1 How to set up Azureus to work with
I2P
6.2.2.1 Limit incoming connections
6.2.2.3 Disable Unwanted Components
6.3.4 Setting up a browser to view the
tracker web pages
6.5 Running Azureus as Tracker and
Client concurrently
6.6 Anonymous Tracker, public clients.
From the I2P website (http://www.i2p.net/):
I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (ala IP), but there is a library available to allow reliable streaming communication on top of it (ala TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys).
This document contains an overview of how to set up the Azureus BitTorrent client (http://azureus.sourceforge.net/) to use I2P for both Tracker and Peer-Peer data communications.
I2P is still experimental, versions prior to 1.0 should not be used where anonymity requirements are high!
I2P does not have “out-proxies”. This means that it is not possible to connect anonymously to clients outside of the I2P network. Therefore, to use I2P, all participants (BT tracker and BT clients) must be explicitly using I2P.
Version 5.0 (or 1.5 as it used to be called) is required.
2.2.0.3 latest beta version (B12 or higher at time of writing) or the next mainline release is required.
I2P network plugin is required, “azneti2p”, version 0.2 or higher.
0.4.2.6 or more recent
Download and install I2P from http://www.i2p.net/. Get it working first – start the router, start the router console web page and make sure you have peer connections, For this you will need to enable the incoming port (below). The Azureus plugin will attempt to map this using the Universal Plug and Play protocol (UPnP), so if you are going to use this approach, you will need to run Azureus with the plugin installed before I2P will work.
For I2P to work port 8887 needs to be open if firewalls/routers are in use. The I2P network plugin will try and map this via UPnP if enabled. As mentioned above, there is an issue regarding the initialisation order of I2P and Azureus here, so it is better to manually configure the port if possible.
The plugin attempts to handle lack of/loss of connection to the router gracefully, (re)-connecting as required, so it is possible to start Azureus first, then start I2P.
I2P endpoints, or Destinations, can be represented by base-64 encoded values, and as such are rather long strings (around 400 characters). This is the representation used by Azureus when it needs to connect to such a destination. They are treated as unresolvable DNS names and have the suffix “.i2p” added to distinguish them from other such names (e.g. Tor onion router names end in “.onion” ).
Thus they will look something like
“rmU5ZwXbxRNL4ce0HZyx…..i2p”
The entry point into the I2P network is via the I2P “router” – to use the network the router must be running. When I2P is installed a shortcut is created to start the service.
For outgoing connections (those originated by Azureus into the I2P network) Azureus talks to the router directly (well, via a SOCKS proxy).
For incoming connections (those originated elsewhere in the I2P network and targeted at Azureus) the I2PTunnel is used. This allows I2P destinations to be associated with an existing TCP port on the host. One such a tunnel is required to support running a tracker, another to support inward connection of peer-peer data connections.
Tunnels are established by running the “I2P Router Console” (start menu option on Windows), selecting the “I2P Tunnel” link at the top right of the page, then selecting the “add new <server tunnel>” (make sure that “server tunnel” is selected as the type) at the bottom of the page. This page also gives access to the base-64 encoded destinations – these are needed for setting up Azureus.
When creating the tunnel the following fields are of primary importance:
Name: <unique name, e.g. BTTracker>
Description: <something meaningful>
Start Automatically: <select this>
Target Host: <leave as ‘localhost’ as Azureus is running on same machine>
PrivateKeyFile: <must be unique, e.g. BTTracker.privKey>
When creating multiple tunnels, make sure the “private key file” is unique for each – ie. don’t accept the default value of “myServer.privKey”
See I2P documentation for details of the remaining fields.
Note that on starting I2P it can take quite a while for the services to become available, be patient!
It is essential that you never publicly associate your real identity with an I2P destination as this compromises anonymity. Therefore never directly publish these, use an approach such as that advocated in the I2P documentation, e.g. use an anonymous forum to publish your tracker details.
The plugin needs configuring: tools->options->plugins->”I2P Network Plugin”.
Setup the I2P install location and select an unused port number to use for the plugin’s SOCKS based integration. For example, 15834.
To achieve anonymity it is necessary to ensure that the fact that you are running an anonymous tracker and/or downloading data anonymously can not be detected. In particular this means that either a firewall needs to be configured to prevent direct connection to either the tracker and/or incoming data ports (TCP 6969 and TCP 6881 by default) or Azureus must be configured to only accept internal connections for these ports (or preferably both strategies should be employed).
Bind to the loopback address 127.0.0.1 to only permit host-internal connections.
In the Connection settings set:
“Bind to local IP address” to 127.0.0.1
Note that this assumes that the I2P router is co-located on the same machine. If this is not the case then this approach can’t be used (as it will deny the connections from the router). In this case define an IPFilter to only permit connections from the required host. Go to the “IP Filter” configuration and set:
Select “enable”
Select “ALLOW these ranges”
Use the add button to add the permitted IP address ranges
Configure the Connection proxies: tools->options->connection.
Enable the proxing of tracker communications:
Select “enable proxying of tracker communications”
Select “I have a SOCKS proxy”
Set the Host to 127.0.0.1
Set the Port to 15834 (using the above example)
Leave username/password blank
Enable the data proxy:
Select “enable proxying of peer communications”
Select “V4a” for the SOCKS version
By default Azureus will automatically check for core and plugin updates by connecting to the SourceForge web site (http://azureus.sourceforge.net/) and the Aelitis web site (http://aelitis.com/). These can be disabled in the Azureus configuration via:
Interface->Start: Check for latest version when azureus starts + periodically (2 options)
Plugins->Plugin Update: Enable plugin update checking
By default Universal Plug and Play (UPnP) is enabled. This can be disabled via:
Plugins->UPnP: Enable UPnP
Set up I2P and Azureus and the plugin as in general sections above. Then perform the following:
An I2P tunnel needs to be created as detailed above to support incoming connections to the tracker. Recommended field values are:
Name: BTTracker
Description: BT Tracker
Start Automatically: <select this>
Target Host: <localhost>
PrivateKeyFile: <BTTracker.privKey>
Hit the “save” button, then the “back” link to get back to the I2P Tunnel Status page.
Wait (refresh the page) until the tunnel is ready and then copy its “Full Destination” from the tunnel page – call this “BTTracker-dest” for reference later (for example, rmU5ZwXbxRNL4ce0HZyx…)
Enable the HTTP tracker and enter the “BTTracker-dest” along with an “.i2p” suffix (using the example, rmU5ZwXbxRNL4ce0HZyx….i2p ) as the “tracker external IP address” under the tracker server configuration. If a port other than 6969 has been selected as the local port for the tracker then this also needs to be configured.
Configure the tracker server not to support the compact protocol.
Configure the networks available to only by I2P.
Given the tracker address configured above, the “create torrent” wizard will by default have the correct announce URL for the tracker (in the above example http://rmU5ZwXbxRNL4ce0HZyx….i2p:6969/announce).
See the I2P documentation on this subject regarding the “eepProxy”
Set up I2P and Azureus and the plugin as in general sections above. Then perform the following:
An I2P tunnel needs to be created as detailed above to support incoming peer data connections. Recommended field values are:
Name: BTData
Description: BT Data
Start Automatically: <select this>
Target Host: <localhost>
PrivateKeyFile: <BTData.privKey>
Wait until the tunnel is ready and then copy its “Full Destination” from the tunnel page – call this “BTData-dest” for reference later (for example, dsRHGGG53Ddhfx…)
If a port other than 6881 was selected above when
configuring the I2P tunnel, set the Connection “
Lastly it is necessary to configure the tracker client
to tell the tracker about the I2P destination to be used for inward
connections. Set the “override tracker announce ip”
to “BTData-dest” plus a suffix of “.i2p” (using the
example above this would be dsRHGGG53Ddhfx….i2p)
Note that when a torrent with an I2P tracker URL is opened you will be prompted for the networks to use. Select I2P only unless it is a I2P tracker that supports public clients (below). Note that in the tracker client configuration the default response to this dialog can be configured.
Azureus supports running as both tracker and client at the same time, indeed the “sharing” functionality is designed specifically for this, and allows a resource to be published on the tracker and seeded at the same time with a single operation.
Running this process anonymously simply requires Azureus and the I2P plugin to be configured to be both an anonymous tracker and an anonymous client as above.
It is possible to run an anonymous tracker but have peer-peer data transferred as normal (i.e. not via I2P). To achieve this configure the tracker as above but also enable the “Public” network in the tracker server configuration.
When configuring the client only perform the general I2P, Azureus and plugin configuration, don’t follow the anonymous client directions (i.e. don’t establish the tunnel for peer data and don’t set the “override tracker announce ip”). When a torrent is opened select the “Public” network.
All clients must still have I2P installed in order to communicate with the tracker!
Make sure I2P is working – check the router page and follow instructions regarding “reseeding” if tunnel connections are not present. Check the port mapping for 8887.
If I2P is working ok then double-check the Azureus setup. In particular ensure that the base-64 destinations have been copied correctly AND had an “.i2p” appended to them.
If the tracker connection is working but there are problems with peer-peer connections, check the SOCKS set up. In particular ensure that the version is 4a, NOT 4 (which is the default).
Check that you have correctly copied the tunnel destination (and appended “.i2p” to it) into the “override tracker announce IP” field.