It's also slower simply because it's basically a bunch of VPNs running on consumer hardware. Actual VPN providers can provide big powerful servers. This is why I think torrenting is a great fit for the slower speeds of I2P - waiting a little longer for a download is bearable, as opposed to waiting for a webpage to load.
Nope, any browser should work. The compose file in my repo should be exposing qbittorrent on port 8080 (line 27 in the file). I would say first:
make sure the containers are running, use podman-compose ps or docker-compose ps from the folder that contains the compose file
use ping to make sure you can reach the server
use ss or netstat on your server to make sure it's actually listening on the port you expect qBittorrent to be listening on (8080 unless you changed it)
view logs using podman-compose logs from the folder that contains the compose file
if you can see the web ui but don't know what the password is, use podman-compose logs and you should see the temporary password generated by qBittorrent (this is explained in the guide)
I can get 1 MB/s, but honestly 200 KB/s is fast enough for me, I just wait a few hours to torrent an entire show. In terms of content most of the show I want to watch are uploaded to Postman tracker
You could just install the i2pd windows client, and then configure it to enable "SAM". You could use the i2pd.conf file in my repo as a reference, just make sure to use 127.0.0.1 instead of 0.0.0.0 so that only applications running on your computer would be able to access i2pd (0.0.0.0 is only needed for docker). Then you would configure your browser and qbittorrent the same way detailed in my repo, except make sure to enable "mixed" mode so that your torrents are seeding over both clearnet and I2P. Lastly, even though you'll be seeding your torrents over I2P, nobody will be able to find them unless you post them to an I2P tracker like Postman. I don't know how to submit torrents to Postman so you're on your own for that one
This was mentioned in the other thread but I should probably mention it here as well. Unlike with TOR, in I2P every user is also expected to be a router. I think this is great and helps encourage decentralization, scaling, and DDoS resistance. Techlore mentioned something similar in one of his videos (but I can't find it right now). However, this does mean that you never really know what traffic is going through your router. It's all encrypted, but some users may still have concerns with that. I wrote my own opinions on this topic in that same comment thread.
Thanks for the info, I would not claim to be an expert about I2P so some of this is definitely new to me. Though I think the situation has improved quite a bit.
Complex configuration process: It necessitates a drawn-out installation procedure and specific browser settings.
If you just want I2P without the torrenting, you can use the official I2P router, which is just an HTTP proxy that runs on your PC, just like Tor. The 3rd-party router used in my guide, i2pd, has a Flatpak as well. So as far as installing the router goes, it's a few clicks. You are correct that it does require configuring the browser though, you are correct. This is explained in my guide and also on the official website. Not as easy as clicking an "Install" button, but only takes around 5 minutes. I wish there were an official I2P browser like the Tor browser though.
Must-have logging: The I2P user interface must be logged in for users to access their material.
Not sure what you mean by this. I've never had to log into anything to set up I2P.
Severe vulnerabilities
I have no doubt. But Tor has had many vulnerabilities too. Both have gotten much better over time.
A much tiner user base than TOR: As a result, I2P has fewer network nodes and servers and is more open to intrusions.
Definitely true. In fact it makes me suspicious how fast TOR is despite how many users there are, and how the relatively high requirements to be a relay (not to mention an exit node). AFAIK TOR is heavily reliant on rich and generous patrons, which makes me wonder about the motives of these patrons. I believe I2P has the potential to be much more decentralized, since every user is expected to also be a router, and Techlore has also raised this point (though I don't have the video on me right now).
Less anonymity when browsing indexed sites: I2P does not ensure that users’ browsing of indexed sites is completely anonymous. The use of VPN services may be able to address this issue.
There's basically only one, listed towards the bottom of the guide in the repo: http://tracker2.postman.i2p/. And it's "public" but only accessible via I2P. I tried to explain everything in the repo so let me know if I missed anything!
If you're willing to take the time to learn a bit of podman/docker, you should check out my recent post on I2P torrenting. There's no problems with port forwarding on the I2P network. There are other ways to torrent over I2P without podman/docker too, you'll just have to research them yourself
I probably should have mentioned this in the post, but don't forget you can run this on desktop too! All Fedora-based distros (Kinoite, Bazzite, etc) have Podman pre-installed. You just need to install podman-compose/docker-compose. If you're on an atomic distro you'll have to layer, or use a distrobox (either install podman-compose and use host podman or just install both podman and podman-compose inside a distrobox), or convert the compose file into individual Podman commands like podman network create --internal ... and podman run ..., but it's definitely doable in an hour or so.
It's not just the router. The officially recommended I2P torrent client, called I2PSnark, is also in Java and its a pain to get working in Docker. It's not a bad torrent client, just feels like the official I2P tools still don't have great support for modern Linux devops. Now that qBittorrent supports I2P the whole stack feels much more at home.
It's true, you never really know what will be going through your router. I guess I just got over it after a few years of struggling with VPNs and port-forwarding. Just felt like the noose was getting tighter, especially after Mullvad stopped providing the feature. My stance is that if I ever knew that such content was going through my PC I would block it, but if it's all encrypted then what can I do? Same reason why I support encrypted messaging apps - they can be used for harm but is that the fault of the tool? Though I recognize it's a complex issue.
You might be interested in my tool wg-lockdown. I mainly use it on desktops but it should work on servers as well, it's just an nftables config after all. It also shouldn't interfere with UFW though you might want to double-check with some of the networking experts here.
No worries, and thanks for providing a response nonetheless. I'll look into your suggestion when I have the time. The official Wireguard website also had some guide on network namespaces here but afaik it didn't explain how to set it up persistently
Great write-up, I've been looking for something like this. I've heard of vopono and eznetns before but not namespaced-openvpn, and this is the first post I've seen where somebody details how they use a tool like this, so thanks! I'll have to try setting it up some time.
Yeah, you don't have to dig very deep to find out how insecure our networks are. Mac addresses can be spoofed, ports can be scanned, TCP numbers can be guessed, etc...
From a privacy standpoint I don't think it would make a big difference over not using a VPN at all. It will take a bit of time but your new IP will become associated with your identity. From the perspective of Facebook and Google, it will just look like you moved and are living inside a datacenter now.
It's also slower simply because it's basically a bunch of VPNs running on consumer hardware. Actual VPN providers can provide big powerful servers. This is why I think torrenting is a great fit for the slower speeds of I2P - waiting a little longer for a download is bearable, as opposed to waiting for a webpage to load.