i2pd documentation
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

16 KiB

i2pd configuration

i2pd can be configured via either command-line arguments or config files. Modifying i2pd.conf is just a way of passing command line arguments to i2pd at boot; for example, running i2pd with argument --port=10123 and setting option port = 10123 in config file will have the same effect.

There are two separate config files: i2pd.conf and tunnels.conf. i2pd.conf is the main configuration file, where you configure all options. tunnels.conf is the tunnel configuration file, where you configure I2P hidden services and client tunnels. the tunnels.conf options are documented here.

i2pd.conf accets INI-like syntax, such as the following : = . Comments are "#", not ";" as you might expect. See boost ticket All command-line parameters are allowed as keys, but for those which contains dot (.), there is a special syntax.

For example:

i2pd.conf:

# comment
log = true
ipv6 = true
# settings for specific module
[httpproxy]
port = 4444
# ^^ this will be --httproxy.port= in cmdline
# another comment
[sam]
enabled = true

You are also encouraged to see the commented config with examples of all options in contrib/i2pd.conf.

Options specified on the command line take precedence over those in the config file. If you are upgrading your very old router (< 2.3.0) see also this page.

Available options

Run ./i2pd --help to show builtin help message (default value of option will be shown in braces)

General options

Option Description
conf Config file (default: ~/.i2pd/i2pd.conf or /var/lib/i2pd/i2pd.conf). This parameter will be silently ignored if the specified config file does not exist.
tunconf Tunnels config file (default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf)
pidfile Where to write pidfile (default: i2pd.pid, not used in Windows)
log Logs destination: stdout, file, syslog (stdout if not set, file - otherwise, for compatibility)
logfile Path to logfile (default - autodetect)
loglevel Log messages above this level (debug, info, warn, error, none; default - info)
logclftime Write full CLF-formatted date and time to log (default: write only time)
datadir Path to storage of i2pd data (RI, keys, peer profiles, ...)
host Router external IP for incoming connections
port Port to listen for incoming connections (default: auto)
daemon Router will go to background after start
service Router will use system folders like '/var/lib/i2pd'
ifname Network interface to bind to
ifname4 Network interface to bind to for IPv4
ifname6 Network interface to bind to for IPv6
nat If true, assume we are behind NAT. true by default
ipv4 Enable communication through IPv4. true by default
ipv6 Enable communication through IPv6. false by default
notransit Router will not accept transit tunnels, disabling transit traffic completely. false by default
floodfill Router will be floodfill. false by default
bandwidth Bandwidth limit: integer in KBps or letters: L (32), O (256), P (2048), X (>9000)
share Max % of bandwidth limit for transit. 0-100. 100 by default
family Name of a family, router belongs to
netid Network ID, router belongs to. Main I2P is 2.
ssu Enable SSU transport protocol (use UDP). true by default
ntcp Enable NTCP transport protocol (use TCP). true by default
ntcpproxy Specify proxy server for NTCP. Should be http://address:port or socks://address:port

Notes

datadir and service options are only used as arguments for i2pd, these options have no effect when set in i2pd.conf.

Windows-specific options

Option Description
svcctl Windows service management (--svcctl="install" or --svcctl="remove")
insomnia Prevent system from sleeping
close Action on close: minimize, exit, ask

All options below still possible in cmdline, but better write it in config file:

HTTP webconsole

Option Description
http.enabled If webconsole is enabled. true by default
http.address The address to listen on (HTTP server)
http.port The port to listen on (HTTP server) 7070 by default
http.auth Enable basic HTTP auth for webconsole
http.user Username for basic auth (default: i2pd)
http.pass Password for basic auth (default: random, see logs)
http.strictheaders Enable strict host checking on WebUI. true by default
http.hostname Expected hostname for WebUI (default: localhost)

HTTP proxy

Option Description
httpproxy.enabled If HTTP proxy is enabled. true by default
httpproxy.address The address to listen on (HTTP Proxy)
httpproxy.port The port to listen on (HTTP Proxy) 4444 by default
httpproxy.addresshelper Enable address helper (jump). true by default
httpproxy.keys Optional keys file for HTTP proxy local destination
httpproxy.signaturetype Signature type for new keys if keys file is set. 7 by default
httpproxy.inbound.length Inbound tunnels length if keys is set. 3 by default
httpproxy.inbound.quantity Inbound tunnels quantity if keys is set. 5 by default
httpproxy.outbound.length Outbound tunnels length if keys is set. 3 by default
httpproxy.outbound.quantity Outbound tunnels quantity if keys is set. 5 by default
httpproxy.outproxy HTTP proxy upstream out proxy url (like http://false.i2p)

Socks proxy

Option Description
socksproxy.enabled If SOCKS proxy is enabled. true by default
socksproxy.address The address to listen on (SOCKS Proxy)
socksproxy.port The port to listen on (SOCKS Proxy). 4447 by default
socksproxy.keys Optional keys file for SOCKS proxy local destination
socksproxy.signaturetype Signature type for new keys if keys file is set. 7 by default
socksproxy.inbound.length Inbound tunnels length if keys is set. 3 by default
socksproxy.inbound.quantity Inbound tunnels quantity if keys is set. 5 by default
socksproxy.outbound.length Outbound tunnels length if keys is set. 3 by default
socksproxy.outbound.quantity Outbound tunnels quantity if keys is set. 5 by default
socksproxy.outproxy Address of outproxy. requests outside I2P will go there
socksproxy.outproxyport Outproxy remote port

SAM interface

Option Description
sam.address The address to listen on (SAM bridge)
sam.port Port of SAM bridge. Usually 7656. SAM is off if not specified
sam.enabled If SAM is enabled. true by default
sam.singlethread If false every SAM session runs in own thread. true by default

BOB interface

Option Description
bob.address The address to listen on (BOB command channel)
bob.port Port of BOB command channel. Usually 2827. BOB is off if not specified
bob.enabled If BOB is enabled. false by default

I2CP interface

Option Description
i2cp.address The address to listen on or an abstract address for Android LocalSocket
i2cp.port Port of I2CP server. Usually 7654. Ignored for Andorid
i2cp.enabled If I2CP is enabled. false by default. Other services don't require I2CP

I2PControl interface

Option Description
i2pcontrol.address The address to listen on (I2P control service)
i2pcontrol.port Port of I2P control service. Usually 7650. I2PControl is off if not specified
i2pcontrol.enabled If I2P control is enabled. false by default
i2pcontrol.password I2P control authentication password. itoopie by default
i2pcontrol.cert I2P control HTTPS certificate file name. i2pcontrol.crt.pem by default
i2pcontrol.key I2P control HTTPS certificate key file name. i2pcontrol.key.pem by default

UPNP

Option Description
upnp.enabled Enable or disable UPnP, false by default for CLI and true for GUI (Windows, Android)
upnp.name Name i2pd appears in UPnP forwardings list. I2Pd by default

Cryptography

Option Description
precomputation.elgamal Use ElGamal precomputated tables. false for x64 and true for other platforms by default

Reseeding

Option Description
reseed.verify Verify .su3 signature. false by default
reseed.urls Reseed URLs, separated by comma
reseed.file Path to local .su3 file or HTTPS URL to reseed from
reseed.zipfile Path to local .zip file to reseed from
reseed.threshold Minimum number of known routers before requesting reseed. 25 by default
reseed.proxy Url for https/socks reseed proxy

Addressbook options

Option Description
addressbook.defaulturl AddressBook subscription URL for initial setup
addressbook.subscriptions AddressBook subscriptions URLs, separated by comma

Limits

Option Description
limits.transittunnels Override maximum number of transit tunnels. 2500 by default
limits.openfiles Limit number of open file descriptors (0 - use system limit)
limits.coresize Maximum size of corefile in Kb (0 - use system limit)
limits.ntcpsoft Threshold to start probabalistic backoff with ntcp sessions (0 - use system limit)
limits.ntcphard Maximum number of ntcp sessions (0 - use system limit)

Trust options

Option Description
trust.enabled Enable explicit trust options. false by default
trust.family Make direct I2P connections only to routers in specified Family.
trust.routers Make direct I2P connections only to routers specified here. Comma separated list of base64 identities.
trust.hidden Should we hide our router from other routers? false by default

Websocket server

Option Description
websockets.enabled Enable websocket server. Disabled by default
websockets.address Address to bind websocket server on. 127.0.0.1 by default
websockets.port Port to bind websocket server on. 7666 by default

Exploratory tunnels

Option Description
exploratory.inbound.length Exploratory inbound tunnels length. 2 by default
exploratory.inbound.quantity Exploratory inbound tunnels quantity. 3 by default
exploratory.outbound.length Exploratory outbound tunnels length. 2 by default
exploratory.outbound.quantity Exploratory outbound tunnels length. 3 by default

NTCP2

Option Description
ntcp2.enabled Enable NTCP2. Enabled by default
ntcp2.published Enable incoming NTCP2 connections. Disabled by default
ntcp2.port Port to listen for incoming NTCP2 connections (default: auto)
ntcp2.addressv6 External IPv6 for incoming connections

Time sync

Option Description
nettime.enabled Enable NTP sync. Disabled by default
nettime.ntpservers Comma-separated list of NTP server. pool.ntp.org by default
nettime.ntpsyncinterval NTP time sync interval in hours. 72 by default

Network information persist

Option Description
persist.profiles Enable peer profile persisting to disk. Enabled by default

Local addressbook

There is also a special addressbook config file in the working directory at addressbook/local.csv. It is used to map long I2P destinations to short, human readable domain names. The syntax is csv and it can be modified manually if the user wishes.