I2P (Invisible Internet Protocol)
I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, and participants don’t reveal their real IP addresses.
The I2P client
I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (file sharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat servers).
I2P allows people from all around the world to communicate and share information without restrictions.
Much like the Tor network, operating your own node contributes to the overall strength of the I2P network. Let’s do our part to bolster this online privacy tool by setting up and running our very own I2P router.
Choosing an I2P Client
- Official i2p software
- i2pd
- i2p+
Each of these choices is excellent in its own right, but we have opted for i2pd (I2P Daemon) – a full-featured, C++ implementation of the I2P client. Its appeal lies in its minimalistic design and limited dependencies, making it perfect for a small VPS server or a Raspberry Pi. It allows for a quick and hassle-free setup.
Prerequisites
- A VPS running somewhere
- A computer and some time to install i2pd
VPS
To start, you’ll need a Virtual Private Server (VPS) – so go ahead and secure one if you haven’t already. There’s no need to break the bank, just ensure that your chosen plan offers a sufficient amount of bandwidth and storage, particularly if you plan to use i2p for torrenting.
For optimal privacy, consider paying with Monero (XMR) – a privacy-oriented cryptocurrency which we have wrtten about here. There are numerous VPS providers that accept XMR as payment, one notable option being incognet.io.
Generating SSH keys
On our home computer, let’s generate the SSH keys for our server. Using a cleartext password to log in to your server is not really a good idea since the password is not encrypted in transit and can be exposed on a hostile network.
By creating an SSH key, we’re going to make it so that you can only log in to the server if you have the key file and the password, and at the same time, the password is encrypted.
This is the command that will generate our SSH keys. The RSA algorithm with a 4096 key size is what I’d recommend since it’s sufficiently secure and widely supported.
ssh-keygen -t rsa -b 4096
Press Enter when it asks for the key location to save it to the default one and then enter a password of your choosing.
Login to the server
ssh root@your_vps_ip_address
Update and Upgrade
We want to make sure the system is up to date, so let’s do that:
apt update && apt upgrade
Create a New User
Once you have your VPS and are logged in through SSH, let’s make sure it’s secure by creating a separate user so it’s not running as the root user (bad idea) with:
useradd -G sudo -m newuser -s /bin/bash
Replace newuser with your chosen username.
Change the password for the New User
passwd newuser
Copy SSH keys from host to the server
Now that we’ve created our new user, now is a good time to copy the public SSH key to the VPS. Open a second terminal window for your local terminal and enter:
Linux or Mac
ssh-copy-id newuser@your_vps_ip_address
You’ll be asked to enter your password, and once you do, go back to the terminal window with your VPS. Don’t close the other window yet.
Restricting SSH to key authentication
Now that we’ve copied the SSH keys to the VPS, we have to restrict authentication to the public key only. Let’s edit the sshd configuration file:
nano /etc/ssh/sshd_config
Disable password authentication so that you’re only able to log in using a public key.
PasswordAuthentication no
Let’s also disable root login.
PermitRootLogin no
Now save the file and restart the sshd service using:
systemctl restart sshd
Now without closing this window, let’s go back to our local machine and try to log in with our key:
ssh -i ~/.ssh/id_rsa newuser@your_server_ip_address
If you see a prompt to enter your key password, that means you’re good to go. It’s also a good idea to verify that you can’t log in with your password anymore:
ssh newuser@your_server_ip_address -p 69
This should give you “Permission denied.”
Install and Setup i2pd
Okay, now for the exciting part! Installing the i2pd client on our VPS and getting our router up and running. You can view the builds at i2pd’s GitHub here.
Ubuntu
You can install binary packages from the latest release page. Alternatively, you can use PPA repository or repository provided below, run by PurpleI2P community member R4SAS.
Debian
Look for Debian packages at the latest release page. Alternatively, you can install i2pd by using the repository run by PurpleI2P community member R4SAS.
For all other operating systems please see the github for instructions
Install apt-transport-https package
sudo apt-get install apt-transport-https
Automatically add repository
wget -q -O - https://repo.i2pd.xyz/.help/add_repo | sudo bash -s -
After that, you can install i2pd as any other software package:
apt-get update
apt-get install i2pd
Start the i2pd service
Let’s start the i2pd service. I’m on Debian, so I will use the systemd unit. Some i2pd packages come with a systemd control unit, and for those that use systemd, it is possible to manage i2pd with it.
To start/stop i2pd:
sudo systemctl start i2pd.service
sudo systemctl stop i2pd.service --no-block
The stop command initiates a graceful shutdown process; i2pd stops after finishing to route transit tunnels (maximum 10 minutes).
To enable/disable autostart of i2pd upon bootup:
sudo systemctl enable i2pd.service
sudo systemctl disable i2pd.service
Using i2p, Tips and Tricks
Good news! i2pd is installed, running, and ready!
You may be asking “So how do I browse i2p if it’s on a VPS?” SSH tunneling, that’s how!
SSH tunneling is a method that allows you to establish a secure and encrypted connection between your local machine and the VPS. By using this technique, you can forward data over the encrypted channel, ensuring that your online activities remain secure and private. In the case of i2pd, SSH tunneling enables you to access and utilize the i2pd service running on your VPS from the convenience of your local computer.
Creating an SSH tunnel and forwarding port 4444 (i2pd router’s port) from our host OS to the VPS to make an encrypted tunnel will allow us to use our browser like i2p was installed locally on our system… nice!
On your host OS, you want to SSH into the server with your previously created SSH key but with the SSH tunnel added to the command:
ssh -L 4444:127.0.0.1:4444 -i ~/.ssh/id_rsa newuser@your_server_ip_address
Note: I don’t recommend forwarding the router’s console via SSH as it contains some private info of your i2p router. To view your router’s console on the VPS, you can use Lynx browser, a terminal-based browser so you can see all your i2p stats and connections. This will allow you to check your stats without having to forward your console as well.
lynx 127.0.0.1:7070
Browse I2p
To browse i2p, you can now open your browser of choice. I recommend using Firefox or Librewolf (a hardened version of Firefox). Adjust your Firefox network proxy settings to the following; this will allow you to browse i2p like i2p was installed locally:
SSH tunneling is a really cool thing, which we recommend you read up on if you are interested.
Now we can browse the i2p network! You may need to let your router find peers, and it will get faster the longer you leave it running. Having it running on a VPS means it can run 24/7.
Eepsites
Now let’s explore some eepsites (I2P’s equivalent to Tor’s hidden services) to jumpstart your anonymous browsing experience. Keep in mind that you might need to allow i2p some time to “warm up” before these sites are accessible. Don’t worry, this is a normal part of the process, so don’t get discouraged. These are a good jumping of point into the network. notbob.i2p indentiguy.i2p reg.i2p legwork.i2p
Conclusion I2P provides a vast range of features that go beyond merely browsing the web. Here’s a more detailed overview of these privacy-focused services that you can enjoy:
- Anonymous torrenting and seeding: With I2P, you can use torrents without revealing your true identity. The torrent client within the I2P network takes care of file-sharing by encrypting traffic and routing it through the network. This ensures that your IP address remains concealed from other peers.
- Anonymous chat via IRC: I2P allows you to use Internet Relay Chat (IRC) safely and securely. By employing encryption and routing messages through the network, your communications remain hidden from prying eyes. When connecting to an IRC server, remember to use the I2P-specific server address.
- Anonymous mail: The I2P network offers an anonymous email service called I2P-Bote. This email service provides end-to-end encryption while obscuring your identity, leaving no traceable metadata. Send and receive emails privately and securely without concern for third-party monitoring.
- Run a Monero node through I2P: Monero is a privacy-centric cryptocurrency known for its anonymous transactions. Running a Monero node within the I2P network amplifies the security and enhances transaction privacy. This combination further minimizes the risk of revealing your identity while using Monero.