I2pd netvm guide

Original forum link
https://forum.qubes-os.org/t/31402
Original poster
anone381
Created at
2025-01-10 12:46:12
Last wiki edit
2025-01-10 16:51:56
Revisions
2 revisions
Posts count
12
Likes count
18

Installation

First of all you have to install archlinux template. (You could install it using Template Manager) After that, create archlinux-i2pd template VM image|690x417

Execute these commands in archlinux-i2pd qube: 

sudo pacman -S archlinux-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux
sudo pacman -S micro
uncomment line #ParallelDownloads = 5 in pacman configuration file: 
sudo micro /etc/pacman.conf # (Ctrl+q for quit)

Continue installation 

sudo pacman -Suy --noconfirm --needed base-devel git firefox
cd /tmp
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si --noconfirm
yay --noconfirm -S i2pd-qt-git clash-verge-rev-bin
shutdown now
Create a new qube sys-i2pd-out image|623x429 image|627x432

Execute commands in sys-i2pd-out: 

mkdir -p ~/.config/autostart
cp /usr/share/applications/website.i2pd.i2pd.desktop .config/autostart/
mkdir -p ~/.i2pd
touch ~/.i2pd/tunnels.conf
touch /home/user/autostart.sh
chmod +x /home/user/autostart.sh
sudo nft add rule ip qubes custom-input meta l4proto tcp ct state new,established tcp dport 4500 accept
i2pd_qt
Now you should wait about 10-20 minutes, while i2pd starts accept connections

For simple monitoring execute in another terminal tab 

watch curl --socks5-hostname 127.0.0.1:4447 acetone.i2p
When the command above returns response go to the next steps

Modify exec command. In file .config/autostart/website.i2pd.i2pd.desktop, replace Exec=i2pd_qt to Exec=/home/user/autostart.sh

Paste content below into file /home/user/autostart.sh: 

#!/bin/bash
sudo nft add rule ip qubes custom-input meta l4proto tcp ct state new,established tcp dport 4500 accept
i2pd_qt

paste content below in .i2pd/tunnels.conf: 

[socks-outproxy-tcp]
type = client
address = 0.0.0.0
port = 4500
keys = transient-outproxy
destination = outproxy.acetone.i2p
destinationport = 1080
inbound.length = 1
outbound.length = 1
inbound.lengthVariance = 1
outbound.lengthVariance = 1

[socks-outproxy-udp]
type = udpclient
address = 127.0.0.1
port = 4500
keys = transient-outproxy
destination = outproxy.acetone.i2p
destinationport = 1080

Add to section [socksproxy] in .i2pd/i2pd.conf: 

outproxy.enabled = true
outproxy = 127.0.0.1
outproxyport = 4500
Restart sys-i2pd-out qube

Create a new sys-i2pd-in qube image|636x435 image|633x440

In sys-i2pd-in execute: 

mkdir -p .config/autostart
cp /usr/share/applications/Clash\ Verge.desktop .config/autostart/
image|620x500 image|622x500 image|619x500

Profiles > New > Type: Local > Save image|621x499

MRB > Edit Proxies image|618x500

Check the sys-i2pd-out qube IP in Qube Manager image|690x375

Write socks5://<YOUR_IP>:4500 and click Save image|617x500

Proxies > Global > undefined image|624x500

Add killswitch, execute commands in dom0: 

qvm-firewall sys-i2pd-in reset
qvm-firewall sys-i2pd-in add accept <sys-i2pd-out-ip-here> dstports=4500 proto=tcp
qvm-firewall sys-i2pd-in del --rule-no 0
thanks @solene for fix

Verify is it works image|643x500

Optional create a new test qube and select sys-i2pd-in as a network qube image|612x500

Verify network image|681x500, 50% image|690x474, 50% image|690x427, 50%

More configuring options for i2pd avaliable here: https://i2pd.readthedocs.io/en/latest/user-guide/configuration/

Thanks for reading

donations