I2pd netvm guide

Installation

First of all you have to install archlinux template. (You could install it using Template Manager)
After that, create archlinux-i2pd template VM

Execute these commands in archlinux-i2pd qube:

sudo pacman -S archlinux-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux
sudo pacman -S micro

uncomment line #ParallelDownloads = 5 in pacman configuration file:

sudo micro /etc/pacman.conf # (Ctrl+q for quit)

Continue installation

sudo pacman -Suy --noconfirm --needed base-devel git firefox
cd /tmp
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si --noconfirm
yay --noconfirm -S i2pd-qt-git clash-verge-rev-bin
shutdown now

Create a new qube sys-i2pd-out
image
image

Execute commands in sys-i2pd-out:

mkdir -p ~/.config/autostart
cp /usr/share/applications/website.i2pd.i2pd.desktop .config/autostart/
mkdir -p ~/.i2pd
touch ~/.i2pd/tunnels.conf
touch /home/user/autostart.sh
chmod +x /home/user/autostart.sh
sudo nft add rule ip qubes custom-input meta l4proto tcp ct state new,established tcp dport 4500 accept
i2pd_qt

Now you should wait about 10-20 minutes, while i2pd starts accept connections

For simple monitoring execute in another terminal tab

watch curl --socks5-hostname 127.0.0.1:4447 acetone.i2p

When the command above returns response go to the next steps

Modify exec command. In file .config/autostart/website.i2pd.i2pd.desktop, replace Exec=i2pd_qt to Exec=/home/user/autostart.sh

Paste content below into file /home/user/autostart.sh:

#!/bin/bash
sudo nft add rule ip qubes custom-input meta l4proto tcp ct state new,established tcp dport 4500 accept
i2pd_qt

paste content below in .i2pd/tunnels.conf:

[socks-outproxy-tcp]
type = client
address = 0.0.0.0
port = 4500
keys = transient-outproxy
destination = outproxy.acetone.i2p
destinationport = 1080
inbound.length = 1
outbound.length = 1
inbound.lengthVariance = 1
outbound.lengthVariance = 1

[socks-outproxy-udp]
type = udpclient
address = 127.0.0.1
port = 4500
keys = transient-outproxy
destination = outproxy.acetone.i2p
destinationport = 1080

Add to section [socksproxy] in .i2pd/i2pd.conf:

outproxy.enabled = true
outproxy = 127.0.0.1
outproxyport = 4500

Restart sys-i2pd-out qube

Create a new sys-i2pd-in qube
image
image

In sys-i2pd-in execute:

mkdir -p .config/autostart
cp /usr/share/applications/Clash\ Verge.desktop .config/autostart/



Profiles > New > Type: Local > Save

MRB > Edit Proxies

Check the sys-i2pd-out qube IP in Qube Manager

Write socks5://<YOUR_IP>:4500 and click Save

Proxies > Global > undefined

Add killswitch, execute commands in dom0:

qvm-firewall sys-i2pd-in reset
qvm-firewall sys-i2pd-in add accept <sys-i2pd-out-ip-here> dstports=4500 proto=tcp
qvm-firewall sys-i2pd-in del --rule-no 0

thanks @solene for fix

Verify is it works

Optional create a new test qube and select sys-i2pd-in as a network qube

Verify network



More configuring options for i2pd avaliable here: Configuring - i2pd documentation

Thanks for reading

donations

  • ETH 0xa8C72e40D17671695Eaf5D7A5aE5a965CB52F28
  • BTC bc1qcqq5vu98g5zjds6e7c4j4af5v0zyg0z4qmlzu3
  • USDT TRC20 TQa4HEayA7JpjTNCfReQ4zXBDevk9TRYor
  • LTC ltc1qwhakmnj7mu9wry4u5lkzujf99g9h825fqp4730
4 Likes

Using the “firewall rules” tabs still allow DNS queries and ICMP to go through :confused: (it is explained at the bottom of the page)

You should use qvm-firewall from dom0 to block everything by default for that qube, then allow 10.137.0.33/32 on port tcp/4500

4 Likes

Ok thank you, i’ve fixed my guide using your solution from this thread Wireguard VPN setup
Now qvm-firewall sys-i2pd-in command response:

NO  ACTION  HOST            PROTOCOL  PORT(S)  SPECIAL TARGET  ICMP TYPE  EXPIRE  COMMENT
0   accept  10.137.0.33/32  tcp       4500     -               -          -       -
3 Likes

I posted some questions here: Request for a sys-i2pd setup guide - #7 by tanky0u

1 Like

The two VMs do not need to allocate too much memory, 500mb is enough,

Note: I do not recommend that some users run i2pd directly in countries with strict Internet blockades because there are many honeypots, so please configure a pre-installed VPN

3 Likes

Cannot even install “micro”, getting 404 error… Template is connected to sys-firewall…

Make sure to update the entire system. Please ignore the errors for the corrupted files because they are irrelevant to this process.

Why do you use Archlinux-template?
My guide is using Debian-minimal as sys-i2pd, and Fedora-minimal as i2pd-workstation.
User don’t need Archlinux-template.

Already answered here Request for a sys-i2pd setup guide - #8 by anone381. And finally if you don’t like my solution you can do you own.

Something is wrong, Qubes Update fails too with the template…

In the archlinux machines, please install archlinux-keyring:

$ sudo pacman -S archlinux-keyring

This is to install the latest keyring first before updating the system.

If there is no errors, just continue with the guide.

"I’ve made a new implementation of this guide, which is based on debian-12 from I2pd netvm based on debian guide

3 Likes