What is a outproxy?

A outproxy would be the same as a Tor exit node for http(s). It's a way to allow your tunnel clients to exit via your router to the "clearnet".

Background History

As you might not know, I2P was designed to be an internal network, which where outproxies weren't used since all traffic where expected to remain inside the I2P network. Compared to Tor, I2P focused on internal hidden services rather than exits. For a long time it only existed 1-2 outproxies which comes with the default I2P config on new installations. It's first now in recent time that I2P has gotten more focus on outproxies and their service.

The two recent outproxies (or one, they both exit to the same backend service) is false.i2p and outproxy-tor.meeh.i2p which has been ran since ~2012-2013ish.

For potential outproxy providers

How much traffic can I expect?

How much can you handle? :) It's rate limit configuration in the hidden service manager where you can limit the amount of requests from clients on your outproxy tunnel, the section is named "Server Throttling". Use that to limit the traffic to a outproxy.

I2P_Router_Console_-Hidden_Services_Manager-_Server_Throttling

What kind of traffic can I expect?

Nothing special that we haven't seen from before. If you ever ran a Tor outproxy it's about the same just less scriptkiddies and shit.

Some common domains that are requested at a daily basis;

bing.com
digicert.com
facebook.com
gmail.com
gstatic.com
hotmail.com
instagram.com
mail.ru
microsoft.com
netflix.com
play.google.com
pornhub.com
startpage.com
steampowered.com
vimeo.com
yahoo.com
youtube.com

TL;DR - Howto setup an outproxy

  1. Create a server tunnel on your I2P outproxy router
  2. Setup privoxy/squid or another http proxy software of your choise
  3. Point the server tunnel to your http proxy port
  4. Increase the tunnel count, in my setup I have 16 and 3 backup tunnels

I2P_Router_Console_-_Hidden_Services_Manager

The i2ptunnel.config should then look something similar to this;

tunnel.10.description=false.i2p outproxy
tunnel.10.name=false.i2p
tunnel.10.option.enableUniqueLocal=true
tunnel.10.option.i2cp.destination.sigType=EdDSA_SHA512_Ed25519
tunnel.10.option.i2cp.enableAccessList=false
tunnel.10.option.i2cp.enableBlackList=false
tunnel.10.option.i2cp.encryptLeaseSet=false
tunnel.10.option.i2cp.reduceIdleTime=1200000
tunnel.10.option.i2cp.reduceOnIdle=false
tunnel.10.option.i2cp.reduceQuantity=1
tunnel.10.option.i2p.streaming.connectDelay=0
tunnel.10.option.i2p.streaming.limitsManuallySet=true
tunnel.10.option.i2p.streaming.maxConcurrentStreams=0
tunnel.10.option.i2p.streaming.maxConnsPerDay=0
tunnel.10.option.i2p.streaming.maxConnsPerHour=0
tunnel.10.option.i2p.streaming.maxConnsPerMinute=128
tunnel.10.option.i2p.streaming.maxTotalConnsPerDay=0
tunnel.10.option.i2p.streaming.maxTotalConnsPerHour=0
tunnel.10.option.i2p.streaming.maxTotalConnsPerMinute=0
tunnel.10.option.inbound.backupQuantity=3
tunnel.10.option.inbound.length=1
tunnel.10.option.inbound.lengthVariance=0
tunnel.10.option.inbound.nickname=false.i2p
tunnel.10.option.inbound.quantity=16
tunnel.10.option.outbound.backupQuantity=3
tunnel.10.option.outbound.length=1
tunnel.10.option.outbound.lengthVariance=0
tunnel.10.option.outbound.nickname=false.i2p
tunnel.10.option.outbound.quantity=16
tunnel.10.option.rejectInproxy=false
tunnel.10.option.rejectReferer=false
tunnel.10.option.rejectUserAgents=false
tunnel.10.option.shouldBundleReplyInfo=true
tunnel.10.option.useSSL=false
tunnel.10.privKeyFile=i2ptunnel-false.i2p.priv.dat
tunnel.10.startOnLoad=true
tunnel.10.targetHost=127.0.0.1
tunnel.10.targetPort=3128
tunnel.10.type=server

Router tweaking

If you want to run a high-traffic outproxy you should also tweak your router.config. You can either edit the file on disk while the router is stopped, or via the advanced config page in the webconsole.

i2np.ntcp.maxConnections=4096
i2np.udp.maxConnections=4096
router.maxParticipatingTunnels=512

Note that the maxParticipatingTunnels is set to a lower number for a reason, and it's simple - if you want to have high-traffic on your outproxy - let the router focus on the service rather than forwarding other router traffic which isn't relevant for your outproxy service.

Outproxy service announcement

Currently it's no automatic way for I2P routers to discover new outproxies, so after you have setup your I2P outproxy service you would need to announce the service, for example at the I2P forum, the IRC network, Reddit, etc.

How do I setup my router to use a outproxy?

Outproxies can be configured under your HTTP Proxy tunnel in the Hidden Service Manager webui. Look at the image bellow. - Note that instead of only listing one outproxy like mine setup, you can have a comma separated list to use multiple outproxies for your router.
I2P_Router_Console_-Hidden_Services_Manager-_Client2

Mikal Villa

http://meeh.i2p @ I2P.

Oslo, Norway https://mikalv.net

Comments