this post was submitted on 11 Sep 2024
36 points (100.0% liked)

Privacy

31991 readers
507 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

A lot many individuals run TOR exit nodes, but I never hear about people running their own I2P outproxies. Is it really hard to host, or is there some other reason? I thought that if you could run a TOR exit node I'd think you'd be just fine running an I2P outproxy.

Running more outproxies will help in bridging torrents from the clearnet to I2P, which would be a very good move considering the crackdowns on torrents right now. Companies even want to involve civilians into their lawsuits in Sweden now, making the need for privacy/anonymity even more important when torrenting, which I2P provides.

you are viewing a single comment's thread
view the rest of the comments
[–] Findmysec@infosec.pub 4 points 2 months ago (1 children)

Would you know where I can find a guide to load balance I2P routers?

[–] sploodged@lemmy.dbzer0.com 4 points 2 months ago* (last edited 1 month ago) (1 children)

You can do multihoming, might be the easiest thing to do for a service: https://geti2p.net/spec/proposals/140-invisible-multihoming

Multihoming is a pretty simple way of load balancing and i think the way it works is the last router to announce is the one that's used, so it should cycle through all routers periodically.

It's also used to place i2p routers hosting a service in multiple places so it makes correlation attacks (ex downtime at exact time of a known electric outage in an area) more difficult.

Backend setup for your service

If we have a service like an http proxy service or a website available on port 6000, and 2 i2p routers, they'd both need access to that port. An outproxy may do this with port forwarding from a clean outernet connection(s) going through their proxy setup ex privoxy/haproxy/tinyproxy dns. They're less worried about correlation attacks so the routers may be all or mostly in one area using port forwarding over lan or VM's. A website that's concerned about correlation attacks may have separate instances of the website running on each router in different areas, with the website's backend syncing with the other routers in the background through other methods such as an encrypted lease-set.

Router setup

Each router needs the same exact key for the actual .i2p address. The easy way to do this is in the java router (i2p+ is good for this, install guide/official site go to service tunnels > make new server http tunnel, enter the port 6000, give it a name like "Outproxy", private key file a name like "outproxy.dat" and make sure optimize for Multihoming is on.

Other recommended additions in your tunnel config

  • Automatically start tunnel: on
  • TOTAL of 16 tunnels in/out (maximum) across all routers: 3 hops for good anonymity, outproxies not concerned with their own anonymity could reduce this for more performance. If you have 2 routers, use 8 tunnels for each.
  • Reduce tunnels to conserve resources: idle period 15-20 minutes, reduced count: low number like 2-3. This usually works well since the tunnels can be built back in an order of ms's on a good i2p router and not wasting resources keeping them open. It could introduce a slight delay though. High traffic situations might make sense to leave that off.

Then save and start, key file is generated.

Copy key file and a tunnel config file

Locations for .config file and key (.dat):

/i2p/.i2p/outproxy.dat

/i2p/.i2p/i2ptunnel.config.d/XX-outproxy-i2ptunnel.config

Then copy the key and config files to the other i2p routers in the same locations. Shouldn't need to go through setup with the config file present. Most important is it has the same key file, so they'll all use the same address.

[–] Findmysec@infosec.pub 2 points 2 months ago