PurpleI2P/i2pd_docs_en
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd_docs_en synced 2025-03-13 05:41:16 +00:00
Code Issues Releases Wiki Activity

Merge pull request #79 from wekoq/master

Browse Source 
Actualization, refactor, add some data
This commit is contained in:
orignal 2023-02-03 13:17:51 -05:00 committed by GitHub
commit 67a1141cfc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 142 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/about/community.md
View File

@ -1,7 +1,9 @@
PurpleI2P team and community
============================
Community IRC channel [i2pd-dev@libera.chat](https://web.libera.chat/?channels=i2pd-dev)
Community IRC channel on ILITA (irc.ilita.i2p): #dev ([webclient(I2P)](http://irc.acetone.i2p/web/))
Community IRC channel [i2pd-dev@libera.chat](https://web.libera.chat/?channels=i2pd-dev) (not active)
Twitter hashtag [#i2pd](https://twitter.com/hashtag/i2pd)

1
docs/about/history.md
View File

@ -1,3 +1,4 @@
History
=======
Empty for now.

1
docs/devs/api/index.md
View File

@ -1,3 +1,4 @@
Choosing API for your project
=============================
Empty for now.

3
docs/devs/api/libi2pd.md
View File

@ -1,4 +1,5 @@
libi2pd
=======
i2pd can be built in any application with libi2pd
i2pd can be built in any application with libi2pd.
Join IRC #dev for more info.

9
docs/user-guide/FAQ.md
View File

@ -50,7 +50,7 @@ Contact developers with IRC or create an issue on GitHub.
## What is good tunnel creation success rate value?
Average values are 15% - 40%. Larger is better.
\>10%. Larger is better.
## Is there a place I can use to find running I2P websites?
@ -73,9 +73,8 @@ i2pd's socks proxy has an option to pass all non-I2P traffic to the Tor socks pr
## What is a floodfill mode?
Floodfill mode is a special mode, which contributes to the I2P network more.
You may want to enable floodfill mode if you have stable uptime and high bandwidth
to share.
Floodfill mode make your router a floodfill, that means what other routers will publish and get LeaseSets and RIs on your router. [Read more](http://geti2p.net/en/docs/how/network-database).
Floodfill mode require more bandwith, CPU time. If you sure, what you have stable uptime, you can enable floodfill: `floodfill = true`
## How is I2P different from Tor?
@ -92,5 +91,5 @@ Tor is highly centralized by design, while I2P is designed to be decentralized a
## Can use i2pd as a proxy for regular Internet?
Not out of the box. You better use [Tor](https://www.torproject.org/) for that.
Yes, but better use [Tor](https://www.torproject.org/) for that.

154
docs/user-guide/configuration.md
View File

@ -48,28 +48,27 @@ tunconf | Tunnels config file (default: ~/.i2pd/t
pidfile | Where to write pidfile (default: i2pd.pid, not used in Windows)
log | Logs destination: stdout, file, syslog (stdout if not set or invalid) (if daemon, stdout/unspecified are replaced by file in some cases)
logfile | Path to logfile (default - autodetect)
loglevel | Log messages above this level (debug, info, warn, error, none; default - info)
logclftime | Write full CLF-formatted date and time to log (default: write only time)
datadir | Path to storage of i2pd data (RI, keys, peer profiles, ...)
host | Router external IP for incoming connections
port | Port to listen for incoming connections (default: auto)
daemon | Router will go to background after start
service | Router will use system folders like '/var/lib/i2pd' (on unix) or 'C:\ProgramData\i2pd' (on Windows). Ignored on MacOS and Android
loglevel | Log messages above this level (debug, info, warn, error, none; default - warn)
logclftime | Write full CLF-formatted date and time to log (default: false (write only time))
datadir | Path to storage of i2pd data (RouterInfos, destinations keys, peer profiles, etc ...)
host | Router external IP for incoming connections (default: auto if SSU2 is enabled)
port | Port to listen for incoming connections (default: auto (random))
daemon | Router will go to background after start (default: true)
service | Router will use system folders like '/var/lib/i2pd' (on unix) or 'C:\ProgramData\i2pd' (on Windows). Ignored on MacOS and Android (default: false)
ifname | Network interface to bind to
ifname4 | Network interface to bind to for IPv4
ifname6 | Network interface to bind to for IPv6
address4 | Local address to bind to for IPv4
address6 | Local address to bind to for clearnet IPv6
nat | If true, assume we are behind NAT. true by default
ipv4 | Enable communication through IPv4. true by default
ipv6 | Enable communication through clearnet IPv6. false by default
notransit | Router will not accept transit tunnels, disabling transit traffic completely. false by default
floodfill | Router will be floodfill. false by default
bandwidth | Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (>9000)
share | Max % of bandwidth limit for transit. 0-100. 100 by default
nat | If true, assume we are behind NAT (default: true)
ipv4 | Enable communication through IPv4 (default: true)
ipv6 | Enable communication through clearnet IPv6 (default: false)
notransit | Router will not accept transit tunnels, disabling transit traffic completely (default: false)
floodfill | Router will be floodfill (default: false)
bandwidth | Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (unlimited).
share | Max % of bandwidth limit for transit. 0-100 (default: 100)
family | Name of a family, router belongs to
netid | Network ID, router belongs to. Main I2P is 2.
ssu | Enable SSU transport protocol (use UDP). true by default
#### Notes
@ -79,9 +78,9 @@ ssu | Enable SSU transport protocol (use UDP)
Option | Description
-------------------------------------- | --------------------------------------
ntcp2.enabled | Enable NTCP2. Enabled by default
ntcp2.published | Enable incoming NTCP2 connections. Enabled by default
ntcp2.port | Port to listen for incoming NTCP2 connections (default: auto)
ntcp2.enabled | Enable NTCP2 (default: true)
ntcp2.published | Enable incoming NTCP2 connections (default: true)
ntcp2.port | Port to listen for incoming NTCP2 connections (default: auto - port from general section)
ntcp2.addressv6 | External IPv6 for incoming connections
ntcp2.proxy | Specify proxy server for NTCP2. Should be http://address:port or socks://address:port
@ -89,12 +88,12 @@ ntcp2.proxy | Specify proxy server for NTCP2. Should
Option | Description
-------------------------------------- | --------------------------------------
ssu2.enabled | Enable SSU2. Disabled by default on 2.43.0
ssu2.published | Enable incoming SSU2 connections. Disabled by default on 2.43.0
ssu2.port | Port to listen for incoming SSU2 connections (default: auto - 'port' from general section or 'port + 1' if SSU is enabled)
ssu2.enabled | Enable SSU2 (default: true)
ssu2.published | Enable incoming SSU2 connections. (default: true)
ssu2.port | Port to listen for incoming SSU2 connections (default: auto - 'port' from general section)
ssu2.proxy | Specify UDP socks5 proxy server for NTCP2. Should be socks://address:port
ssu2.mtu4 | MTU for local ipv4. Auto-detect by default
ssu2.mtu6 | MTU for local ipv6. Auto-detect by default
ssu2.mtu4 | MTU for local ipv4. (default: auto)
ssu2.mtu6 | MTU for local ipv6. (default: auto)
All options below still possible in cmdline, but better write it in config file:
@ -102,116 +101,116 @@ All options below still possible in cmdline, but better write it in config file:
Option | Description
-------------------------------------- | --------------------------------------
http.enabled | If webconsole is enabled. true by default
http.enabled | If webconsole is enabled. (default: true)
http.address | The address to listen on (HTTP server)
http.port | The port to listen on (HTTP server) 7070 by default
http.auth | Enable basic HTTP auth for webconsole
http.port | The port to listen on (HTTP server) (default: 7070)
http.auth | Enable basic HTTP auth for webconsole (default: false)
http.user | Username for basic auth (default: i2pd)
http.pass | Password for basic auth (default: random, see logs)
http.strictheaders | Enable strict host checking on WebUI. true by default
http.strictheaders | Enable strict host checking on WebUI. (default: true)
http.hostname | Expected hostname for WebUI (default: localhost)
### HTTP proxy
Option | Description
-------------------------------------- | --------------------------------------
httpproxy.enabled | If HTTP proxy is enabled. true by default
httpproxy.enabled | If HTTP proxy is enabled. (default: true)
httpproxy.address | The address to listen on (HTTP Proxy)
httpproxy.port | The port to listen on (HTTP Proxy) 4444 by default
httpproxy.addresshelper | Enable address helper (jump). true by default
httpproxy.port | The port to listen on (HTTP Proxy) (default: 4444)
httpproxy.addresshelper | Enable address helper (jump). (default: true)
httpproxy.keys | Optional keys file for HTTP proxy local destination
httpproxy.signaturetype | Signature type for new keys if keys file is set. 7 by default
httpproxy.inbound.length | Inbound tunnels length if keys is set. 3 by default
httpproxy.inbound.quantity | Inbound tunnels quantity if keys is set. 5 by default
httpproxy.inbound.lengthVariance | Inbound tunnels length variance if keys is set. 0 by default
httpproxy.outbound.length | Outbound tunnels length if keys is set. 3 by default
httpproxy.outbound.quantity | Outbound tunnels quantity if keys is set. 5 by default
httpproxy.outbound.lengthVariance | Outbound tunnels length variance if keys is set. 0 by default
httpproxy.signaturetype | Signature type for new keys if keys file is set. (default: 7)
httpproxy.inbound.length | Inbound tunnels length if keys is set. (default: 3)
httpproxy.inbound.quantity | Inbound tunnels quantity if keys is set. (default: 5)
httpproxy.inbound.lengthVariance | Inbound tunnels length variance if keys is set. (default: 0)
httpproxy.outbound.length | Outbound tunnels length if keys is set. (default: 3)
httpproxy.outbound.quantity | Outbound tunnels quantity if keys is set. (default: 5)
httpproxy.outbound.lengthVariance | Outbound tunnels length variance if keys is set. (default: 0)
httpproxy.outproxy | HTTP proxy upstream out proxy url (like http://false.i2p)
httpproxy.i2cp.leaseSetType | Type of LeaseSet to be sent. 1, 3 or 5. 1 by default
httpproxy.i2cp.leaseSetType | Type of LeaseSet to be sent. 1, 3 or 5. (default: 3)
httpproxy.i2cp.leaseSetEncType | Comma separated encryption types to be used in LeaseSet type 3 or 5
### Socks proxy
Option | Description
-------------------------------------- | --------------------------------------
socksproxy.enabled | If SOCKS proxy is enabled. true by default
socksproxy.enabled | If SOCKS proxy is enabled. (default: true)
socksproxy.address | The address to listen on (SOCKS Proxy)
socksproxy.port | The port to listen on (SOCKS Proxy). 4447 by default
socksproxy.port | The port to listen on (SOCKS Proxy). (default: 4447)
socksproxy.keys | Optional keys file for SOCKS proxy local destination
socksproxy.signaturetype | Signature type for new keys if keys file is set. 7 by default
socksproxy.inbound.length | Inbound tunnels length if keys is set. 3 by default
socksproxy.inbound.quantity | Inbound tunnels quantity if keys is set. 5 by default
socksproxy.inbound.lengthVariance | Inbound tunnels length variance if keys is set. 0 by default
socksproxy.outbound.length | Outbound tunnels length if keys is set. 3 by default
socksproxy.outbound.quantity | Outbound tunnels quantity if keys is set. 5 by default
socksproxy.outbound.lengthVariance | Outbound tunnels length variance if keys is set. 0 by default
socksproxy.outproxy.enabled | Enable or disable SOCKS outproxy. Disabled by default
socksproxy.outproxy | Address of outproxy. requests outside I2P will go there
socksproxy.signaturetype | Signature type for new keys if keys file is set. (default: 7)
socksproxy.inbound.length | Inbound tunnels length if keys is set. (default: 3)
socksproxy.inbound.quantity | Inbound tunnels quantity if keys is set. (default: 5)
socksproxy.inbound.lengthVariance | Inbound tunnels length variance if keys is set. (default: 0)
socksproxy.outbound.length | Outbound tunnels length if keys is set. (default: 3)
socksproxy.outbound.quantity | Outbound tunnels quantity if keys is set. (default: 5)
socksproxy.outbound.lengthVariance | Outbound tunnels length variance if keys is set. (default: 0)
socksproxy.outproxy.enabled | Enable or disable SOCKS outproxy. (default: false)
socksproxy.outproxy | Address of outproxy. Requests outside I2P will go there.
socksproxy.outproxyport | Outproxy remote port
socksproxy.i2cp.leaseSetType | Type of LeaseSet to be sent. 1, 3 or 5. 1 by default
socksproxy.i2cp.leaseSetType | Type of LeaseSet to be sent. 1, 3 or 5. (default: 3)
socksproxy.i2cp.leaseSetEncType | Comma separated encryption types to be used in LeaseSet type 3 or 5
### SAM interface
Option | Description
-------------------------------------- | --------------------------------------
sam.enabled | If SAM is enabled. (default: true)
sam.address | The address to listen on (SAM bridge)
sam.port | Port of SAM bridge. Usually 7656. SAM is off if not specified
sam.enabled | If SAM is enabled. true by default
sam.singlethread | If false every SAM session runs in own thread. true by default
sam.singlethread | If false every SAM session runs in own thread. (default: true)
### BOB interface
Option | Description
-------------------------------------- | --------------------------------------
bob.enabled | If BOB is enabled. (default: false)
bob.address | The address to listen on (BOB command channel)
bob.port | Port of BOB command channel. Usually 2827. BOB is off if not specified
bob.enabled | If BOB is enabled. false by default
### I2CP interface
Option | Description
-------------------------------------- | --------------------------------------
i2cp.enabled | If I2CP is enabled. (default: true)
i2cp.address | The address to listen on or an abstract address for Android LocalSocket
i2cp.port | Port of I2CP server. Usually 7654. Ignored for Andorid
i2cp.enabled | If I2CP is enabled. false by default. Other services don't require I2CP
i2cp.singlethread | If false every I2CP session runs in own thread. true by default
i2cp.singlethread | If false every I2CP session runs in own thread. (default: true)
### I2PControl interface
Option | Description
-------------------------------------- | --------------------------------------
i2pcontrol.enabled | If I2P control is enabled. (default: false)
i2pcontrol.address | The address to listen on (I2P control service)
i2pcontrol.port | Port of I2P control service. Usually 7650. I2PControl is off if not specified
i2pcontrol.enabled | If I2P control is enabled. false by default
i2pcontrol.password | I2P control authentication password. itoopie by default
i2pcontrol.cert | I2P control HTTPS certificate file name. i2pcontrol.crt.pem by default
i2pcontrol.key | I2P control HTTPS certificate key file name. i2pcontrol.key.pem by default
i2pcontrol.password | I2P control authentication password. (default: itoopie)
i2pcontrol.cert | I2P control HTTPS certificate file name. (default: i2pcontrol.crt.pem)
i2pcontrol.key | I2P control HTTPS certificate key file name. (default: i2pcontrol.key.pem)
### UPNP
Option | Description
-------------------------------------- | --------------------------------------
upnp.enabled | Enable or disable UPnP, false by default for CLI and true for GUI (Windows, Android)
upnp.name | Name i2pd appears in UPnP forwardings list. I2Pd by default
upnp.name | Name i2pd appears in UPnP forwardings list. (default: I2Pd)
### Cryptography
Option | Description
-------------------------------------- | --------------------------------------
precomputation.elgamal | Use ElGamal precomputated tables. false for x64 and true for other platforms by default
precomputation.elgamal | Use ElGamal precomputated tables. (default: false for x86-64 and true for other platforms)
### Reseeding
Option | Description
-------------------------------------- | --------------------------------------
reseed.verify | Verify .su3 signature. false by default
reseed.verify | Verify .su3 signature. (default: false)
reseed.urls | Reseed URLs, separated by comma
reseed.yggurls | Reseed Yggdrasil's URLs, separated by comma
reseed.file | Path to local .su3 file or HTTPS URL to reseed from
reseed.zipfile | Path to local .zip file to reseed from
reseed.threshold | Minimum number of known routers before requesting reseed. 25 by default
reseed.threshold | Minimum number of known routers before requesting reseed. (default: 25)
reseed.proxy | Url for https/socks reseed proxy
### Addressbook options
@ -226,46 +225,47 @@ addressbook.hostsfile | File to dump AddressesBook in hosts.txt
Option | Description
-------------------------------------- | --------------------------------------
limits.transittunnels | Override maximum number of transit tunnels. 2500 by default
limits.openfiles | Limit number of open file descriptors (0 - use system limit)
limits.transittunnels | Override maximum number of transit tunnels. (default: 5000)
limits.openfiles | Limit number of open file descriptors (default: 0 - use system limit)
limits.coresize | Maximum size of corefile in Kb (default: 0 - use system limit)
### Trust options
Option | Description
-------------------------------------- | --------------------------------------
trust.enabled | Enable explicit trust options. false by default
trust.enabled | Enable explicit trust options. (default: false)
trust.family | Make direct I2P connections only to routers in specified Family.
trust.routers | Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
trust.hidden | Should we hide our router from other routers? false by default
trust.hidden | Should we hide our router from other routers? (default: false)
### Exploratory tunnels
Option | Description
-------------------------------------- | --------------------------------------
exploratory.inbound.length | Exploratory inbound tunnels length. 2 by default
exploratory.inbound.quantity | Exploratory inbound tunnels quantity. 3 by default
exploratory.outbound.length | Exploratory outbound tunnels length. 2 by default
exploratory.outbound.quantity | Exploratory outbound tunnels quantity. 3 by default
exploratory.inbound.length | Exploratory inbound tunnels length. (default: 2)
exploratory.inbound.quantity | Exploratory inbound tunnels quantity. (default: 3)
exploratory.outbound.length | Exploratory outbound tunnels length. (default: 2)
exploratory.outbound.quantity | Exploratory outbound tunnels quantity. (default: 3)
### Time sync
Option | Description
-------------------------------------- | --------------------------------------
nettime.enabled | Enable NTP sync. Disabled by default
nettime.ntpservers | Comma-separated list of NTP server. pool.ntp.org by default
nettime.ntpsyncinterval | NTP time sync interval in hours. 72 by default
nettime.enabled | Enable NTP sync. (default: false)
nettime.ntpservers | Comma-separated list of NTP server. (default: pool.ntp.org)
nettime.ntpsyncinterval | NTP time sync interval in hours. (default: 72)
### Network information persist
Option | Description
-------------------------------------- | --------------------------------------
persist.profiles | Enable peer profile persisting to disk. Enabled by default
persist.profiles | Enable peer profile persisting to disk. (default: true)
### Meshnets transports
Option | Description
-------------------------------------- | --------------------------------------
meshnets.yggdrasil | Support transports through the Yggdrasil
meshnets.yggdrasil | Support transports through the Yggdrasil (default: false)
meshnets.yggaddress | Local Yggdrasil's address to publish
### Windows-specific options
@ -279,7 +279,7 @@ close | Action on close: minimize, exit, ask
Option | Description
-------------------------------------- | --------------------------------------
unix.handle_sigtstp | Handle SIGTSTP and SIGCONT signals. Disabled by default
unix.handle_sigtstp | Handle SIGTSTP and SIGCONT signals. (default: false)
`handle_sigtstp` enables handling of SIGTSTP and SIGCONT signals (*since 2.43.0*).

6
docs/user-guide/install.md
View File

@ -92,12 +92,12 @@ run by PurpleI2P community member [villain](https://twitter.com/el_villano_loco)
systemctl enable --now i2pd
## ArchLinux
## Arch
i2pd packages are available at Community repository for [release version](https://archlinux.org/packages/community/x86_64/i2pd/), and AUR for
i2pd packages are available at Arch's repository for [release version](https://archlinux.org/packages/community/x86_64/i2pd/), and AUR for
[nightly builds](https://aur.archlinux.org/packages/i2pd-git/)
## Gentoo Linux
## Gentoo
i2pd [has a working ebuild in the main gentoo repository](https://packages.gentoo.org/packages/net-vpn/i2pd). As of May 2018, the ebuild
is still listed as "unstable", and thus will request an exception in your package.keywords if you are using gentoo under the "stable" branch.

2
docs/user-guide/run.md
View File

@ -4,7 +4,7 @@ Running i2pd
Starting, stopping and reloading configuration
----------------------------------------------
This chapter explains how to start and manage the i2pd daemon under \*nix operation systems.
This chapter explains how to start and manage the i2pd daemon under Unix-like operation systems.
After you have built i2pd from source, just run the binary:

93
docs/user-guide/tunnels.md
View File

@ -56,8 +56,8 @@ Available LeaseSet **types** (parameter `i2cp.leaseSetType = <code>` in a tunnel
Type | Code | Comment
----------- | ---- | -----------
OLD | 1 | **Default** for server tunnels because encryption type for server is `0`
STANDARD | 3 | **Default** for client tunnels because encryption type can be `0` or `4`
OLD | 1 | Deprecated
STANDARD | 3 | **Default**
ENCRYPTED | 5 | Encrypted LeaseSet. Hiding information from floodfill
META | 7 | Not implemented
@ -67,11 +67,11 @@ Available LeaseSet **encryption** types (parameter `i2cp.leaseSetEncType = <code
Type | Code | Comment
------------------------------------ | ---- | -----------
ELGAMAL | 0 | **Default** for destinations
ELGAMAL | 0 | **Default** (only for support old routers)
ECIES_P256_SHA256_AES256CBC | 1 | Not compatible with Java router
*ECIES_P384_SHA384_AES256CBC* | 2 | Not implemented
*ECIES_P521_SHA512_AES256CBC* | 3 | Not implemented
ECIES_X25519_AEAD | 4 | **Default** for routers
ECIES_X25519_AEAD | 4 | **Default**
Client tunnels
--------------
@ -100,13 +100,15 @@ Optional parameters:
Option | Description
--------------------|--------------------
address | local interface tunnel binds to, '127.0.0.1' for connections from local host only, '0.0.0.0' for connections from everywhere. '127.0.0.1' by default
signaturetype | signature type for new keys. 0 (DSA), 1 (ECDSA-P256), 7 (EDDSA), 11 (RedDSA). RSA signatures (4,5,6) are not allowed and will be changed to 7. 7 by default
cryptotype | crypto type for new keys. Experimental. Should be always 0
destinationport | connect to particular port at destination. 0 by default (targeting first tunnel on server side for destination)
keepaliveinterval | send ping to the destination after this interval in seconds. 0 by default meaning no pings
address | Local interface tunnel binds to, '127.0.0.1' for connections from local host only, '0.0.0.0' for connections from everywhere. (default: 127.0.0.1)
port | Port of client tunnel.
signaturetype | Signature type for new keys. RSA signatures (4,5,6) are not allowed and will be changed to 7. (default: 7)
cryptotype | Crypto type for new keys. Experimental. Should be always 0
destinationport | Connect to particular port at destination. 0 by default (targeting first tunnel on server side for destination)
keepaliveinterval | Send ping to the destination after this interval in seconds. (default: 0 - no pings)
keys | Keys for destination. When same for several tunnels, will be using same destination for every tunnel.
So, given the example above, if you connected to 127.0.0.1:6668 on localhost, i2pd would tunnel that connection to irc.ilita.i2p
So, given the example above, if you connected to 127.0.0.1:6668 on localhost, i2pd would tunnel that connection to irc.ilita.i2p.
Server/generic tunnels
----------------------
@ -136,13 +138,16 @@ Optional parameters:
Option | Description
--------------------|--------------------
inport | (non-TCP non-UDP) I2P local destination port to listen to; an unsigned 16-bit integer. What port at local destination server tunnel listens to. Same as *port* by default
accesslist | list of comma-separated of b32 address (without .b32.i2p) allowed to connect. Everybody is allowed by default
gzip | turns internal compression off if set to false. true by default
signaturetype | means signature type for new keys. 0 - DSA, 1- ECDSA-P256, 7 -EDDSA, 11 -RedDSA. 7 by default
cryptotype | crypto type for new keys. Experimental. Should be always 0
enableuniquelocal | if true, connection to local address will look like 127.x.x.x where x.x.x is first 3 bytes of incoming connection peer's ident hash. true by default
host | IP address of server (on this address i2pd will send data from I2P)
port | Port of server tunnel.
inport | (non-TCP non-UDP) I2P local destination port to listen to; an unsigned 16-bit integer. What port at local destination server tunnel listens to (default: same as *port*)
accesslist | List of comma-separated of b32 address (without .b32.i2p) allowed to connect. Everybody is allowed by default
gzip | Turns internal compression off if set to false. (default: false)
signaturetype | Signature type for new keys. (default: 7)
cryptotype | Crypto type for new keys. Experimental. Should be always 0
enableuniquelocal | If true, connection to local address will look like 127.x.x.x where x.x.x is first 3 bytes of incoming connection peer's ident hash. (default: true)
address | IP address of an interface tunnel is connected to *host* from. Usually not used
keys | Keys for destination. When same for several tunnels, will be using same destination for every tunnel.
Server/http tunnels
-------------------
@ -164,9 +169,8 @@ Optional parameters:
Option | Description
--------------------|--------------------
hostoverride | value to send in 'Host:' header, default: the same as *host* parameter
gzip | should we compress contents at I2P level. default: true
ssl | use SSL connection to upstream server. `hostoverride` parameter can be used to set SNI domain. default: false (since 2.44.0)
hostoverride | Value to send in 'Host:' header, default: the same as *host* parameter
ssl | Use SSL connection to upstream server. `hostoverride` parameter can be used to set SNI domain. default: false (since 2.44.0)
Server/IRC tunnels
-------------------
@ -177,7 +181,7 @@ Optional parameters:
Option | Description
--------------------|--------------------
webircpassword | password to send with WEBIRC command
webircpassword | Password to send with WEBIRC command
UDP Tunnels
-----------
@ -196,10 +200,11 @@ port = 1194
Option | Description
--------------------|--------------------
destination | the I2P destination of a udpserver tunnel, required parameter
address | IP address to bind local UDP endpoint to, defaults to `127.0.0.1`
port | port to bind local UDP endpoint to, required parameter
gzip | turns internal compression off if set to false. true by default
destination | The I2P destination of a udpserver tunnel, required parameter
address | IP address to bind local UDP endpoint to (default: `127.0.0.1`)
port | Port to bind local UDP endpoint to, required parameter
gzip | Turns internal compression off if set to false. (default: false)
keys | Keys for destination. When same for several tunnels, will be using same destination for every tunnel.
`udpserver` forwards traffic from N I2P destinations to 1 local UDP endpoint
@ -213,10 +218,11 @@ port = 1194
Option | Description
--------------------|--------------------
address | IP address to use for local UDP endpoints, defaults to `127.0.0.1`
address | IP address to use for local UDP endpoints (default: `127.0.0.1`)
host | IP address to forward traffic to, required parameter
port | UDP port to forward traffic on, required parameter
gzip | turns internal compression off if set to false. true by default
gzip | Turns internal compression off if set to false. (default: false)
keys | Keys for destination. When same for several tunnels, will be using same destination for every tunnel.
Socks proxy
-----------
@ -235,7 +241,7 @@ keys = socks-keys.dat
Option | Description
--------------------|--------------------
address | local address Socks proxy binds to, defaults to `127.0.0.1`
address | Local address Socks proxy binds to (default: `127.0.0.1`)
port | TCP port Socks proxy binds to
I2CP parameters
@ -245,22 +251,23 @@ These I2CP parameter are common for all tunnel types and specify settings for a
Parameter | Description
------------------------------|--------------------
inbound.length | number of hops of an inbound tunnel. 3 by default, 8 by max; lower value is faster but dangerous
outbound.length | number of hops of an outbound tunnel. 3 by default, 8 by max; lower value is faster but dangerous
inbound.quantity | number of inbound tunnels. 5 by default, 16 by max
outbound.quantity | number of outbound tunnels. 5 by default, 16 by max
inbound.lengthVariance | random number of hops to add or subtract to an inbound tunnel between -3 and 3. 0 by default **(since 2.42.0)**
outbound.lengthVariance | random number of hops to add or subtract to an outbound tunnel between -3 and 3. 0 by default **(since 2.42.0)**
crypto.tagsToSend | number of ElGamal/AES tags to send. 40 by default; too low value may cause problems with tunnel building
explicitPeers | list of comma-separated b64 addresses of peers to use, default: unset
i2p.streaming.initialAckDelay | milliseconds to wait before sending Ack. 200 by default
i2p.streaming.answerPings | enable sending pongs. true by default
i2cp.leaseSetType | type of LeaseSet to be sent. 1, 3 or 5. 1 by default
i2cp.leaseSetEncType | comma separated encryption types to be used in LeaseSet type 3 or 5. Identity's type by default
i2cp.leaseSetPrivKey | decryption key for encrypted LeaseSet in base64. PSK or private DH
i2cp.leaseSetAuthType | authentication type for encrypted LeaseSet. 0 - no authentication(default), 1 - DH, 2 - PSK
i2cp.leaseSetClient.dh.nnn | client name:client's public DH in base64, for authentication type 1, nnn is integer
i2cp.leaseSetClient.psk.nnn | client name:client's PSK in base64, for authentication type 2, nnn is integer
inbound.length | Number of hops of an inbound tunnel. 3 by default, 8 by max; lower value is faster but have more deanonimize risks
outbound.length | Number of hops of an outbound tunnel. 3 by default, 8 by max; lower value is faster but have more deanonimize risks
inbound.quantity | Number of inbound tunnels. 5 by default, 16 by max
outbound.quantity | Number of outbound tunnels. 5 by default, 16 by max
inbound.lengthVariance | Random number of hops to add or subtract to an inbound tunnel between -3 and 3. 0 by default **(since 2.42.0)**
outbound.lengthVariance | Random number of hops to add or subtract to an outbound tunnel between -3 and 3. 0 by default **(since 2.42.0)**
crypto.tagsToSend | Number of ElGamal/AES tags to send. 40 by default; too low value may cause problems with tunnel building
crypto.ratchet.inboundTags | None for now
explicitPeers | List of comma-separated b64 addresses of peers to use (default: unset)
i2p.streaming.initialAckDelay | Milliseconds to wait before sending Ack. (default: 200)
i2p.streaming.answerPings | Enable sending pongs. true by default
i2cp.leaseSetType | Type of LeaseSet to be sent. 1, 3 or 5. (default: 3)
i2cp.leaseSetEncType | Comma separated encryption types to be used in LeaseSet type 3 or 5. (default: 0,4)
i2cp.leaseSetPrivKey | Decryption key for encrypted LeaseSet in base64. PSK or private DH
i2cp.leaseSetAuthType | Authentication type for encrypted LeaseSet. 0 - no authentication(default), 1 - DH, 2 - PSK
i2cp.leaseSetClient.dh.nnn | Client name:client's public DH in base64, for authentication type 1, nnn is integer
i2cp.leaseSetClient.psk.nnn | Client name:client's PSK in base64, for authentication type 2, nnn is integer
Other examples
--------------