Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

[CS] No Mention Of I2P Access On Website

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

[CS] No Mention Of I2P Access On Website

Postby parityboy » Wed Mar 04, 2015 9:50 pm

@staff

I've just noticed on the new website - which I like the look of btw, so well done - under "benefits" there is no mention of access to .i2p sites; is this because the rollout is incomplete, the feature was forgotten or some other reason?

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

"the i2p gateway access thing" marketing-suck-y status report

Postby Pattern_Juggled » Fri Mar 13, 2015 11:51 am

Rollout is complete, but it's sort of been waiting on an official announcement. Which in turn is waiting on some final work on torstorm's public access announcement. Which, in turn, is waiting on...

Anyway, marketing stuff - which we suck at. So it takes longer than usual for us to do it... and it's still sucky :-P

Also there's been some iterative upgrading of the load-handling side of the i2p gateway access.

Also we have no name for it, apart from "the i2p gateway access thing"... which does, indeed, suck.

Cheers,

~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: "the i2p gateway access thing" marketing-suck-y status report

Postby parityboy » Fri Mar 13, 2015 6:06 pm

Pattern_Juggled wrote:
Also we have no name for it, apart from "the i2p gateway access thing"... which does, indeed, suck.


"eepstorm"? "TI2" (Truly Invisible Internet)? :)

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: "the i2p gateway access thing" marketing-suck-y status report

Postby Pattern_Juggled » Fri Mar 13, 2015 7:56 pm

parityboy wrote:
Pattern_Juggled wrote:
Also we have no name for it, apart from "the i2p gateway access thing"... which does, indeed, suck.


"eepstorm"? "TI2" (Truly Invisible Internet)? :)


There's been moves towards "i2pstorm" but that... well, you can imagine. Got2pstorm, etc. ;-P

It'll appear, at some point, and we'll be glad for it's arrival!

edit: also helps to know that already we're transiting any Tor traffic - not just .onion sites - via the deepDNS gateways, & it seems almost certain we'll be doing the same for i2p in fairly short order. So it's not just eepsites, in terms of functionality...

Cheers,

~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: [CS] No Mention Of I2P Access On Website

Postby parityboy » Fri Mar 13, 2015 9:57 pm

@PJ

edit: also helps to know that already we're transiting any Tor traffic - not just .onion sites - via the deepDNS gateways, & it seems almost certain we'll be doing the same for i2p in fairly short order. So it's not just eepsites, in terms of functionality...


OK, so explain this functionality. As far as I could tell, network member traffic would be routed via the on-gateway I2P or Tor router, depending on whether the traffic destination is a .onion or .i2p address. Equally, clearnet-destined traffic is simply routed via the exit NIC on the gateway, as per the usual mode of operation we've had all along.

Are you simply saying that you can still use Tor-over-CS (as in client-side Tor Browser Bundle, for example) and therefore route traffic via Tor exit nodes, or are you saying something else?


Guest

Re: [CS] No Mention Of I2P Access On Website

Postby Guest » Sat Mar 14, 2015 4:52 am

TBB seams to work as expected here, and .onion sites load on a standard browser without tor.
I2p doesn't load though; Or rather they all load blank.

I'm also curious re: parityboys question- what's TBB got to do with deep-dns?

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: [CS] No Mention Of I2P Access On Website

Postby df » Sat Mar 14, 2015 5:09 am

i2p functionality is enabled on all the nodes, it's just that some of them was recently restarted and it does take a while for them to start working again for all eepsites.

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: [CS] No Mention Of I2P Access On Website

Postby df » Sat Mar 14, 2015 5:23 am

To parityboy: That's basically it. We use pdns-recursor in one part of deepdns so that all .onion requests resolve to the tor DNS server specified by the DNSPort config directive, and the VirtualAddrNetworkIPv4 directive uses 10.99.0.0/16 to resolve .onion's to IPs in that b-class. So when you're on CS, deepdns basically does a DNS hijack (though it's not really a hijack if the TLD isn't real) for any .onion and makes it resolve to 10.99.something which gets forwarded from you through the VPN tunnel to the exitnode. Then the exitnode uses iptables to forward anything from 10.99.0.0/16 to the ip/port specified by the TransPort config directive.

The i2p gateway/tunnel/whateverthisiscalled works in a similar way, but because i2p has no VirtualAddrNetworkIPv4 I had to set it up so that all .i2p websites resolve to the same IP (10.98.0.1), then from there most of the same flow as above is used, but it only works for HTTP at the moment (via privoxy -> i2pd) because since I can't tell which .i2p you're connecting to using the above method it has to be grabbed from the Host: part of an HTTP request, which is done automagically with privoxy. I might just have to write from scratch (or steal some tor code) that does a kind of standalone version of what VirtualAddrNetworkIPv4 does so that people can connect to any i2p server, not just websites.

But anyways, I just tested on maple and fenrir, eepsites seem fine on maple but some of them are returning 500 errors on fenrir. I'm gonna restart the i2pd there n see if that helps. If not, I've got more debugging to do :-P

That's part of the reason the i2p thing hasn't really been publicly announced yet, it's still beta-ish. Seems stable on most nodes though.

EDIT: After restarting i2pd on fenrir eepsites seem functional there again. Still gotta figure out why they just seem to stop working for no reason on certain nodes. Might be a bug in the i2pd itself (we're using https://github.com/PurpleI2P/i2pd )

User avatar

Topic Author
parityboy
Site Admin
Posts: 1105
Joined: Wed Feb 05, 2014 3:47 am

Re: [CS] No Mention Of I2P Access On Website

Postby parityboy » Sun Mar 15, 2015 1:34 am

@df

Cheers for the explanation. With regard to the .onion stuff, I assume you're using the Tor relay software in client mode? How then are you wrapping TCP packets before sending them to the SOCKS interface on the Tor client relay?

EDIT
It's OK, I re-read your posted and then edu-guessed that TransPort was part of Tor rather than PowerDNS. I see what you're doing now. Interesting. :D

User avatar

df
Site Admin
Posts: 285
Joined: Thu Jan 01, 1970 5:00 am

Re: [CS] No Mention Of I2P Access On Website

Postby df » Mon Mar 16, 2015 12:25 am

Yea, TransPort = tor. The whole concept we're doing is based on the great article/tutorial @ https://grepular.com/Transparent_Access ... n_Services . Our implementation is slightly different, but the basic idea is the same.
There's also https://grepular.com/Transparent_Access_to_I2P_eepSites which is what we based the transparent i2p thing on.


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: No registered users and 12 guests

Login