adnan360 1993a6aa14 Change order of proxy rule to fix .onion sites | %!s(int64=3) %!d(string=hai) anos | |
---|---|---|
.. | ||
XD | %!s(int64=3) %!d(string=hai) anos | |
XD-data | %!s(int64=3) %!d(string=hai) anos | |
i2pd | %!s(int64=3) %!d(string=hai) anos | |
i2pd-data | %!s(int64=3) %!d(string=hai) anos | |
icecat | %!s(int64=3) %!d(string=hai) anos | |
icecat-data | %!s(int64=3) %!d(string=hai) anos | |
tor-data | %!s(int64=3) %!d(string=hai) anos | |
.gitignore | %!s(int64=3) %!d(string=hai) anos | |
FoxyProxy Standard presets.json | %!s(int64=3) %!d(string=hai) anos | |
README.md | %!s(int64=3) %!d(string=hai) anos | |
run-browser.sh | %!s(int64=3) %!d(string=hai) anos |
TOR is not encouraged to be used for torrenting. But I2P is designed to be torrented over and somewhat encouraged. It can also be used to browse special websites on I2P called "eepsites". The best way to enjoy I2P is to have a browser configured to use it. So I wanted to create a bundle that stays in a folder and can be used on any GNU/Linux distro.
I like the idea behind I2P but the default build requires having JDK installed on your machine. So I was interested in a solution that works without Java, so was looking into i2pd, the C++ implementation of I2P.
WARNING: The instructions are not designed for privacy and security in mind and should not be considered as reliable. You are responsible for how you use it and what you access with it. I'm not responsible for any kind of damage.
When finished, you will be able to:
Make a directory somewhere. e.g. ~/i2p-bundle
mkdir i2p-bundle
cd i2p-bundle
i2pd, is the C++ implementation of I2P.
You can also use a system install of i2pd, but if your distro doesn't have the package for it, then build from repo:
git clone --depth=1 https://github.com/PurpleI2P/i2pd.git
cd i2pd
make
# this will create a `i2pd` binary
cd ..
If you want to run i2pd now you can (optional):
ulimit -n 4096
i2pd/i2pd --datadir i2pd-data
The ulimit
is needed on linux to increase open file limit. i2pd-data
directory will be created and all the i2pd related data will be stored in there. Ctrl+C when done.
XD is a BitTorrent client specifically created to be used with I2P (and I2Pd). It has a minimal webui to add and manage your torrents kind of like I2P snark.
Right now AUR has a xd-torrent. You may not have XD in your distro's repo, so we'll build from source. You may need to install go
and make
for this.
git clone --depth=1 https://github.com/majestrate/XD.git
cd XD
make
cd ..
To run you can do (optional):
mkdir XD-data
cd XD-data
../XD/XD torrents.ini; cd ..
XD related data should now be stored in XD-data
. We cd
into the directory because the default ini created will use current dir so we save ourselves from some edits. You should now be able to access the webui on http://127.0.0.1:1776/
. You may have to whitelist blacklisted JS scripts from toolbar's LibreJS icon to use it. Ctrl+C when done.
You can build tor from source and put the files on a tor
directory. Here, we're using the repo version installed from the distro package repo.
To run (optional):
tor --User "" --DataDirectory "$PWD/tor-data" --SOCKSPort 9450
--User
is set to blank because setting a user requires tor to be run as root. --DataDirectory
is set to the path where tor can save its files. It has $PWD
included because tor complains if absolute path is not used in param. --SOCKSPort
is set to the port which is included in FoxyProxy Standard config file.
If you want to use a torrc
file to introduce new settings or for any other reason, copy the tor-data/torrc
file in this directory to a new directory called tor-data
. The file is just a standard torrc file with:
User tor
commented, so that it can be run as normal userDataDirectory
set to our tor-data
SOCKSPort
to 9450
to not conflict with system serviceThe run command should then contain a -f
option:
tor -f tor-data/torrc
I'm using IceCat here, but you can use any Firefox based browser here, even system installed ones. But whetever you use, be careful of the privacy implications.
Go to IceCat homepage and click "Latest release". Then download either icecat-60.7.0.en-US.gnulinux-x86_64.tar.bz2
or icecat-60.7.0.en-US.gnulinux-i686.tar.bz2
depending on your OS architecture (run uname -m
to find out).
tar -xf /path/to/icecat-*.en-US.gnulinux-*.tar.bz2 -C ~/i2p-bundle
To run it:
mkdir -p icecat-data
icecat/icecat --no-remote --profile "$PWD/icecat-data"
--no-remote
is to start a new separate instance and not to use any Firefox or other browser already running on the system.
Run it and disable Onion Browser Button addon (we'll use FoxyProxy instead). Now install FoxyProxy Standard addon. Click the FoxyProxy icon, then click "Options", then click "Import settings". Under "Import Settings from FoxyProxy 6.0+" click "Import settings" and open the FoxyProxy Standard presets.json
file. Click OK. If you see the FoxyProxy icon in the toolbar with a red cross, click it and select "Use Enabled Proxies by Patterns and Order".
In newer IceCat browser versions, if you enter an I2P url, for example, stats.i2p
and it searches for it instead of going there, try adding http://
before it, or you can disable searching from location bar by going to about:config
and making keyword.enabled
to false
. As a side effect it will now not search anything you type. So, to make it easier to launch searches, you can go to Settings - Search and select "Add search bar in toolbar" to enable a separate search bar besides the location bar.
Get the run-browser.sh
file from this directory and put it inside the ~/i2p-bundle
directory. Now, ideally, you should be able to move around this directory and use it on any Linux system. To run the browser with all the necessary I2Pd, XD and TOR, just run the ./run-browser.sh
If you want to use system Firefox installation you'll the profile resets every time Firefox starts, can't save settings, can't access HTTPS sites. It is due to unveil being strict. /usr/local/share/doc/pkg-readmes/firefox
says that default unveil settings only allow firefox to access /tmp
and ~/Downloads
. To fix this:
NOTE: We assume i2p browser bundle is in ~/bin/i2p-browser-bundle
. Change the paths if you put files elsewhere. Due to unveil being strict, it can't be that portable in OpenBSD (requiring changes everytime the bundle is moved).
doas nano /etc/firefox/unveil.main
...
~/bin/i2p-browser-bundle/firefox-data rwc
doas nano /etc/firefox/unveil.content
...
~/bin/i2p-browser-bundle/firefox-data r
Since Firefox has problematic default settings, please take care to configure correctly and then use.
WARNING: Yggdrasil was not designed with anonimity in mind. Directly peering with a node with Yggdrasil may reveal your real IP address to them. Since it does not protect your identity, it is logical not to be included by default. Use only if you understand the risk and ok with it.
doas pkg_add yggdrasil-go # replace with anything for your distro or system to install yggdrasil
cd /path/to/i2p-browser-bundle
mkdir yggdrasil-data
yggdrasil -genconf > yggdrasil-data/yggdrasil.conf
Go to https://publicpeers.neilalexander.dev/ then pick the peers that are online and closer to you geographically. Yggdrasil can peer over I2P or TOR. So it is recommended to use those if possible. Details here. Unfortunately I2P and TOR peers don't work for me, at least in OpenBSD. In most cases listing 2-3 peers are fine. Add them to yggdrasil.conf, like:
Peers:
[
tcp://a.b.c.d:e
tcp://d.c.b.a:e
tcp://[a:b:c::d]:e
tcp://[d:c:b::a]:e
]
Run Yggdrasil with:
doas yggdrasil -useconffile yggdrasil-data/yggdrasil.conf
Now try visiting http://[319:3cf0:dd1d:47b9:20c:29ff:fe2c:39be]/
with a normal unproxied browser (like BadWolf). It should show the Yggdrasil website.
However, to configure FoxyProxy, click its toolbar button and open its Options. Click Add, change the title to be "yggdrasil", Proxy Type to "Direct (no proxy)", click "Save and Edit Patterns". One single default rule will be added. Change Type to Reg Exp, change the pattern to be [.*:.*:.*:.*:.*:.*]
, then hit Save. The yggdrasil rule should be the topmost item. Click the down arrow beside it until it is just below "Default" rule.
Extra details:
Running above yggdrasil
should show a IPv6 address starting with 200:
, like:
Your IPv6 address is 200:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
If you don't see it, you can run doas yggdrasilctl getself
and it should show:
IPv6 address: 200:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
...
ref: