Install I2P on Raspberry Pi: Difference between revisions

From WickyWiki
← Older edit
 
(2 intermediate revisions by the same user not shown)
Line 325: Line 325:
</blockquote>
</blockquote>


Write permissions for i2pSnark:
== Permissions  ==


Permissions for i2pSnark to the data disk. Note that the exFat system itself does not support setting permissions for files and folders. This is about access to the data disk.
Here "umask" overrides default settings that do not seem to allow group members to write.
Use the Id command to find the id's:
<source lang=bash>
id
</source>
Specifically:
<source lang=bash>
<source lang=bash>
id i2psvc
id i2psvc
Line 335: Line 345:
sudo nano /ets/fstab
sudo nano /ets/fstab


   /dev/mmcblk0p3 /media/data  exfat  defaults,uid=108,gid=113,noatime  0  2
   /dev/mmcblk0p3 /media/data  exfat  defaults,uid=108,gid=113,noatime,nofail,umask=0003 0  2


#reload fstab
#reload fstab

Latest revision as of 14:52, 4 September 2025


Install i2p on Raspberry Pi

See also

Assumptions

  • In this manual, the IP address of the Raspberry PI machine within the local network is assumed to be '192.168.1.2'.
  • The installation was done as user 'pi'
  • After configuring to start automatically, I2P will run as user 'i2psvc'
  • The assumed port for I2P is 25001. Don't use this value.

Install

Pre-install packages: 

sudo apt update
sudo apt install -y apt-transport-https lsb-release curl

Add repository, add the key and install. This will ensure you will also receive updates: 

#Add repository to sources
echo "deb https://deb.i2p.net/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/i2p.list

#Download key to 'i2p-archive-keyring.gpg '
curl -o i2p-archive-keyring.gpg https://geti2p.net/_static/i2p-archive-keyring.gpg

#Display the key
gpg --keyid-format long --import --import-options show-only --with-fingerprint i2p-archive-keyring.gpg

#Verify the  key:
#7840 E761 0F28 B904 7535  49D7 67EC E560 5BCF 1346

#Copy the keyring to the keyrings directory: 
sudo cp i2p-archive-keyring.gpg /usr/share/keyrings

#Create symlink to the key
sudo ln -sf /usr/share/keyrings/i2p-archive-keyring.gpg /etc/apt/trusted.gpg.d/i2p-archive-keyring.gpg

#Update
sudo apt update

#Upgrade (if applicable)
sudo apt upgrade

#Install
sudo apt install -y i2p i2p-keyring

If you want to start and test as current user: 

i2prouter start
i2prouter status

Note:

  • This way the I2P router will start and run as current user, settings and files are stored here /home/pi/.i2p/clients.config
  • i2prouter should NOT never be started with sudo
  • See below to read how to start i2p automatically and run as user 'i2psvc'

Test

Install terminal based browser and check if the config page is working: 

sudo apt install w3m
w3m http://127.0.0.1:7657/confignet

Upgrade

After upgrading I2P, the service needs to be restarted. Go to the console and click restart. 

sudo apt update
sudo apt upgrade i2p i2p-keyring

Start I2P automatically

Note: i2prouter should be started as a regular pi user. Do NOT start the router with sudo. If you use below configuration script the default user is 'i2psvc'. 

sudo dpkg-reconfigure i2p

Default answers will be fine. 

sudo service i2p start

Config folder: 

sudo nano /var/lib/i2p/i2p-config/clients.config

Access config from another machine

Add the system's IP (192.168.1.2) to allow access from other machines: 

#local run
sudo nano /home/pi/.i2p/clients.config

#service run
sudo nano +3 /var/lib/i2p/i2p-config/clients.config

Edit line to be: 

 ...
 clientApp.0.args=7657 ::1,127.0.0.1,192.168.1.2 ./webapps/
 ...

After the first time initialization the configuration is moved to directory /var/lib/i2p/i2p-config/clients.config.d/ and the file clients.config is renamed to clients.config.bak. The configuration has now multiple files that can be modified. Edit the these files (multiple) to work with 192.168.1.2: 

sudo -i
nano /var/lib/i2p/i2p-config/clients.config.d/*-clients.config

For de addressbook: 

sudo nano +11 /var/lib/i2p/i2p-config/addressbook/config.txt

Edit line to be: 

 ...
 proxy_host=192.168.1.2
 ...

Optionally add and require a username and password:

Firewall/router settings

Note: this port is a random number, keep it private, it could be used to find your real IP adres.

Network > Port 25001

Use the documentation for your router, login to your router's Administrator page 

WAN Port Forwarding
From port 25001 
To port 25001
To IP 192.168.1.2	
Protocol: TCP & UDP

My I2P settings

Disable [-] Enable [+]

Clients:

  • [+] Application tunnels
  • [-] BOB application bridge
  • [+] I2P Router Console
  • [-] I2P webserver (eepsite)
  • [-] Open Router Console in web browser at startup
  • [-] SAM application bridge

Hidden Services Manager - go into the service and configure it to start automatically or not. To change the IP address from 127.0.0.1 to 192.168.1.2:

  1. Stop the service
  2. Select the IP address
  3. Save
  4. Start the service

I2P Hidden Services:

  • [-] I2P webserver

I2P Client Tunnels:

  • [+] I2P HTTP Proxy
  • [-] I2P HTTPS Proxy
  • [-] Irc2P
  • [-] mtn.i2p-projekt.i2p
  • [-] pop3.postman.i2p
  • [-] smtp.postman.i2p

Web Apps:

  • [+] Torrents
  • [+] Hidden Services Manager
  • [-] Identification Image Generator
  • [+] I2P Router Console
  • [+] Addressbook
  • [-] Email

Bandwidth (example):

  • 800 In
  • 300 Out
  • 10% share

Other settings:

  • Changed the I2P HTTP Proxy interface from '127.0.0.1' to '192.168.1.2'. Combined with the 'http://192.168.1.2/proxy.pac' and settings in Firefox we can now access '.i2p' websites with this browser from an other machine.

I2P router Snark settings

  • Configuration
    • Data directory (example):
      • /media/data/i2psnark

You will need some storage, see below option.

Firefox browsing I2P websites

Note: I2P HTTP Proxy interface needs to changed from '127.0.0.1' to '192.168.1.2'.

A PAC file is used to redirect websites with a '.I2P' extension. You may make this file available via a webserver, for example http://192.168.1.2/proxy.pac. 

sudo nano /var/www/html/proxy.pac
	function FindProxyForURL(url, host) {
	 // i2p via proxy or DIRECT if unavailable
	 if (shExpMatch(host, "*.i2p")) {
	  return "PROXY 192.168.1.2:4444; DIRECT";
	 }
	 // All other requests DIRECT:
	 return "DIRECT";
	}

To configure your Firefox webbrowser:

  • go to > Preferences > Advanced > Network > Connection Settings
  • Check the 'Automatic proxy configuration URL':
  • Enter: http://192.168.1.2/proxy.pac

Format a DATA partition as exFAT, allowing larger than 4Gb files

Install packages: 

sudo apt install exfat-utils

List devices: 

sudo lsblk

In my case:

  • device /dev/mmcblk0
    • Partition 1 is the RPi boot partition
    • Partition 2 is the RPi root partition
    • Partition 3 will be the DATA partition - ALL DATA WILL BE ERASED

Remove mount: 

sudo umount /media/data

Edit the partition tables, accept defaults mostly - ALL DATA WILL BE ERASED: 

sudo fdisk /dev/mmcblk0
'p' - print partitions
'd' - delete partition - 3
'n' - new partition - 3
't' - change partition type - 3
	7 (HPFS/NTFS/exFAT)
'w' - write and quit

Format - ALL DATA WILL BE ERASED, mount: 

#Format
sudo mkfs.exfat  -n Data /dev/mmcblk0p3

#Mount
sudo mount /dev/mmcblk0p3 /media/data

#i2psnark data directory
mkdir /media/data/i2psnark

To mount automatically at boot it needs to be added to fstab: 

sudo nano /etc/fstab
#Device	 Mountpoint  FilesystemType  MountOptions  BackupDump(0)  FsckOrder(2)
/dev/mmcblk0p3  /media/data exfat-fuse defaults,noatime 0 2

Permissions

Permissions for i2pSnark to the data disk. Note that the exFat system itself does not support setting permissions for files and folders. This is about access to the data disk.

Here "umask" overrides default settings that do not seem to allow group members to write.

Use the Id command to find the id's: 

id

Specifically: 

id i2psvc

   uid=108(i2psvc) gid=113(i2psvc) groups=113(i2psvc)	

sudo umount /media/data
sudo nano /ets/fstab

   /dev/mmcblk0p3 /media/data  exfat  defaults,uid=108,gid=113,noatime,nofail,umask=0003  0  2

#reload fstab
sudo systemctl daemon-reload

#set immutable as a folder, so it can only be written if it is a mountpoint
sudo chattr +i /media/data

#mount, using fstab
sudo mount /media/data

#allow others to write:
sudo adduser user1 i2psvc

Troubleshooting

Network problem after reboot

After a reboot the configuration would show a network error and continue to do so until the service was restarted.

To give is some more time a delay was added in the service definition. 

sudo nano /lib/systemd/system/i2p.service

	[Service]
	...
	ExecStartPre=-/bin/sleep 20
	...

sudo systemctl daemon-reload

Upgrade: deb uses unknown compression (zst)

i2p upgrade

  ...
  dpkg-deb: error: archive '/var/cache/apt/archives/i2p-keyring_2023.10.01_all.deb' uses unknown compression for member 'control.tar.zst', giving up
  ...

Problem: compression zst is not yet supported by Debian deb. Fix: recreate deb with supported compression 

# install zst compression tool
sudo apt install zstd

#The original file:
cd
cp /var/cache/apt/archives/i2p-keyring_2023.10.01_all.deb .

# extract files 'control.tar.zst' and 'data.tar.zst' from deb:
ar x i2p-keyring_2023.10.01_all.deb

# compress and rename with 'xz'
zstd -d < control.tar.zst| xz > control.tar.xz 
zstd -d < data.tar.zst| xz > data.tar.xz 

# recreate deb
ar -m -c -a sdsd i2p-keyring_2023.10.01_all_repacked.deb debian-binary control.tar.xz data.tar.xz

# cleanup files
rm debian-binary control.tar.xz data.tar.xz control.tar.zst data.tar.zst 

# resulting files
ls
	i2p-keyring_2023.10.01_all.deb
	i2p-keyring_2023.10.01_all_repacked.deb

# install the deb and try upgrade again
sudo dpkg -i --force-overwrite i2p-keyring_2023.10.01_all_repacked.deb
sudo apt upgrade
Retrieved from "https://wjv.duckdns.org/mediawiki/index.php?title=Install_I2P_on_Raspberry_Pi&oldid=3842"