It's also slower simply because it's basically a bunch of VPNs running on consumer hardware. Actual VPN providers can provide big powerful servers. This is why I think torrenting is a great fit for the slower speeds of I2P - waiting a little longer for a download is bearable, as opposed to waiting for a webpage to load.
Nope, any browser should work. The compose file in my repo should be exposing qbittorrent on port 8080 (line 27 in the file). I would say first:
- make sure the containers are running, use
podman-compose ps
ordocker-compose ps
from the folder that contains the compose file - use
ping
to make sure you can reach the server - use
ss
ornetstat
on your server to make sure it's actually listening on the port you expect qBittorrent to be listening on (8080
unless you changed it) - view logs using
podman-compose logs
from the folder that contains the compose file - if you can see the web ui but don't know what the password is, use
podman-compose logs
and you should see the temporary password generated by qBittorrent (this is explained in the guide)
I can get 1 MB/s, but honestly 200 KB/s is fast enough for me, I just wait a few hours to torrent an entire show. In terms of content most of the show I want to watch are uploaded to Postman tracker
You could just install the i2pd windows client, and then configure it to enable "SAM". You could use the i2pd.conf
file in my repo as a reference, just make sure to use 127.0.0.1 instead of 0.0.0.0 so that only applications running on your computer would be able to access i2pd (0.0.0.0 is only needed for docker). Then you would configure your browser and qbittorrent the same way detailed in my repo, except make sure to enable "mixed" mode so that your torrents are seeding over both clearnet and I2P. Lastly, even though you'll be seeding your torrents over I2P, nobody will be able to find them unless you post them to an I2P tracker like Postman. I don't know how to submit torrents to Postman so you're on your own for that one
You're right I was thinking about it incorrectly. But I2P peers can only reach other I2P peers though right?
This was mentioned in the other thread but I should probably mention it here as well. Unlike with TOR, in I2P every user is also expected to be a router. I think this is great and helps encourage decentralization, scaling, and DDoS resistance. Techlore mentioned something similar in one of his videos (but I can't find it right now). However, this does mean that you never really know what traffic is going through your router. It's all encrypted, but some users may still have concerns with that. I wrote my own opinions on this topic in that same comment thread.
Thanks for the info, I would not claim to be an expert about I2P so some of this is definitely new to me. Though I think the situation has improved quite a bit.
Complex configuration process: It necessitates a drawn-out installation procedure and specific browser settings.
If you just want I2P without the torrenting, you can use the official I2P router, which is just an HTTP proxy that runs on your PC, just like Tor. The 3rd-party router used in my guide, i2pd, has a Flatpak as well. So as far as installing the router goes, it's a few clicks. You are correct that it does require configuring the browser though, you are correct. This is explained in my guide and also on the official website. Not as easy as clicking an "Install" button, but only takes around 5 minutes. I wish there were an official I2P browser like the Tor browser though.
Must-have logging: The I2P user interface must be logged in for users to access their material.
Not sure what you mean by this. I've never had to log into anything to set up I2P.
Severe vulnerabilities
I have no doubt. But Tor has had many vulnerabilities too. Both have gotten much better over time.
A much tiner user base than TOR: As a result, I2P has fewer network nodes and servers and is more open to intrusions.
Definitely true. In fact it makes me suspicious how fast TOR is despite how many users there are, and how the relatively high requirements to be a relay (not to mention an exit node). AFAIK TOR is heavily reliant on rich and generous patrons, which makes me wonder about the motives of these patrons. I believe I2P has the potential to be much more decentralized, since every user is expected to also be a router, and Techlore has also raised this point (though I don't have the video on me right now).
Less anonymity when browsing indexed sites: I2P does not ensure that users’ browsing of indexed sites is completely anonymous. The use of VPN services may be able to address this issue.
I didn't know this. What are indexed sites?
There's basically only one, listed towards the bottom of the guide in the repo: http://tracker2.postman.i2p/. And it's "public" but only accessible via I2P. I tried to explain everything in the repo so let me know if I missed anything!
are you seeding AI datasets?
If you're willing to take the time to learn a bit of podman/docker, you should check out my recent post on I2P torrenting. There's no problems with port forwarding on the I2P network. There are other ways to torrent over I2P without podman/docker too, you'll just have to research them yourself
I probably should have mentioned this in the post, but don't forget you can run this on desktop too! All Fedora-based distros (Kinoite, Bazzite, etc) have Podman pre-installed. You just need to install podman-compose/docker-compose. If you're on an atomic distro you'll have to layer, or use a distrobox (either install podman-compose and use host podman or just install both podman and podman-compose inside a distrobox), or convert the compose file into individual Podman commands like podman network create --internal ...
and podman run ...
, but it's definitely doable in an hour or so.

self-hosted i2p+qbittorrent beginner quickstart
cross-posted from: https://lemmings.world/post/29678617
Thought I would share my simple docker/podman setup for torrenting over I2P. It's just 2 files, a compose file and a config file, along with an in-depth explanation, available at my repo https://codeberg.org/xabadak/podman-i2p-qbittorrent. And it comes with a built-in "kill-switch" to prevent traffic leaking out to the clearnet. But for the uninitiated, some may be wondering:
What is I2P and why should I care?
For a p2p system like bittorrent, for two peers to connect to each other, at least one side needs to have their ports open. If one side uses a VPN, their provider needs to support "port forwarding" in order for them to have their ports open (assuming everything else is configured properly). If you have ever tried to download a torrent with seeders available, yet failed to connect to any of them, your ports are probably not open. And with regulators cracking down on VPNs and forcing providers like Mullvad to
It's not just the router. The officially recommended I2P torrent client, called I2PSnark, is also in Java and its a pain to get working in Docker. It's not a bad torrent client, just feels like the official I2P tools still don't have great support for modern Linux devops. Now that qBittorrent supports I2P the whole stack feels much more at home.
It's true, you never really know what will be going through your router. I guess I just got over it after a few years of struggling with VPNs and port-forwarding. Just felt like the noose was getting tighter, especially after Mullvad stopped providing the feature. My stance is that if I ever knew that such content was going through my PC I would block it, but if it's all encrypted then what can I do? Same reason why I support encrypted messaging apps - they can be used for harm but is that the fault of the tool? Though I recognize it's a complex issue.

self-hosted i2p+qbittorrent beginner quickstart
Thought I would share my simple docker/podman setup for torrenting over I2P. It's just 2 files, a compose file and a config file, along with an in-depth explanation, available at my repo https://codeberg.org/xabadak/podman-i2p-qbittorrent. And it comes with a built-in "kill-switch" to prevent traffic leaking out to the clearnet. But for the uninitiated, some may be wondering:
What is I2P and why should I care?
For a p2p system like bittorrent, for two peers to connect to each other, at least one side needs to have their ports open. If one side uses a VPN, their provider needs to support "port forwarding" in order for them to have their ports open (assuming everything else is configured properly). If you have ever tried to download a torrent with seeders available, yet failed to connect to any of them, your ports are probably not open. And with regulators cracking down on VPNs and forcing providers like Mullvad to shut down port forwarding, torrenting over the clearnet is becoming
You might be interested in my tool wg-lockdown. I mainly use it on desktops but it should work on servers as well, it's just an nftables config after all. It also shouldn't interfere with UFW though you might want to double-check with some of the networking experts here.
No worries, and thanks for providing a response nonetheless. I'll look into your suggestion when I have the time. The official Wireguard website also had some guide on network namespaces here but afaik it didn't explain how to set it up persistently
So it's really that simple...I can see why there are security issues 😅
Great write-up, I've been looking for something like this. I've heard of vopono and eznetns before but not namespaced-openvpn, and this is the first post I've seen where somebody details how they use a tool like this, so thanks! I'll have to try setting it up some time.
Yeah, you don't have to dig very deep to find out how insecure our networks are. Mac addresses can be spoofed, ports can be scanned, TCP numbers can be guessed, etc...
From a privacy standpoint I don't think it would make a big difference over not using a VPN at all. It will take a bit of time but your new IP will become associated with your identity. From the perspective of Facebook and Google, it will just look like you moved and are living inside a datacenter now.
That sounds very cool, I've been interesting in network namespaces but it's hard to find information on how to use them. How did you do it?

addressing misconceptions about the recent TunnelVision vulnerability
I've been seeing a lot of confusion around the TunnelVision vulnerability. While I'm no expert, I've done a fair share of research and I'll edit this post with corrections if needed. The goal of this post is to answer the question: does this affect me?
Two sentence summary of the vulnerability
When you use a commercial VPN like Mullvad or NordVPN, the VPN client tells your system to redirect all traffic through the VPN. This recent vulnerability shows that a malicious device on the network can trick your system into redirecting traffic to their device instead.
Claim: just don't connect to hostile networks!
This is hard in practice. For most people, the only "trusted" networks are your home network and your workplace. So you still have to worry about coffee shops, airports, hotels, restaurants, etc. And if you are using cellular data, the cellular tower can perform this attack to snoop on your traffic.
Claim: but I trust the hotel owner, restaurant owner, etc
This at

sharing my simple wireguard kill-switch for Linux
cross-posted from: https://lemmings.world/post/8926396
In light of the recent TunnelVision vulnerability I wanted to share a simple firewall that I wrote for wireguard VPNs.
https://codeberg.org/xabadak/wg-lockdown
If you use a fancy official VPN client from Mullvad, PIA, etc, you won't need this since most clients already have a kill switch built in (also called Lockdown Mode in Mullvad). This is if you use a barebones wireguard VPN like me, or if your VPN client has a poorly-designed kill switch (like NordVPN, more info here).
A firewall should mitigate the vulnerability, though it does create a side-channel that can be exploited in extremely unlikely circumstances, so a better solution would be to use network namespaces (more info here). Unfortunately I'm a noob and I couldn't find any scripts or tools to do it that way.

sharing my simple wireguard kill-switch for Linux
In light of the recent TunnelVision vulnerability I wanted to share a simple firewall that I wrote for wireguard VPNs.
https://codeberg.org/xabadak/wg-lockdown
If you use a fancy official VPN client from Mullvad, PIA, etc, you won't need this since most clients already have a kill switch built in (also called Lockdown Mode in Mullvad). This is if you use a barebones wireguard VPN like me, or if your VPN client has a poorly-designed kill switch (like NordVPN, more info here).
A firewall should mitigate the vulnerability, though it does create a side-channel that can be exploited in extremely unlikely circumstances, so a better solution would be to use network namespaces (more info here). Unfortunately I'm a noob and I couldn't find any scripts or tools to do it that way.