• 0 Posts
  • 5 Comments
Joined 6 months ago
Cake day: March 28th, 2024
  • sploodged@lemmy.dbzer0.comtoPrivacy@lemmy.mlIs StormyCloud the only I2P outproxy?
    31·
    7 days ago

    You can do multihoming, might be the easiest thing to do for a service: https://geti2p.net/spec/proposals/140-invisible-multihoming

    Multihoming is a pretty simple way of load balancing and i think the way it works is the first router to respond is the one that’s used. So ideally the one used by any given client should be the most responsive i2p router.

    It’s also used to place i2p routers hosting a service in multiple places so it makes correlation attacks (ex downtime at exact time of a known electric outage in an area) more difficult.

    Backend setup for your service

    If we have a service like an http proxy service or a website available on port 6000, and 2 i2p routers, they’d both need access to that port. An outproxy may do this with port forwarding from a clean outernet connection(s) going through their proxy setup ex privoxy/haproxy/tinyproxy dns. They’re less worried about correlation attacks so the routers may be all or mostly in one area using port forwarding over lan or VM’s. A website that’s concerned about correlation attacks may have separate instances of the website running on each router in different areas, with the website’s backend syncing with the other routers in the background through other methods such as an encrypted lease-set.

    Router setup

    Each router needs the same exact key for the actual .i2p address. The easy way to do this is in the java router (i2p+ is good for this, install guide/official site go to service tunnels > make new server http tunnel, enter the port 6000, give it a name like “Outproxy”, private key file a name like “outproxy.dat” and make sure optimize for Multihoming is on.

    Other recommended additions in your tunnel config

    • Automatically start tunnel: on
    • 16 tunnels in/out (maximum): 3 hops for good anonymity, outproxies not concerned with their own anonymity could reduce this for more performance.
    • Reduce tunnels to conserve resources: idle period 15-20 minutes, reduced count: low number like 2-3. This usually works well since the tunnels can be built back in an order of ms’s on a good i2p router and not wasting resources keeping them open. It could introduce a slight delay though. High traffic situations might make sense to leave that off.

    Then save and start, key file is generated.

    Copy key file and a tunnel config file

    Locations for .config file and key (.dat):

    /i2p/.i2p/outproxy.dat

    /i2p/.i2p/i2ptunnel.config.d/XX-outproxy-i2ptunnel.config

    Then copy the key and config files to the other i2p routers in the same locations. Shouldn’t need to go through setup with the config file present. Most important is it has the same key file, so they’ll all use the same address.

  • sploodged@lemmy.dbzer0.comtoPrivacy@lemmy.mlIs StormyCloud the only I2P outproxy?
    9·
    8 days ago

    stormycloud is the biggest, there’s also acetone and purokishi that are both very reliable. there’s a couple others that aren’t as stable right now. i2p’s about inter-network services that often work without any need of the clearnet, tor is a better option if you’re looking to do clearnet things.

    torrents don’t get bridged through the (mainly 3!) outproxies in i2p. they’re bridged by random people cross-seeding torrents through clients like qbittorrent or bigly bt which work in both i2p and clearnet. Or, you can download a torrent from clearnet normally and change the trackers to i2p only trackers, then add to i2psnark. In both cases using biglybt/qbittorrent you should be able to connect to peers from i2p and clearnet through the people that do this, functioning as your own outproxy in a way.

    Anyone can easily bring over clearnet torrents into i2p, and they are more than welcome to do so!

    So i’m not disagreeing with you about i2p needing more outproxies, more is better, but tor does this already (and arguably does it better since there’s so many exit nodes) so i don’t think the demand is as big. You’re right that it’s pretty similar running an i2p proxy. As far as i know it’s a very similar process running tor exit nodes vs i2p outproxy, i think acetone is also a tor exit node (i might be wrong on that), purokishi routes some things through tor, and stormycloud until somewhat recently mainly focused on running a fleet of tor exit nodes.

    The nature of i2p means that to get faster speeds these providers may be running many i2p routers to provide lots of tunnels and load balance them, so i think that aspect is more technically challenging but i’ve never done it at scale myself. I think you’d need a handful of well resourced/connected i2p routers to offer a consistently good outproxy service.