This document serves as a small tutorial for new and/or existing Monero node operators who wish to support I2P users by allowing their nodes to communicate p2p through I2P.
You should be able to get through this document and host an I2P node in ~20 minutes.
- Linux system, can be behind a firewall (i.e: home network)
- Latest monero (CLI) release: link
- Latest I2P-Zero (v1.12 at time of writing): link
I2P-Zero (also refered to as i2pz) is a small footprint I2P router. It has a slimmed down Java runtime embedded and as such has zero dependencies.
This program has a control port on 8051 which you can use to create I2P service(s), which is a simple plaintext protocol. To interact with it, use tunnel-control.sh or, alternatively simply use netcat: echo -e "version" | nc 127.0.0.1 8051.
I2P-Zero comes with A GUI but we will not be using that, since you are most likely installing on a server.
In short, I2P-Zero allows us to:
- Host an 'eepsite' (I2P website)
- Host any service on the I2P network (for example; forward a local web server at
127.0.0.1:80to be available via I2P. - Create a local SOCKS proxy, which you can use to tunnel traffic through.
Our goal is to host a fully operational node over I2P, so we'll need to configure both incoming and outbound traffic over I2P:
- For hosting monerod over I2P, we'll need option 2.
- For sending traffic into I2P we'll need option 3.
- Unpack and navigate to
i2p-zero-linux.vX.XX/router/bin. - Launch the I2P-Zero process;
./launch.sh - ???
- w00t!!
verify it is running: netstat -tulpn | grep '8051' (we are grepping for the control port).
A systemd startup script is available for /etc/systemd/system/i2pzero.service:
[Unit]
Description=i2pzero
[Service]
Type=simple
ExecStart=/bin/bash /home/i2pz/i2p-zero-linux.v1.10/router/bin/launch.sh
User=i2pz
Group=i2pz
[Install]
WantedBy=multi-user.target
Change paths as you wish, reload systemd: systemctl daemon-reload, then you can do service i2pzero start.
verify it is running: netstat -tulpn | grep '8051'.
First thing we need to do is register an I2P service/server:
./tunnel-control.sh server.create 127.0.0.1 48083
The output will give you an I2P b32 address, for example:
suspiciouslyrandomandverylongstring.b32.i2p
This will be the address of your I2P server/service and will be used for incoming connections.
To allow our node to relay incoming transactions over I2P, we need to make outbound connections over I2P. To send traffic into I2P, we'll need to create a SOCKS tunnel. I2P-Zero can do this for us.
Execute the following to create a SOCKS tunnel:
./tunnel-control.sh socks.create 48085
I2P-Zero will acknowledge the creation of this tunnel with a simple OK.
To monitor the tunnel:
./tunnel-control.sh all.list | python -m json.tool
Time to launch monerod. The flag we should include is --anonymous-inbound (documentation) so that monerod knows what our 'public' I2P server address & port is.
The format is --anonymous-inbound <address>,127.0.0.1:<M> where M is a free local port and address is your b32.i2p address.
We previously assigned port 48083 to our I2P server. Our flag becomes:
--anonymous-inbound "suspiciouslyrandomandverylongstring.b32.i2p,127.0.0.1:48083"
Another flag you should include is --proxy (documentation). Failure to include this flag will result in your node not being able to relay transactions into the I2P network. You should always include this flag.
--proxy i2p,127.0.0.1:48085
The last flag you should include is --add-peer which specifies an existing I2P seed node (also called mipseed) to connect to. Without this command, you will not be able to relay transactions as you're not connected to any nodes.
--add-peer "dsc7fyzzultm7y6pmx2avu6tze3usc7d27nkbzs5qwuujplxcmzq.b32.i2p"
A systemd startup script is available for /etc/systemd/system/monerod.service:
[Unit]
Description=monerod
After=network.target
[Service]
Type=forking
PIDFile=/home/monero/monerod.pid
ExecStart=/home/monero/monero-x86_64-linux-gnu.0.14.1.0/monerod --anonymous-inbound "suspiciouslyrandomandverylongstring.b32.i2p,127.0.0.1:48083" --restricted-rpc --detach --pidfile /home/monero/monerod.pid
User=monero
Group=monero
[Install]
WantedBy=multi-user.target
Change as you see fit.
To wrap up, the above 3 flags (--anonymous-inbound, --proxy, --add-peer) are needed to get an I2P-Zero powered Monero node hosted.
For comprehensibility, I will include the full monerod command that I personally use on my public RPC Monero node that's on a server:
./monerod
--max-concurrency 4 \
--rpc-bind-ip YOUR.IP \
--rpc-bind-port 18089 \
--restricted-rpc \
--public-node \
--anonymous-inbound "suspiciouslyrandomandverylongstring.b32.i2p,127.0.0.1:48083" \
--proxy i2p,127.0.0.1:48085 \
--add-peer "dsc7fyzzultm7y6pmx2avu6tze3usc7d27nkbzs5qwuujplxcmzq.b32.i2p" \
--confirm-external-bind
Further readings:
@sanderfoobar please forgive me for necro bumping this >_< , this guide still works, just fine, it's just
--add-peeris not required anymore, but doesn't hurt. This guide has undoubtedly helped many people enable i2p, thank you.@CocolinoFan please update to the latest versions of monero as the i2p print out has been updated.
reg port 4447: IIRC i2pd, by default, is running a socks proxy on that port, you do not need 0.0.0.0 as the ip, so you can actually delete that socks entry. you only need the server and optionally http if you want to provide a public node over i2p (pointing the port to your nodes restricted rpc port). there is also (post #19) an i2pd example here (albeit for wownero with different ports) https://web.archive.org/web/20231001021517/https://forum.wownero.com/index.php?topic=588.15