Carding 4 Carders
Professional
I2P (Invisible Internet Protocol) is a free tool for organizing anonymous communications over the Internet. It is a peer-to-peer network in which each user is, by default, a potential link in an anonymous chain of other network participants. I2P traffic is encrypted and cannot be analyzed. The concept of a "watchdog" node in I2P, which is present in the Tor network, does not exist: there is no permanent node through which access to the network is carried out. User interaction with I2P on the home provider side is identified as a chaotic connection to random hosts. The number of client connections with a white IP on average varies around the four thousand mark. In addition to the payload, this includes the exchange of service information with other routers on the network and transit traffic.
Blocking a request for a response on the provider's side.
Unlike the regular Internet, I2P users without a dedicated address have a worse quality of using a hidden network than subscribers with a white IP. This is due to the constant need for direct communication with other routers on the network. Each router publishes its own address, which includes encryption keys, an IP address, and a port for receiving messages. Obviously, getting through to the network node behind the NAT server is not an easy task.
Difference between a user with a dedicated IP and a user behind a NAT.
However, the operation of routers without a dedicated address is possible: the network client behind NAT has to constantly maintain an active UDP connection, reserving a port on the provider's output server, accesses to which will be transmitted to the client. This scenario is very complex, especially when it comes to initializing the connection from the outside. The mechanics of the client's work behind NAT is a work of engineering that deserves a separate article.
Briefly about Yggdrasil
Yggdrasil is one of the few workable mesh network protocols. The basic concept is automatic routing in an internal IPv6 subnet (200::/7) and absolute scalability. Yggdrasil is a fully peer-to-peer network: there are no "master nodes" to which any global responsibility is delegated. It is an ideological continuation of the CJDNS (Hyperborea) project.
The abstract idea of a mesh network focuses on performance, privacy, and ease of use: traffic encryption and a low entry threshold for new users. Yggdrasil is not an anonymity tool, because the nodes closest to the user can see their real network interfaces on the local network, or their IP address when connecting to a public peer via the Internet. Mesh networks are used in the organization of pseudo-local networks, combining remote computers into one IPv6 network (similar to Hamachi for playing Minecraft and other multiplayer games). It is also used for organizing other on-network resources, such as websites and VoIP telephony.
First integration attempts
A small note.
The I2P router publishes its addresses, including IPv6, if it is enabled in the config and actually exists. Since Yggdrasil does not provide the user with a local proxy, but a full-fledged network interface (using the Tun driver from WireGuard), until recently the I2P router published an IPv6 address from The Yggdrasil subnet. Since there were more than one or even two users with IPv6 enabled in the I2P router configuration and Yggdrasil installed, you could periodically see that the I2P client (router) was communicating with other Yggdrasil addresses.
However, on the face of the following disadvantages:
There is also a special resource available from Yggdrasil that gives the user a package primarily consisting of well-known routers with The IPv6 address Yggdrasil. Each time you start an I2P router running in Yggdrasil-Only mode, you check whether the local database contains available nodes at the transport layer, i.e. whether there are other nodes with IPv6-Yggdrasil. If for some reason there are no compatible routers in the local database, the Yggdrasil resource is called again.
With the current use of Yggdrasil mostly through overlay connections to public peers over the Internet, the operation of an I2P router in Yggdrasil is comparable to a tor-over-VPN bundle: this approach completely hides the fact of using a hidden network from the home provider. In the case of I2P, there is another specific advantage: the user does not need to have a dedicated IP from the provider for trouble-free external access, since IPv6-Yggdrasil is globally accessible within the Yggdrasil network segment (a physically connected group of participants, including through public peers on the Internet).
Network integrity
The described solution is not a factor of I2P fragmentation. The construction of hidden network tunnels is a very extensive and even complex process, which also involves coordinating the transport capabilities of nodes. Forming a "garlic" - an encrypted message to a group of nodes that should form a tunnel-the router checks their addresses for compatibility. For example, a node with a single IPv4 address will not receive an instruction that requires it to establish contact with an IPv6 address, because this is obviously impossible.
In order for a Yggdrasil-Only router to build a tunnel to a node with an address from the regular Internet, at least a transit router will be selected that has two interfaces: IPv6-Yggdrasil and, for example, regular IPv4. In turn, other Yggdrasil-Only routers can also act as transit links of the tunnel, but only for communication with nodes that are compatible in transport, i.e. also have a Yggdrasil network interface. The larger the number of routers in an I2P network with IPv4, IPv6, and Yggdrasil interfaces enabled simultaneously, the more connected the network is.
Perspective
The Yggdrasil example is a private step into the future, not an end in itself. The described experience of successful integration of a hidden network into a mesh network is an important conceptual step that, if necessary, will allow you to integrate the I2P network into other mesh networks. A perspective opens up when considering self-organized mesh network segments, for example, in apartment buildings without a centralized provider. In the local network, the Yggdrasil client automatically finds other nodes and communicates with them, acting as a transit node if necessary. If at least one node in such a segment is connected to another network segment (for example, to a global one via the Internet), the networks are automatically merged. This approach to network organization has become even more realistic, because now there is a second side of the usual Internet – hidden.
For a more detailed introduction to I2P and Yggdrasil, I recommend the video:
Blocking a request for a response on the provider's side.
Unlike the regular Internet, I2P users without a dedicated address have a worse quality of using a hidden network than subscribers with a white IP. This is due to the constant need for direct communication with other routers on the network. Each router publishes its own address, which includes encryption keys, an IP address, and a port for receiving messages. Obviously, getting through to the network node behind the NAT server is not an easy task.
Difference between a user with a dedicated IP and a user behind a NAT.
However, the operation of routers without a dedicated address is possible: the network client behind NAT has to constantly maintain an active UDP connection, reserving a port on the provider's output server, accesses to which will be transmitted to the client. This scenario is very complex, especially when it comes to initializing the connection from the outside. The mechanics of the client's work behind NAT is a work of engineering that deserves a separate article.
Briefly about Yggdrasil
Yggdrasil is one of the few workable mesh network protocols. The basic concept is automatic routing in an internal IPv6 subnet (200::/7) and absolute scalability. Yggdrasil is a fully peer-to-peer network: there are no "master nodes" to which any global responsibility is delegated. It is an ideological continuation of the CJDNS (Hyperborea) project.
The abstract idea of a mesh network focuses on performance, privacy, and ease of use: traffic encryption and a low entry threshold for new users. Yggdrasil is not an anonymity tool, because the nodes closest to the user can see their real network interfaces on the local network, or their IP address when connecting to a public peer via the Internet. Mesh networks are used in the organization of pseudo-local networks, combining remote computers into one IPv6 network (similar to Hamachi for playing Minecraft and other multiplayer games). It is also used for organizing other on-network resources, such as websites and VoIP telephony.
First integration attempts
A small note.
The I2P router publishes its addresses, including IPv6, if it is enabled in the config and actually exists. Since Yggdrasil does not provide the user with a local proxy, but a full-fledged network interface (using the Tun driver from WireGuard), until recently the I2P router published an IPv6 address from The Yggdrasil subnet. Since there were more than one or even two users with IPv6 enabled in the I2P router configuration and Yggdrasil installed, you could periodically see that the I2P client (router) was communicating with other Yggdrasil addresses.
However, on the face of the following disadvantages:
- ultimately, Resid should be accessed via the regular Internet;
- the IPv6 address published by the router-Yggdrasil is unknown and inaccessible for the vast majority of I2P users;
- a successful launch of the I2P router on a Yggdrasil-Only device is unlikely due to the possible absence of nodes with The IPv6-Yggdrasil address in the resource or local database of the router.
Start of full compatibility
Since version 2.36.0, i2pd has several new configuration parameters, the main one being meshnets.yggdrasil=true. This parameter is independent of the IPv4 and IPv6 configuration. In particular, real network interfaces can be disabled. In this case, the I2P router will work in Yggdrasil-Only mode.There is also a special resource available from Yggdrasil that gives the user a package primarily consisting of well-known routers with The IPv6 address Yggdrasil. Each time you start an I2P router running in Yggdrasil-Only mode, you check whether the local database contains available nodes at the transport layer, i.e. whether there are other nodes with IPv6-Yggdrasil. If for some reason there are no compatible routers in the local database, the Yggdrasil resource is called again.
With the current use of Yggdrasil mostly through overlay connections to public peers over the Internet, the operation of an I2P router in Yggdrasil is comparable to a tor-over-VPN bundle: this approach completely hides the fact of using a hidden network from the home provider. In the case of I2P, there is another specific advantage: the user does not need to have a dedicated IP from the provider for trouble-free external access, since IPv6-Yggdrasil is globally accessible within the Yggdrasil network segment (a physically connected group of participants, including through public peers on the Internet).
Network integrity
The described solution is not a factor of I2P fragmentation. The construction of hidden network tunnels is a very extensive and even complex process, which also involves coordinating the transport capabilities of nodes. Forming a "garlic" - an encrypted message to a group of nodes that should form a tunnel-the router checks their addresses for compatibility. For example, a node with a single IPv4 address will not receive an instruction that requires it to establish contact with an IPv6 address, because this is obviously impossible.
In order for a Yggdrasil-Only router to build a tunnel to a node with an address from the regular Internet, at least a transit router will be selected that has two interfaces: IPv6-Yggdrasil and, for example, regular IPv4. In turn, other Yggdrasil-Only routers can also act as transit links of the tunnel, but only for communication with nodes that are compatible in transport, i.e. also have a Yggdrasil network interface. The larger the number of routers in an I2P network with IPv4, IPv6, and Yggdrasil interfaces enabled simultaneously, the more connected the network is.
Perspective
The Yggdrasil example is a private step into the future, not an end in itself. The described experience of successful integration of a hidden network into a mesh network is an important conceptual step that, if necessary, will allow you to integrate the I2P network into other mesh networks. A perspective opens up when considering self-organized mesh network segments, for example, in apartment buildings without a centralized provider. In the local network, the Yggdrasil client automatically finds other nodes and communicates with them, acting as a transit node if necessary. If at least one node in such a segment is connected to another network segment (for example, to a global one via the Internet), the networks are automatically merged. This approach to network organization has become even more realistic, because now there is a second side of the usual Internet – hidden.
For a more detailed introduction to I2P and Yggdrasil, I recommend the video:
