It’s also slower simply because it’s basically a bunch of VPNs running on consumer hardware. Actual VPN providers can provide big powerful servers. This is why I think torrenting is a great fit for the slower speeds of I2P - waiting a little longer for a download is bearable, as opposed to waiting for a webpage to load.

Nope, any browser should work. The compose file in my repo should be exposing qbittorrent on port 8080 (line 27 in the file). I would say first:

1. make sure the containers are running, use podman-compose ps or docker-compose ps from the folder that contains the compose file
2. use ping to make sure you can reach the server
3. use ss or netstat on your server to make sure it’s actually listening on the port you expect qBittorrent to be listening on (8080 unless you changed it)
4. view logs using podman-compose logs from the folder that contains the compose file
5. if you can see the web ui but don’t know what the password is, use podman-compose logs and you should see the temporary password generated by qBittorrent (this is explained in the guide)

I can get 1 MB/s, but honestly 200 KB/s is fast enough for me, I just wait a few hours to torrent an entire show. In terms of content most of the show I want to watch are uploaded to Postman tracker

You could just install the i2pd windows client, and then configure it to enable “SAM”. You could use the i2pd.conf file in my repo as a reference, just make sure to use 127.0.0.1 instead of 0.0.0.0 so that only applications running on your computer would be able to access i2pd (0.0.0.0 is only needed for docker). Then you would configure your browser and qbittorrent the same way detailed in my repo, except make sure to enable “mixed” mode so that your torrents are seeding over both clearnet and I2P. Lastly, even though you’ll be seeding your torrents over I2P, nobody will be able to find them unless you post them to an I2P tracker like Postman. I don’t know how to submit torrents to Postman so you’re on your own for that one

You’re right I was thinking about it incorrectly. But I2P peers can only reach other I2P peers though right?

This was mentioned in the other thread but I should probably mention it here as well. Unlike with TOR, in I2P every user is also expected to be a router. I think this is great and helps encourage decentralization, scaling, and DDoS resistance. Techlore mentioned something similar in one of his videos (but I can’t find it right now). However, this does mean that you never really know what traffic is going through your router. It’s all encrypted, but some users may still have concerns with that. I wrote my own opinions on this topic in that same comment thread.

Thanks for the info, I would not claim to be an expert about I2P so some of this is definitely new to me. Though I think the situation has improved quite a bit.

Complex configuration process: It necessitates a drawn-out installation procedure and specific browser settings.

If you just want I2P without the torrenting, you can use the official I2P router, which is just an HTTP proxy that runs on your PC, just like Tor. The 3rd-party router used in my guide, i2pd, has a Flatpak as well. So as far as installing the router goes, it’s a few clicks. You are correct that it does require configuring the browser though, you are correct. This is explained in my guide and also on the official website. Not as easy as clicking an “Install” button, but only takes around 5 minutes. I wish there were an official I2P browser like the Tor browser though.

Must-have logging: The I2P user interface must be logged in for users to access their material.

Not sure what you mean by this. I’ve never had to log into anything to set up I2P.

Severe vulnerabilities

I have no doubt. But Tor has had many vulnerabilities too. Both have gotten much better over time.

A much tiner user base than TOR: As a result, I2P has fewer network nodes and servers and is more open to intrusions.

Definitely true. In fact it makes me suspicious how fast TOR is despite how many users there are, and how the relatively high requirements to be a relay (not to mention an exit node). AFAIK TOR is heavily reliant on rich and generous patrons, which makes me wonder about the motives of these patrons. I believe I2P has the potential to be much more decentralized, since every user is expected to also be a router, and Techlore has also raised this point (though I don’t have the video on me right now).

Less anonymity when browsing indexed sites: I2P does not ensure that users’ browsing of indexed sites is completely anonymous. The use of VPN services may be able to address this issue.

I didn’t know this. What are indexed sites?

There’s basically only one, listed towards the bottom of the guide in the repo: http://tracker2.postman.i2p/. And it’s “public” but only accessible via I2P. I tried to explain everything in the repo so let me know if I missed anything!

are you seeding AI datasets?

If you’re willing to take the time to learn a bit of podman/docker, you should check out my recent post on I2P torrenting. There’s no problems with port forwarding on the I2P network. There are other ways to torrent over I2P without podman/docker too, you’ll just have to research them yourself

I probably should have mentioned this in the post, but don’t forget you can run this on desktop too! All Fedora-based distros (Kinoite, Bazzite, etc) have Podman pre-installed. You just need to install podman-compose/docker-compose. If you’re on an atomic distro you’ll have to layer, or use a distrobox (either install podman-compose and use host podman or just install both podman and podman-compose inside a distrobox), or convert the compose file into individual Podman commands like podman network create --internal ... and podman run ..., but it’s definitely doable in an hour or so.

It’s not just the router. The officially recommended I2P torrent client, called I2PSnark, is also in Java and its a pain to get working in Docker. It’s not a bad torrent client, just feels like the official I2P tools still don’t have great support for modern Linux devops. Now that qBittorrent supports I2P the whole stack feels much more at home.

It’s true, you never really know what will be going through your router. I guess I just got over it after a few years of struggling with VPNs and port-forwarding. Just felt like the noose was getting tighter, especially after Mullvad stopped providing the feature. My stance is that if I ever knew that such content was going through my PC I would block it, but if it’s all encrypted then what can I do? Same reason why I support encrypted messaging apps - they can be used for harm but is that the fault of the tool? Though I recognize it’s a complex issue.

You might be interested in my tool wg-lockdown. I mainly use it on desktops but it should work on servers as well, it’s just an nftables config after all. It also shouldn’t interfere with UFW though you might want to double-check with some of the networking experts here.

I see what you mean now. I wouldn’t advocate for people to disable DHCP features either. It should be the VPN provider’s responsibility to provide a proper VPN client that mitigates attacks like these.

why is a split tunnel relevant? I thought all VPNs are vulnerable unless they use a firewall like I do, or network namespaces.

At least the way I understand it, a normal VPN redirects your internet traffic to instead go through a virtual network interface, which then encrypts and sends your traffic through the VPN. This attack uses a malicious DHCP server to inject routes into your system, redirecting traffic to the attacker instead of towards the virtual network interface.

how would you not use DHCP when connecting to coffee shop wifi?

Using untrusted networks is quite common, like coffee shop wifi or airport wifi.

what features are you talking about?

Actually my firewall is persistent, just like many of the other good VPN clients, so “kill switch” is a bit of a misnomer. Which is why I called it wg-lockdown, named after Mullvad’s lockdown mode. Persistent firewalls are effective, they just add a very tiny side-channel, as discussed in the link in my post. I just used the terms “kill switch” in my post because that’s what many other people use.

Though the point about the LAN is a good point, I didn’t consider that. I added LAN access because without it, the firewall was interfering with the networking of my docker container and virtual machines, which use local subnets. Even the official Mullvad client has issues with this. What do you recommend in this case? Manually whitelist the local subnets used by docker and my other virtual networks?

Edit: actually upon reading Mullvad’s statement on TunnelVision, I realized that my firewall is still effective because it only allows traffic directed to LAN IP’s to bypass the VPN. So regular internet traffic will be blocked if the attacker tries to redirect it to the LAN. I’m glad I used Mullvad as a reference implementation 😅