    3. Reboot.
    4. To check that it worked run: 
      find /dev/shm/var-lib-i2p-i2p-config-*
    5. Stop I2P again.
  3. Decide what TCP and UDP port I2P will use.
  4. On the firewall set up any necessary port forwarding.
  5. If storage for I2P snark is to be in a different location then replace /var/lib/i2p/i2p-config/i2psnark with a symlink and make sure any existing content there is correctly owned by running: 
    mv $I2PSNARK_DIR $I2PSNARK_DIR.delete-soon
ln -s <somewhere> $I2PSNARK_DIR
chown -R $I2P_USER:$I2P_GROUP $I2PSNARK_DIR/
  6. Restart I2P (previous sections left it stopped) and wait an hour.
  7. Visit http://<name-of-i2p-server>:7657/config.jsp. Don’t try to access this via a proxy yet; that won’t yet work.
  8. To change the TCP & UDP ports I2P listens on to match those configured in your firewall, complete the following sub-procedure:
    1. Click the “Network” tab and scroll down to the “IP AND TRANSPORT CONFIGURATION” section (this is the only section on this page nowadays).
    2. In “UDP Configuration” paragraph, change “UDP port” to whatever you’ve set up on the firewall, then scroll down and click “Save changes”.
    3. After that just wait, the network will recover, as indicated by the ‘Network: ‘ status in the left panel.
  9. To allow the I2P web proxy to be access from the local network, complete the following sub-procedure:
    1. In the left panel, under “I2P INTERNALS” click “Hidden Services Manager”.
    2. Scroll down to the “I2P CLIENT TUNNELS” sections and click “I2P HTTP Proxy”.
    3. In the “Edit proxy settings” section, change “Reachable by:” to “0.0.0.0”.
    4. Scroll down and click “Save”.
  10. To adjust download and upload bandwidths, complete the following sub-procedure:
    1. Click the “Bandwidth” tab and scroll down to the “Bandwidth limiter” section (this is the only section on this page nowadays).
    2. Enter your full download and upload bandwidths (for me 13250KBps and 800KBps) and the percentage of that you wish to share (f0r me 30%), then scroll down and click “Save changes”.

Proxying connections to the I2P server

  1. See Configuring web services(revision 2).

See also