How to set up Azureus to work with I2P
From the I2P website (http://www.i2p2.de/):
I2P is an anonymous network, exposing a simple layer that applications can use to anonymously and securely send messages to each other. The network itself is strictly message based (ala IP), but there is a library available to allow reliable streaming communication on top of it (ala TCP). All communication is end to end encrypted (in total there are four layers of encryption used when sending a message), and even the end points ("destinations") are cryptographic identifiers (essentially a pair of public keys).
This document contains an overview of how to set up the Azureus BitTorrent client (http://azureus.sourceforge.net/) to use I2P for both Tracker and Peer-Peer data communications.
I2P is still experimental, versions prior to 1.0 should not be used where anonymity requirements are high!
 Network Diagram
Unless you are running your own tracker you can ignore the parts in yellow.
You will want to set up the red incoming peer connection server tunnel though, as without this your downloads will be slow.
 Network Integration
I2P does not have “out-proxies”. This means that it is not possible to connect anonymously to clients outside of the I2P network. Therefore, to use I2P, all participants (BT tracker and BT clients) must be explicitly using I2P.
 Software Versions
Version 5.0 (or 1.5 as it used to be called) is required.
18.104.22.168 latest beta version (B03 or higher at time of writing) or the next mainline release is required.
I2P network plugin is required, “azneti2p”, version 0.3.1 or higher. Install this using the plugin installation wizard (Tools->Plugins->Installation Wizard and select it from the list of SourceForge plugins) - see http://azureus.sourceforge.net/plugin_details.php?plugin=azneti2p for the latest details of this plugin.
0.9 or more recent
UPDATE: 0.9.4 appears to be working successfully (running as a Windows service, not tested standalone)
0.9.3 is known not to work for some reason - the I2P router doesn't handle connections from Vuze properly.
0.9 is known to work, if you can't get 0.9.4 or higher working you can download it from http://code.google.com/p/i2p/downloads/list?can=1 (release date: May 3rd 2012)
 The Most Common Scenarios
 For the really lazy user
There's no substitute for trying to understand what you're doing, but to get to the point where you can download a torrent over I2P using an I2P tracker and connections to other I2P peers do the following:
- Install Vuze and join the Beta Program to get the latest software
- Install I2P and accept the default options to run it as a service
- Install the I2P Network Plugin in Vuze (Tools->Plugins->Plugin Installation Wizard, select 'I2P Network Plugin' from sourceforge.net)
- Download and open this .vuze file in Vuze (see File->Open->Vuze File menu) to set all of the Vuze configuration required *except* the configuration of the I2P "AzureusData" tunnel (you can copy the URL link and simply paste it into Vuze's search box + hit enter to do this too)
- Create the "AzureusData" tunnel via the I2P Router Console as detailed below and then copy-paste the .i2p destination string into Tools->Options->Tracker->Client: Override IP options entry (this is set to "<create-a-server-tunnel-and-put-its-destination-address-here>.i2p" by the .vuze configuration file). If you don't do this you will likely get an error reported by the I2P tracker along the lines of "Error (Invalid I2P destination in your announce)".
- Configure the bandwidth limits for I2P via http://127.0.0.1:7657/config
- Test via this torrent if you want: http://torrent.vuze.com/i2p/torrents/Azureus22.214.171.124.jar.i2p.torrent
 For users that can be bothered to read things
You will need to perform the I2P configuration, the Azureus basic configuration and the Azureus I2P Plugin configuration.
- To use an I2P based tracker with the public internet for peer connections: you DON'T need to create any I2P tunnels, limit incoming connections (in fact if you do then things won't work!), enable the the I2P network in Azureus or setup a tracker server - you're done!
- To use an I2P based tracker with the I2P network for peer connections: you need to configure Azureus as an 'anonymous client' - this requires you to create an I2P tunnel for client data and also configure Azureus to send the I2P destination (i.e. tunnel address) as an 'IP Override' when announcing to the tracker.
 I2P General
Download and install I2P from http://www.i2p2.de/. Get it working first – start the router, start the router console web page and make sure you have peer connections, For this you will need to enable the incoming port - I2P will attempt to do this automatically for you. You can also configure the Azureus plugin to do this as well, using its UPnP features - it might be worth trying if I2P fails to map the port correctly for you. If you are going to use this approach, you will need to run Azureus with the plugin configured before I2P will fully work. More recent versions of I2P dynamically select a router port (prior to this it always defaulted to port 8887) - you can see which port this is by clicking on the "I2P Services" button on the router page and then selecting the 'Network' tab on the 'I2P Router Configuration' page - it is listed under 'UDP Configuration'
When the router is running you can connect to see the status and config I2P via http://127.0.0.1:7657/
The most important thing is the 'router console' - http://127.0.0.1:7657/console
Here is a picture of the things of most importance on this page:
The top area marked shows the network status - if you have correctly mapped I2P's UDP port this will show a better message!
The bottom area shows the local destinations that you have configured - this image shows one called 'AzureusData' which has been setup to receive incoming peer connections.
For I2P to work well a UDP port needs to be open if firewalls/routers are in use. As indicated above, I2P will select a random port to use for this and you can find the port in the router's configuration page. With luck I2P will handle any port mappings required, but if not you can configure the Azureus I2P plugin to attempt this process for you.
The plugin attempts to handle lack of/loss of connection to the router gracefully, (re)-connecting as required, so it is possible to start Azureus first, then start I2P.
You will probably want to increase the bandwidth allocated to I2P to get decent download speeds. Select the 'Bandwidth In/Out' entry on the left and configure are required (note that values are shown in kilobytes/sec)
 I2P Destinations
I2P endpoints, or Destinations, can be represented by base-64 encoded values, and as such are rather long strings (around 400 characters). This is the representation used by Azureus when it needs to connect to such a destination. They are treated as unresolvable DNS names and have the suffix “.i2p” added to distinguish them from other such names (e.g. Tor onion router names end in “.onion” ).
Thus they will look something like
The entry point into the I2P network is via the I2P “router” – to use the network the router must be running. When I2P is installed a shortcut is created to start the service.
For outgoing connections (those originated by Azureus into the I2P network) Azureus talks to the router directly (well, via a SOCKS proxy).
For incoming connections (those originated elsewhere in the I2P network and targeted at Azureus) the I2PTunnel is used. This allows I2P destinations to be associated with an existing TCP port on the host. One such a tunnel is required to support running a tracker, another to support inward connection of peer-peer data connections.
Tunnels are created by clicking on the 'Local Destinations' entry in the Router Console's bottom left (see above). This opens the 'I2P Tunnel Manager' page that has the following on it:
This already has an example tunnel called 'AzureusData' defined on it (ringed) - the other red ring shows what to do to create a new tunnel: leave the tunnel type as 'standard' and hit the 'create' button.
Enter details similar to the following (example for a peer-data tunnel)
- Name: AzureusData
- Description: Azureus Peer Data Tunnel
- Auto Start: selected - (i.e YES)
Host: 127.0.0.1 Port: <your Azureus port configured under Tools->Connection>
- Private key File: AzureusData-privKeys.dat
Leave all the advanced settings as they are (unless you know what you're doing!)
Hit the 'Save' button at the bottom
Now you need to get access to the tunnel's destination address - DON'T be tempted to copy the short base32 address that is listed on the I2P Tunnel Manager page - from that page click on the tunnel name (AzureusData in our example above) to get to the tunnel details and then copy the large string of characters that is present in the field labelled "local destination" (under the 'private key file' field where you entered 'AzureusData-privKeys.dat' when creating the tunnel)
When creating multiple tunnels, make sure the “private key file” is unique for each – ie. don'’'t accept the default value of “myServer.privKey”
See I2P documentation for details of the remaining fields.
Note that on starting I2P it can take quite a while for the services to become available, be patient!
It is essential that you never publicly associate your real identity with an I2P destination as this compromises anonymity. Therefore never directly publish these, use an approach such as that advocated in the I2P documentation, e.g. use an anonymous forum to publish your tracker details.
 Azureus General
 Plugin Config
The plugin needs configuring: tools->options->plugins->”I2P Network Plugin”.
Setup the I2P install location and select an unused port number to use for the plugin’s SOCKS based integration. For example, 15834.
 Azureus Config
 Enable the I2P Network
Go to Tools->Options->Connections - there is a 'Networks' configuration section towards the bottom.
If you want to enable I2P based peer-peer connections in general, select the 'I2P Network' option.
If you only want I2P connections then deselect the 'Public Network'. Note that you won't want to do this if you are using an I2P tracker that is tracking normal IP addresses.
Note also that you can enable and disable networks on a per-torrent basis if desired, by right-clicking on the torrent and using the Advanced menu.
 Configure the proxies
Configure the Connection proxies: Tools->Options->Connection->Proxy Options
Enable the proxing of tracker communications:
Select “enable proxying of tracker communications”
Select “I have a SOCKS proxy”
Set the Host to 127.0.0.1
Set the Port to 15834 (using the above example)
Leave username/password blank
Enable the data proxy:
Select “enable proxying of peer communications”
Deselect the 'inform tracker of limitation' option
Select “V4a” for the SOCKS version
 If you only want traffic to flow over I2P
 Limit incoming connections
To achieve anonymity it is necessary to ensure that the fact that you are running an anonymous tracker and/or downloading data anonymously can not be detected. In particular this means that either a firewall needs to be configured to prevent direct connection to either the tracker and/or incoming data ports (TCP 6969 and TCP 6881 by default) or Azureus must be configured to only accept internal connections for these ports (or preferably both strategies should be employed).
Bind to the loopback address 127.0.0.1 to only permit host-internal connections.
In the Connection settings set:
“Bind to local IP address” to 127.0.0.1
Note that this assumes that the I2P router is co-located on the same machine. If this is not the case then this approach can’t be used (as it will deny the connections from the router). In this case define an IPFilter to only permit connections from the required host. Go to the “IP Filter” configuration and set:
Select “ALLOW these ranges”
Use the add button to add the permitted IP address ranges
 Disable Unwanted Components
By default Azureus will automatically check for core and plugin updates. This can be disabled in the Azureus configuration via:
Interface->Start: Check for latest version when azureus starts + periodically (2 options)
Plugins->Plugin Update: Enable plugin update checking
By default Universal Plug and Play (UPnP) is enabled. This can be disabled via:
Plugins->UPnP: Enable UPnP
 Anonymous Client
Set up I2P and Azureus and the plugin as in general sections above. Then perform the following:
An I2P tunnel needs to be created as detailed above to support incoming peer data connections. Recommended field values are:
Description: Azureus Peer Data Tunnel
Start Automatically: <select this>
Target Host: <localhost>
Target Port: <Your Azureus TCP Port - See Tools->Options->Connection>
Wait until the tunnel is ready and then copy its “Full Destination” from the tunnel page – let's call this “AzureusData-dest” for reference later (for example, dsRHGGG53Ddhfx…)
If a port other than 6881 was selected above when configuring the I2P tunnel, set the Connection “Incoming TCP Listen Port” to this value.
Lastly it is necessary to configure the tracker client to tell the tracker about the I2P destination to be used for inward connections. Set the “override tracker announce ip” to “AzureusData-dest” (you copied this value earlier) plus a suffix of “.i2p” (using the example above this would be dsRHGGG53Ddhfx….i2p)
Note that when a torrent with an I2P tracker URL is opened you will be prompted for the networks to use. Select I2P only unless it is a I2P tracker that supports public clients (below). Note that in the tracker client configuration the default response to this dialog can be configured.
 Anonymous Tracker Server
Set up I2P and Azureus and the plugin as in general sections above. Then perform the following:
An I2P tunnel needs to be created as detailed above to support incoming connections to the tracker. Recommended field values are:
Description: BT Tracker
Start Automatically: <select this>
Target Host: <localhost>
Target Port: <6969>
Hit the “save” button, then the “back” link to get back to the I2P Tunnel Status page.
Wait (refresh the page) until the tunnel is ready and then copy its “Full Destination” from the tunnel page – call this “BTTracker-dest” for reference later (for example, rmU5ZwXbxRNL4ce0HZyx…)
Enable the HTTP tracker and enter the “BTTracker-dest” along with an “.i2p” suffix (using the example, rmU5ZwXbxRNL4ce0HZyx….i2p ) as the “tracker external IP address” under the tracker server configuration. If a port other than 6969 has been selected as the local port for the tracker then this also needs to be configured.
Configure the tracker server not to support the compact protocol.
Configure the networks available to only by I2P.
 Torrent Creation
Given the tracker address configured above, the “create torrent” wizard will by default have the correct announce URL for the tracker (in the above example http://rmU5ZwXbxRNL4ce0HZyx….i2p:6969/announce).
 Setting up a browser to view the tracker web pages
See the I2P documentation on this subject regarding the “eepProxy”
 Running Azureus as Tracker and Client concurrently
Azureus supports running as both tracker and client at the same time, indeed the “sharing” functionality is designed specifically for this, and allows a resource to be published on the tracker and seeded at the same time with a single operation.
Running this process anonymously simply requires Azureus and the I2P plugin to be configured to be both an anonymous tracker and an anonymous client as above.
 Anonymous Tracker, public clients.
It is possible to run an anonymous tracker but have peer-peer data transferred as normal (i.e. not via I2P). To achieve this configure the tracker as above but also enable the “Public” network in the tracker server configuration.
When configuring the client only perform the general I2P, Azureus and plugin configuration, don’t follow the anonymous client directions (i.e. don’t establish the tunnel for peer data and don’t set the “override tracker announce ip”). When a torrent is opened select the “Public” network.
All clients must still have I2P installed in order to communicate with the tracker!
 Trouble shooting
Make sure I2P is working – check the router page and follow instructions regarding “reseeding” if tunnel connections are not present. Check the port mapping for 8887.
If I2P is working ok then double-check the Azureus setup. In particular ensure that the base-64 destinations have been copied correctly AND had an “.i2p” appended to them.
If the tracker connection is working but there are problems with peer-peer connections, check the SOCKS set up. In particular ensure that the version is 4a, NOT 4 (which is the default).
It the tracker status says 'i2p network is not enabled' then this means the torrent has an I2P tracker but you haven't enabled the I2P network in Azureus - either do it globally (via Tools->Options->Connections) or on a per-torrent basis via right-click and the Advanced menu.
 Tracker reports “Error (key missing)”
Check that you have correctly copied the tunnel destination (and appended “.i2p” to it) into the “override tracker announce IP” field.
There is an I2P BitTorrent tracker for Vuze updates here: http://xdwlfjmvtw7awr6n5y3cxx64abid23pibyol3kd5hrjia64vpfba.b32.i2p/
Note that this is an I2P address so you need to browse to it using a browser configured to access I2P!