π― Goal
Learn how to route traffic anonymously using the Invisible Internet Project (I2P) and understand the privacy-enhancing concept of Garlic Routing, which extends and improves upon Tor’s Onion Routing.
We’ll install I2P, configure tunnels, and test services over the anonymous overlay network.
π§ 1. What is I2P?
I2P (Invisible Internet Project) is a decentralized, peer-to-peer privacy network built to anonymize:
- Web browsing
- Messaging
- File sharing
- Application communication
Unlike Tor, I2P uses Garlic Routingβbundling multiple messages together, increasing resistance to traffic analysis.
π§ 2. Garlic Routing vs Onion Routing
| Feature | Onion Routing (Tor) | Garlic Routing (I2P) |
|---|---|---|
| Message Unit | Single message (onion) | Bundled messages (garlic) |
| Network Entry | Directory authority | Fully distributed (DHT) |
| Primary Use | Exit to clearnet | Hidden internal services |
| Use Cases | Clearnet + .onion | Internal .i2p + anonymized |
| Routing Structure | Circuit-based | Unidirectional tunnels |
Garlic routing enhances privacy by making message patterns harder to analyze.
π 3. Install I2P
π§ On Linux (Debian/Ubuntu)
sudo apt install i2p
Or install via Java JAR (portable):
wget https://geti2p.net/_static/i2pinstall_1.9.0.jar
java -jar i2pinstall_1.9.0.jar
Start I2P Router:
i2prouter start
Access local router console:
http://127.0.0.1:7657
π 4. Use the I2P Proxy
Configure your browser to route traffic through the I2P HTTP proxy:
- HTTP Proxy:
127.0.0.1:4444 - SOCKS Proxy:
127.0.0.1:4447
Now access .i2p sites:
http://forum.i2p
http://stats.i2p
http://identiguy.i2p
π‘ 5. Create an I2P Hidden Service
Host a service that only exists within the I2P network.
Set up a web server (e.g., Caddy):
sudo apt install caddy
sudo systemctl start caddy
Create a local page at /var/www/html/index.html.
Add a server tunnel in I2P Console:
- Go to
http://127.0.0.1:7657/i2ptunnel/ - Click βNew Hidden Service Tunnelβ
- Configure:
- Name:
cypherpunk-service - Target host:
127.0.0.1 - Target port:
80
- Name:
- Start the tunnel
Your .i2p address will be auto-generated, e.g.,:
cypherpunkzvksjwehqwe.i2p
Youβve just deployed a dark web service inside I2P!
π§ͺ 6. CLI I2P Tools
i2ptunnel β Manual tunnel creation
i2ptunnel manual
Useful for scripting and advanced routing.
i2p-keygen β Generate crypto keys
i2p-keygen --dest new.keys
Use for custom services and manual tunnel definitions.
π§ͺ 7. Optional: I2P + CLI Apps
Connect IRC over I2P:
Use HexChat or irssi with:
- Server:
irc.postman.i2p - Port:
6668
Set proxy: SOCKS5 at 127.0.0.1:4447
CLI File Sharing with I2P-Snark:
Access the I2P BitTorrent-like client at:
http://127.0.0.1:7657/i2psnark/
Drop in .torrent files to share anonymously.
π 8. Journal & Git Commit
βοΈ Reflect on Garlic Routing
echo "Bonus 6: Explored I2P and garlic routing. Installed I2P router, configured browser, created an internal I2P website, and understood the differences from Tor. Built a dark web service that is only accessible within the I2P network." >> notes/bonus6_i2p_garlic.md
π¦ Git Commit
git add .
git commit -S -m "Bonus 6 β I2P and Garlic Routing: Private Anonymous Services"
β Bonus 6 Checklist
- Installed I2P router and console
- Accessed
.i2pdomains via proxy - Hosted an I2P-only hidden service
- Used garlic routing for anonymous traffic
- Explored I2P CLI tools
- Journaled and committed the lesson
π§ Up Next Bonus Options
- Bonus 7: Post-Quantum Cryptography (Kyber, Dilithium, OpenSSH PQ)
- Bonus 8: Running a Private Relay Node (Tor Bridge, Mixnet, Nym)
- Bonus 9: Advanced P2P Mesh (Cjdns, Yggdrasil)
π Notes
- I2P uses unidirectional tunnels (separate paths for send/receive), making timing attacks more difficult
- Garlic routing makes message flows indistinguishable from one another
- I2P emphasizes internal services rather than exit traffic