IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/01/17
RN I still can't get an eepsite running on a couple routers. Jetty is working - I can load the eepsite at 127.0.0.14:7658. The tunnel is working, the destination connects but gives a 503 message. SSL is not enabled. (default)
RN The port 7658 is not in use by anything but the router - shutdown the router or the tunnel and sockstat shows the port is no longer active.
RN but when starting the router, or the tunnel I get the following error
RN ERROR [7.0.0.1:7658] .i2ptunnel.I2PTunnelHTTPServer: Error connecting to HTTP server /127.0.0.1:7658
RN java.net.BindException: Can't assign requested address (Bind failed)
RN at java.net.PlainSocketImpl.socketBind(Native Method)
RN at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:387)
RN at java.net.Socket.bind(Socket.java:662)
RN at java.net.Socket.<init>(Socket.java:451)
RN at java.net.Socket.<init>(Socket.java:346)
RN at net.i2p.i2ptunnel.I2PTunnelServer.getSocket(I2PTunnelServer.java:881)
RN at net.i2p.i2ptunnel.I2PTunnelServer.getSocket(I2PTunnelServer.java:827)
RN at net.i2p.i2ptunnel.I2PTunnelHTTPServer.blockingHandle(I2PTunnelHTTPServer.java:543)
RN at net.i2p.i2ptunnel.I2PTunnelServer$Handler.run(I2PTunnelServer.java:753)
RN at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
RN at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
RN at java.lang.Thread.run(Thread.java:748)
RN there is something wrong between jetty and the tunnel
RN FOUND IT!
zzz go ahead with your question tony
tony Thanks
tony I'm trying setup i2p on my NAS in a docker container. It seems to be working but I'm not sure how to test the configuration to give it max bandwidth.
zzz what do you want to test?
tony I waant to check that the docker installation is working at its peak. It says firewalled but I cant track that down. any ideas?
tony Perhaps a log can help find it
tony I did that welcome page again and did the bandwidth test. It still says firewalled but I cant find the firewall entry.
eyedeekay Try going to address-of-your-nas:7657/confignet, the port which needs to be forwarded will be in a section about halfway down the page
eyedeekay Usually it's randomized
eyedeekay Don't tell us it, just make a note of it
eyedeekay It's under "UDP Configuration"
eyedeekay When you ran your docker container, did you `-p udpport:udpport` or `-p :udpport`
dr|z3d zzz: refinements -> skank.i2p/socks/socks.svg and skank.i2p/socks/socksproxy-32.png (technically redundant, but whatever suits).
dr|z3d should be better for color-blind users, as well as better defined at 16x16.
Irc2PGuest53454 zzz I2P is a blocker to be added/work over anonymous distros like whonix and i assume the same for tails
Irc2PGuest53454 @eyedeekay if I2P can take tiemstamps similarly to Tor in anonymous distro like sdwdate or anondate.. isnt that possible?
Irc2PGuest53454 curl --header to the onion website and from it we know the time thats how sdwdate work
Irc2PGuest53454 we can make the same thing with I2P just replacing onion services with i2p eepsites
zzz if you have comments on an issue, please put them in the issue, thanks
eyedeekay Yeah IRC2PGuest53454 I'm in the middle of a blizzard right now and my power/cable might go out at any time, asynchronous is your best bet
anonymousmaybe btw thanks for fixing i2p for debian looks great!
Irc2PGuest22109 i need to identify myself almost each time i get disconnected
Irc2PGuest22109 hmm werent the same as before.. not sure the issue from irc or i2p
RN have you enabled nickserv in your client or bouncer?
Irc2PGuest22109 im on hexchat client
dr|z3d I have a feeling it may be related to case sensitivity now active on nickserv, but I'm not sure. post-migration, I'm seeing similar issues.
RN It has options for nickserv. I thought the nicserv password was always case sensative...
Irc2PGuest22109 do you what to enable or so in hexchat to make my nickname always appearing?
Irc2PGuest22109 do you know*
dr|z3d you can send commands on connect.
dr|z3d Blinded message
Irc2PGuest22109 >NickServ< identify ****
Irc2PGuest22109 -NickServ- You are now identified for anonymousmaybe.
RN yep. that is a good option if you don't want to use hexchat's mechanism
Irc2PGuest22109 yes i done that
Irc2PGuest22109 name still not anonymousmaybe
RN I set both.
eyedeekay Usually it's a client-side issue I think, I observed no change in libpurple based clients but Revolution IRC broke
RN the overlap does not hurt
dr|z3d to release an existing username so you can autheticate, /msg nickserv release username <password>
RN hey, while we are talking about it, did the vhost bot not make the migration?
anonymousmaybe changed it manually lets see, hope when i disconnected doesnt go back to same way
anonymousmaybe RN i read that postman was working on it no?
anonymousmaybe also RN since you available I2Pd also rely on NTP right?
anonymousmaybe NTP is UDP, Tor is TCP only so this is real blocker of I2P over Tor for now
RN_ I don't know if i2pd is using ntp, but a good clock is important, and per a comment just now in a meeting, it is not important how the clock is kept accurate, just that it is accurate
anonymousmaybe true clock is important but getting the correct time through insecure channels is also a game over for anonymity
RN_ they are discussing this right now in #ls2
term99 is ntp with nts an option? it uses tcp 4460 but i don't know if the original ntp request is udp still
zzz anonymousmaybe, Java i2p over tor doesn't work, Java i2p in whonix doesn't work, don't bother. "NTP is the only real blocker" is not true.
anonymousmaybe i see, what else is a blocker for i2p to work over tor?
RN anonymousmaybe, I2P does not support being run over tor. if you want to do that you are left to your own devices.
anonymousmaybe term99 NTP is entirely garbage to be used in the first place.
anonymousmaybe RN that wasnt the case just before one year ago
anonymousmaybe but good to document that in I2P and give reasons behind that
zzz java i2p is not designed to be proxied over anything.
anonymousmaybe i see, will document that in whonix because users asking about and in our docs we were recommending an I2P to be running over Tor (since it sound more secure and also was working before)
anonymousmaybe also easier/more secure to have i2p in whonix-workstation (whonix stuff)
anonymousmaybe anyway thanks zzz <3
zzz if you hate NTP, advanced conifig: time.disabled=true
zzz we met the whonix guy (Patrick?) in germany a few years back. talk to him
zzz maybe with enough configuration it might work a little bit. still a bad idea though. i2pd might work better. or might not
anonymousmaybe yes patrick is the found of whonix
anonymousmaybe not about hate or love its just real threat to anonymity to use NTP
zzz if you can't reseed, then nothing is going to work
zzz so it sounds completely broken
zzz if NTP is a threat in your threat model, turn it off
anonymousmaybe true, according to eyedeekay he said banana server and gave me onion reseeder which solved the problem (log messages werent showing any further reseeding issues later)
anonymousmaybe let me turn off NTP and see if its going to work
zzz NTP is never required
zzz but you need a good time from somewhere
anonymousmaybe on the machine is already have a good time through sdwdate
anonymousmaybe if I2P can pick it up from it thats will solve the issue of time for sure
zzz your reseed failed presumably because DNS failed
zzz I2P gets the time from the system, and adjusts it using NTP if it has it. It doesn't need to know anything about sdwdate
zzz if whonix sets the system time, you're good
zzz it's not going to be happy reseeding without DNS
anonymousmaybe i see, so its reseeding issue hmm
zzz it's right there in your ticket
zzz and as you said, thats how you fixed it
zzz Q.E.D.