To parityboy: That's basically it. We use pdns-recursor in one part of deepdns so that all .onion requests resolve to the tor DNS server specified by the DNSPort config directive, and the VirtualAddrNetworkIPv4 directive uses 10.99.0.0/16 to resolve .onion's to IPs in that b-class. So when you're on CS, deepdns basically does a DNS hijack (though it's not really a hijack if the TLD isn't real) for any .onion and makes it resolve to 10.99.something which gets forwarded from you through the VPN tunnel to the exitnode. Then the exitnode uses iptables to forward anything from 10.99.0.0/16 to the ip/port specified by the TransPort config directive.
The i2p gateway/tunnel/whateverthisiscalled works in a similar way, but because i2p has no VirtualAddrNetworkIPv4 I had to set it up so that all .i2p websites resolve to the same IP (10.98.0.1), then from there most of the same flow as above is used, but it only works for HTTP at the moment (via privoxy -> i2pd) because since I can't tell which .i2p you're connecting to using the above method it has to be grabbed from the Host: part of an HTTP request, which is done automagically with privoxy. I might just have to write from scratch (or steal some tor code) that does a kind of standalone version of what VirtualAddrNetworkIPv4 does so that people can connect to any i2p server, not just websites.
But anyways, I just tested on maple and fenrir, eepsites seem fine on maple but some of them are returning 500 errors on fenrir. I'm gonna restart the i2pd there n see if that helps. If not, I've got more debugging to do :-P
That's part of the reason the i2p thing hasn't really been publicly announced yet, it's still beta-ish. Seems stable on most nodes though.
EDIT: After restarting i2pd on fenrir eepsites seem functional there again. Still gotta figure out why they just seem to stop working for no reason on certain nodes. Might be a bug in the i2pd itself (we're using https://github.com/PurpleI2P/i2pd