diff --git a/i2p2www/pages/site/faq.html b/i2p2www/pages/site/faq.html
index fc44dc5fd77993dd1802c735392393f99679350e..2a375110a3e3fdc2a540ee359c499405bab77795 100644
--- a/i2p2www/pages/site/faq.html
+++ b/i2p2www/pages/site/faq.html
@@ -6,750 +6,610 @@
<h4>{{ _('General') }}</h4>
</li>
<li><a href="#systems">{% trans %}What systems will I2P run on?{% endtrans %}</a></li>
+<li><a href="#java">{% trans %}Is installing Java required to use I2P?{% endtrans %}</a></li>
<li><a href="#eepsite">{% trans %}Whats an "eepsite" and how do I configure my browser so I can use them?{% endtrans %}</a></li>
-<li><a href="#peers">{% trans %}My router has very few active peers, is this OK?{% endtrans %}</a></li>
<li><a href="#active">{% trans %}What do the Active x/y numbers mean in the router console?{% endtrans %}</a></li>
-<li><a href="#vary">{% trans %}My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong?{% endtrans %}</a></li>
+<li><a href="#exit">{% trans %}Is my router an "exit node"(outproxy) to the regular Internet? I don't want it to be.{% endtrans %}</a></li>
+<li><a href="#outproxy">{% trans %}I can't access regular Internet sites through I2P.{% endtrans %}</a></li>
<li><a href="#proxy_safe">{% trans %}Is using an outproxy safe?{% endtrans %}</a></li>
-<li><a href="#down">{% trans %}Most of the eepsites within I2P are down?{% endtrans %}</a></li>
-<li><a href="#ports">{% trans %}What ports does I2P use?{% endtrans %}</a></li>
-<li><a href="#port32000">{% trans %}Why is I2P listening for connections on port 32000?{% endtrans %}</a></li>
-<li><a href="#bug">{% trans %}I think I found a bug, where can I report it?{% endtrans %}</a></li>
-<li><a href="#jrandom">{% trans %}What happened to *.i2p.net? What happened to jrandom? Is I2P dead?{% endtrans %}</a></li>
-<li><a href="#java">{% trans %}Is installing Java required to use I2P?{% endtrans %}</a></li>
-<li><a href="#question">{% trans %}I have a question!{% endtrans %}</a></li>
+<li><a href="#badcontent">{% trans %}I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them?{% endtrans %}</a></li>
<li style="list-style: none; display: inline">
-<h4>{{ _('Setup') }}</h4>
+<h4>{{ _('Getting Started') }}</h4>
</li>
-<li><a href="#reseed">{% trans %}My router has been up for several minutes and has zero or very few connections{% endtrans %}</a></li>
-<li><a href="#slow">{% trans %}Why is I2P so slow?{% endtrans %}</a></li>
-<li><a href="#subscriptions">{% trans %}I'm missing lots of hosts in my addressbook. What are some good subscription links?{% endtrans %}</a></li>
-<li><a href="#myeepsite">{% trans %}How do I set up my own eepsite?{% endtrans %}</a></li>
-<li><a href="#snark">{% trans %}Bittorrent / I2PSnark / Azureus I2P Plugin Questions?{% endtrans %}</a></li>
-<li><a href="#irc">{% trans %}How do I connect to IRC within I2P?{% endtrans %}</a></li>
-<li><a href="#outproxy">{% trans %}I can't access regular Internet sites through I2P.{% endtrans %}</a></li>
-<li><a href="#https">{% trans %}I can't access https:// or ftp:// sites through I2P.{% endtrans %}</a></li>
-<li><a href="#socks">{% trans %}Is it possible to use I2P as a SOCKS proxy?{% endtrans %}</a></li>
<li><a href="#browserproxy">{% trans %}How do I configure my browser?{% endtrans %}</a></li>
+<li><a href="#irc">{% trans %}How do I connect to IRC within I2P?{% endtrans %}</a></li>
+<li><a href="#myeepsite">{% trans %}How do I set up my own eepsite?{% endtrans %}</a></li>
+<li><a href="#ports">{% trans %}What ports does I2P use?{% endtrans %}</a></li>
+<li><a href="#subscriptions">{% trans %}I'm missing lots of hosts in my addressbook. What are some good subscription links?{% endtrans %}</a></li>
<li><a href="#remote_webconsole">{% trans %}How can I access the web console from my other machines or password protect it?{% endtrans %}</a></li>
<li><a href="#remote_i2cp">{% trans %}How can I use applications from my other machines?{% endtrans %}</a></li>
+<li><a href="#socks">{% trans %}Is it possible to use I2P as a SOCKS proxy?{% endtrans %}</a></li>
<li><a href="#manual_reseed">{% trans %}How do I reseed manually?{% endtrans %}</a></li>
-<li><a href="#cpu">{% trans %}My router is using too much CPU?!?{% endtrans %}</a></li>
-<li style="list-style: none; display: inline">
-<h4>{{ _('Misconception') }}</h4>
-</li>
<li><a href="#proxy_other">{% trans %}How do I access IRC, BitTorrent, or other services on the regular Internet?{% endtrans %}</a></li>
-<li><a href="#exit">{% trans %}Is my router an "exit node"(outproxy) to the regular Internet? I don't want it to be.{% endtrans %}</a></li>
-<li><a href="#badcontent">{% trans %}I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them?{% endtrans %}</a></li>
+<li><a href="#https">{% trans %}I can't access https:// or ftp:// sites through I2P.{% endtrans %}</a></li>
<li style="list-style: none; display: inline">
-<h4>{{ _('Errors and Their Solutions') }}</h4>
+<h4>{{ _('Troubleshooting') }}</h4>
</li>
-<li><a href="#compat6x">{% trans %}I'm using FreeBSD and when I start I2P I receive an error about <code>libm.so.4</code>!{% endtrans %}</a></li>
+<li><a href="#cpu">{% trans %}My router is using too much CPU?!?{% endtrans %}</a></li>
+<li><a href="#reseed">{% trans %}My router has been up for several minutes and has zero or very few connections{% endtrans %}</a></li>
+<li><a href="#peers">{% trans %}My router has very few active peers, is this OK?{% endtrans %}</a></li>
+<li><a href="#vary">{% trans %}My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong?{% endtrans %}</a></li>
+<li><a href="#slow">{% trans %}Why is I2P so slow?{% endtrans %}</a></li>
<li><a href="#protocolfamily">{% trans %}In <code>wrapper.log</code> I see an error stating <code>Protocol family unavailable</code> when I2P is loading{% endtrans %}</a></li>
+<li><a href="#down">{% trans %}Most of the eepsites within I2P are down?{% endtrans %}</a></li>
+<li><a href="#port32000">{% trans %}Why is I2P listening for connections on port 32000?{% endtrans %}</a></li>
+<li><a href="#bug">{% trans %}I think I found a bug, where can I report it?{% endtrans %}</a></li>
+<li><a href="#question">{% trans %}I have a question!{% endtrans %}</a></li>
</ol>
{% endblock %}
+
{% block content %}
-<h3 id="systems">{% trans %}What systems will I2P run on?{% endtrans %}
-<span class="permalink">(<a href="#systems">{{ _('link') }}</a>)</span></h3>
-<p>{% trans chart='https://trac.i2p2.de/wiki/java' -%}
-While I2P has been reported to run PCs as meagre as a low-end Pentium II with 64 MB of RAM, you'll have a much better experience on a Pentium III (or better) with 128MB of RAM (or more). A <a href="{{ chart }}">chart comparing the performance</a> of the various JREs can be found at <a href="{{ chart }}">{{ chart }}</a>, but in short: it's at all possible, use Sun/Oracle Java or OpenJDK.
-{%- endtrans %}</p>
+<h2>General</h2>
+<h3 id="systems"><span class="permalink"><a href="#systems">
+{% trans %}What systems will I2P run on?{% endtrans %}</a> </span></h3>
+<p>{% trans java='https://en.wikipedia.org/wiki/Java_(programming_language)',
+android=get_url('downloads_list')+"#android" -%}
-<p>{% trans -%}
-I2P has been tested on Windows, Linux, FreeBSD (see the note <a href="#compat6x">below</a>), OSX, and OpenSolaris. There is work underway to bring I2P to the Android platform.
-{%- endtrans %}</p>
+I2P is written in the <a href="{{ java }}">Java programming language</a>.
+It has been tested on Windows, Linux, FreeBSD and OSX.
+An <a href="{{ android }}">Android port</a> is also available.{%- endtrans %}</p>
+<p>{% trans -%}In terms of memory usage, I2P is configured to use 128 MB of RAM by default.
+This is sufficient for browsing and IRC usage. However, other activities may require greater memory allocation.
+For example, if one wishes to run a high-bandwidth router, participate in I2P torrents or serve high-traffic hidden services,
+a higher amount of memory is required.{%- endtrans %}</p>
-<h3 id="bug">{% trans %}I think I found a bug, where can I report it?{% endtrans %}
-<span class="permalink">(<a href="#bug">{{ _('link') }}</a>)</span></h3>
+<p>{% trans rpi='https://en.wikipedia.org/wiki/Raspberry_Pi' -%}
+In terms of CPU usage, I2P has been tested to run on modest systems such as the <a href="{{ rpi }}">Raspberry Pi</a> range of single-board computers.
+As I2P makes heavy use of cryptographic techniques, a stronger CPU will be better suited to handle the workload generated by I2P as well as tasks
+related to the rest of the system (i.e. Operating System, GUI, Other processes e.g. Web Browsing).{%- endtrans %}</p>
-{% trans -%}
-Here are some places, pick one or more.
-{%- endtrans %}
-<ul>
-<li><a href="https://trac.i2p2.de/report/1">{{ i2pconv('trac.i2p2.i2p') }}</a> ticket (preferred method)</li>
-<li><a href="http://{{ i2pconv('pastethis.i2p') }}/">{{ i2pconv('pastethis.i2p') }}</a> and follow up on IRC in #i2p</li>
-<li>{% trans -%}
-Discuss with the developers on IRC in #i2p-dev
-{%- endtrans %}</li></ul>
+<p>{% trans chart='https://trac.i2p2.de/wiki/java' -%}A comparison of some of the available Java Runtime Environments (JRE) is available here:
+<a href="{{ chart }}">{{ chart }}</a>.
-<p>{% trans -%}
-Please include relevant information from the router logs and wrapper logs.
+Using Sun/Oracle Java or OpenJDK is recommended.
+{%- endtrans %}</p>
+
+<h3 id="java"><span class="permalink"><a href="#java">
+{% trans %}Is installing Java required to use I2P?{% endtrans %}</a></span>
+</h3>
+<p>{% trans alt=site_url('about/alternative-clients') -%}
+While the main I2P client implementation requires Java, there are several
+<a href="{{ alt }}">alternative clients</a> which don't require Java.
{%- endtrans %}</p>
-<h3 id="subscriptions">{% trans %}I'm missing lots of hosts in my addressbook. What are some good subscription links?{% endtrans %}
-<span class="permalink">(<a href="#subscriptions">{{ _('link') }}</a>)</span></h3>
+<h3 id="eepsite"><span class="permalink"><a href="#eepsite">
+{% trans %}Whats an "eepsite"?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
-The default subscription is to http://www.i2p2.i2p/hosts.txt which is updated rarely.
-If you don't have another subscription, you may often have to use "jump" links which
-is annoying.
+An eepsite is a website that is hosted anonymously, a hidden service which is accessible through your web browser.
+It can be accessed by setting your web browser's HTTP proxy to use the I2P web proxy (typically it listens on localhost port 4444), and browsing to the site.
{%- endtrans %}</p>
+<h3 id="active"><span class="permalink"><a href="#active">
+{% trans %}What do the Active x/y numbers mean in the router console?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
-Here are some other public addressbook subscription links. You may wish to add one or two
-to your <a href="http://localhost:7657/susidns/subscriptions.jsp">susidns subscription list</a>.
-You don't need to add all of them, as they sync with each other periodically.
-The links using a cgi-bin application employ various strategies to minimize
-the number of duplicate addresses delivered, so they should be more efficient.
-Note that subscribing to a hosts.txt service is an act of "trust", as a malicious
-subscription could give you incorrect addresses. So think about whether you
-want to trust any of these.
-The operators of these services may have various policies for listing hosts.
-Presence on this list does not imply endorsement.
+x is the number of peers you've sent or received a message from successfully in the last minute, y is the number of peers seen in the last hour or so.
+Try hovering your cursor over the other lines of information for a brief description.
{%- endtrans %}</p>
-<div class="links">
-<ul>
-<li><a href="http://i2host.i2p/cgi-bin/i2hostetag">http://i2host.i2p/cgi-bin/i2hostetag</a></li>
-<li><a href="http://stats.i2p/cgi-bin/newhosts.txt">http://stats.i2p/cgi-bin/newhosts.txt</a></li>
-<li><a href="http://no.i2p/export/alive-hosts.txt">http://no.i2p/export/alive-hosts.txt</a></li>
-</div>
+<h3 id="exit"><span class="permalink"><a href="#exit">
+{% trans %}Is my router an "exit node" to the regular Internet? I don't want it to be.{% endtrans %}</a></span>
+</h3>
+<p>{% trans outproxy="http://"+i2pconv('i2pforum.i2p')+"/viewtopic.php?f=21&t=189" -%}
+No. Unlike <a href="https://www.torproject.org/">Tor</a>, "exit nodes" - or "outproxies" as they are referred to on the I2P network -
+are not an inherent part of the network.
+Only volunteers who specifically set up and run separate applications will relay traffic to the regular Internet.
+There are very, very few of these.
+By default, I2P's HTTP Proxy (configured to run on port 4444) includes a single outproxy: false.i2p. This is run on a voluntary basis by Meeh.
-<h3 id="jrandom">{% trans %}What happened to *.i2p.net? What happened to jrandom? Is I2P dead?{% endtrans %}
-<span class="permalink">(<a href="#jrandom">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-Jrandom was the lead developer of I2P and
-<a href="http://syndie.i2p2.de/">Syndie</a> for several years.
-We do not know if or when jrandom will return.
-The *.i2p.net domains were left in a non-functioning state after a power
-outage at the hosting company.
+There is an <a href="{{ outproxy }}">outproxy guide</a> available on our forums, if you would like to learn more about running an outproxy.
{%- endtrans %}</p>
-<p>{% trans jrandom=site_url('misc/jrandom-awol'), index=site_url() -%}
-See <a href="{{ jrandom }}">this page</a> for jrandom's parting message and additional information
-on the migration of *.i2p.net to <a href="{{ index }}">this website</a>.
+<h3 id="outproxy"><span class="permalink"><a href="#outproxy">
+{% trans %}I can't access regular Internet sites through I2P.{% endtrans %}</a></span>
+</h3>
+<p>{% trans -%}
+I2P is primarily not intended, nor designed, to be used as a proxy to the regular internet.
+With that said, there are services which are provided by volunteers that act as proxies to clearnet based content - these are referred to as "outproxies" on the I2P network.
+There is an outproxy configured by default in I2P's HTTP client tunnel - false.i2p.
+While this service does currently exist, there is no guarantee that it will always be there as it is not an official service provided by the I2P project.
+If your main requirement from an anonymous network is the ability to access clearnet resources, we would recommend using <a href="https://www.torproject.org/">Tor</a>.
{%- endtrans %}</p>
-<p>{% trans %}I2P remains in active development.{% endtrans %}</p>
+<h3 id="proxy_safe"><span class="permalink"><a href="#proxy_safe">
+{% trans -%}Is using an outproxy safe?{% endtrans %}</a></span>
+</h3>
+<p>{% trans -%}
+I2P does not encrypt the Internet, neither does Tor - for example, through <a href="https://en.wikipedia.org/wiki/Transport_Layer_Security">Transport Layer Security (TLS)</a>.
+I2P and Tor both aim to transport your traffic as-is securely and anonymously over the corresponding network, to its destination.
+Any unencrypted traffic generated at your system will arrive at the outproxy (on I2P) or the exit node (on Tor) as unencrypted traffic.
+This means that you are vulnerable to snooping by the outproxy operators.
+One way to protect your outproxy traffic against this is to ensure that any traffic that will be handled by the outproxy is encrypted with TLS.
+{%- endtrans %}</p>
-<h3 id="cpu">{% trans %}My router is using too much CPU?!?{% endtrans %}
-<span class="permalink">(<a href="#cpu">{{ _('link') }}</a>)</span></h3>
<p>{% trans -%}
-There are many possible causes of high CPU usage. Here is a checklist:
+For more information, you may read the Tor FAQ's answer to this question:
+<a href="https://www.torproject.org/docs/faq#CanExitNodesEavesdrop">https://www.torproject.org/docs/faq#CanExitNodesEavesdrop</a>
{%- endtrans %}</p>
-<ul>
-<li>
-{% trans -%}
-Try to use either OpenJDK or Sun/Oracle Java if it's available for your system. You can check
-which version of java you have installed by typing <code>java -version</code> at a
-command/shell prompt. Performance tends to suffer with other implementations of java.
-{%- endtrans %}
-</li>
-<li>
-{% trans -%}
-Are you running a BitTorrent client over I2P? Try reducing the number of torrents, the bandwidth limits,
-or try turning it off completely to see if that helps.
-{%- endtrans %}
-</li>
-<li>
-{% trans -%}
-Are your bandwidth limits set too high? It is possible that too much traffic is going through your
-I2P router and it is overloaded. Try reducing the setting for <em>share bandwidth percentage</em> on the <a href="http://localhost:7657/config">configuration</a> page.
-{%- endtrans %}</li>
-<li>
-{% trans -%}
-Make sure that you're running the latest version of I2P to get the benefits of increased performance and bug fixes.
-{%- endtrans %}
-</li>
-<li>
-{% trans -%}
-Has enough memory been set aside for use by I2P? Look at the memory graph on <a href="http://localhost:7657/graphs">the graphs page</a> to see
-if the memory usage is "pegged"—the JVM is spending most of its time in
-garbage collection. Increase the setting <code>wrapper.java.maxmemory</code> in the file <code>wrapper.config</code>.
-{%- endtrans %}
-</li>
-<li>
-{% trans -%}
-Is the CPU usage simply higher than you would like, or is it pegged at 100% for a long time?
-If it's pegged, this could be a bug. Look in the logs for clues.
-{%- endtrans %}
-</li>
-<li>
-{% trans jbigi=site_url('misc/jbigi') -%}
-You may be using the Java-based BigInteger library instead of the native version,
-especially if you are running on a new or unusual OS or hardware (OpenSolaris, mipsel, etc.).
-See the <a href="{{ jbigi }}">jbigi page</a> for instructions on
-diagnosing, building, and testing methods.
-{%- endtrans %}
-</li>
-<li>
-{% trans -%}
-If your native jbigi library is working fine, the biggest user of
-CPU may be routing traffic for participating tunnels. This uses CPU
-because at each hop a layer of encryption must be decoded.
-You can limit participating traffic in two ways - by reducing the
-share bandwidth on
-<a href="http://localhost:7657/confignet.jsp">confignet.jsp</a>,
-or by setting <tt>router.maxParticipatingTunnels=nnn</tt> on
-<a href="http://localhost:7657/configadvanced.jsp">configadvanced.jsp</a>.
-{%- endtrans %}
-</li>
-</ul>
-<h3 id="badcontent">{% trans %}I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them?{% endtrans %}
-<span class="permalink">(<a href="#badcontent">{{ _('link') }}</a>)</span></h3>
+<p>{% trans zzz=i2pconv('zzz.i2p'), i2pforum="http://"+i2pconv('i2pforum.i2p')+"/viewtopic.php?f=32&t=272" -%}
+In addition, you may be vulnerable to collusion between the outproxy operator
+and operators of other I2P services, if you use the same tunnels ("shared clients").
+There is additional discussion about this on <a href="http://{{ zzz }}/topics/217">{{ zzz }}</a>.
+This discussion has been <a href="{{ i2pforum }}">mirrored on our forums</a> as well.
+{%- endtrans %}</p>
+
+<p>{% trans threatmodel=site_url('docs/how/threat-model') %}
+Ultimately, this is a question that only you can answer because the correct answer depends on your browsing behaviour,
+your <a href="{{ threatmodel }}">threat model</a>, and how much you choose to trust the outproxy operator.
+{%- endtrans %}</p>
+
+<h3 id="badcontent"><span class="permalink"><a href="#badcontent">
+{% trans %}I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
-Hmm. I2P is an anonymous network, so that's a tricky one.
-I2P is designed to withstand censorship, providing a means for everyone to communicate freely.
-The best way to keep your PC free of (encrypted) traffic that you dislike is to not use I2P.
-Freedom of speech has some costs.
-But let's address your question in three parts:
+I2P is an anonymous network - it is designed to withstand attempts at blocking or censoring of content, thus providing a means for communication that anyone can use.
+I2P traffic that transits through your router is encrypted with several layers of encryption.
+Except in the case of a serious security vulnerability (of which none are currently known),
+it is not possible to know what the contents of the traffic are and thus not possible to distinguish between traffic which one is opposed to or not opposed to.
+
+ We consider the 3 parts of the question:
{%- endtrans %}</p>
<ul>
<li>
{% trans -%}
-<b>Distribution</b> - All traffic on I2P is encrypted in multiple layers. You don't know
-a message's contents, source, or destination.
-All traffic you route is internal to the I2P network, you are not an <a href="#exit">exit node</a> (outproxy).
-Your only alternative is to refuse to route
-<i>any</i> traffic, by setting your share bandwidth or maximum participating tunnels to 0 (see above).
+<b>Distribution</b><br>
+All traffic on I2P is encrypted in multiple layers. You don't know a message's contents, source, or destination.
+All traffic you route is internal to the I2P network, you are not an <a href="#exit">exit node</a> (referred to as an outproxy in our documentation).
+Your only alternative is to refuse to route <i>any</i> traffic, by setting your share bandwidth or maximum participating tunnels to 0 (see above).
It would be nice if you didn't do this, you should help the network by routing traffic for others.
Over 95% of users route traffic for others.
{%- endtrans %}
</li>
<li>
{% trans -%}
-<b>Storage</b> - I2P does not do distributed storage of content. You must be thinking of
-<a href="http://freenetproject.org/">Freenet</a>.
-Nobody's content is being stored on your computer by running I2P.
+<b>Storage</b><br>
+I2P does not do distributed storage of content, this has to be specifically installed and configured by the user (with Tahoe-LAFS, for example).
+That is a feature of a different anonymous network, <a href="http://freenetproject.org/">Freenet</a>.
+By running I2P, you are not storing content for anyone.
{%- endtrans %}
</li>
<li>
{% trans -%}
-<b>Access</b> - If there are some eepsites you don't like, don't go there.
-Or, use a blocking proxy like Privoxy or some type of "net nanny".
-{%- endtrans %}
+<b>Access</b><br>
+If there are hidden services which you dislike, you may refrain from visiting them.
+Your router will not request any content without your specific instruction to do so.{%- endtrans %}
</li>
</ul>
+<h2>Getting Started</h2>
-<h3 id="vary">{% trans %}My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong?{% endtrans %}
-<span class="permalink">(<a href="#vary">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-No. This is normal.
-All routers adjust dynamically to changing network conditions and demands.
+<h3 id="browserproxy"><span class="permalink"><a href="#browserproxy">
+{% trans %}How do I configure my browser?{% endtrans %}</a></span>
+</h3>
+<p>{% trans browserconfig=site_url('about/browser-config') -%}
+The proxy config for different browsers is on a <a href="{{ browserconfig }}"> separate page</a> with screenshots.
+More advanced configs with external tools, such as the browser plug-in FoxyProxy or the proxy server Privoxy, are possible but could introduce leaks in your setup.
{%- endtrans %}</p>
-<h3 id="reseed">{% trans %}My router has been up for several minutes and has zero or very few connections{% endtrans %}
-<span class="permalink">(<a href="#reseed">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-You may need to reseed your I2P router. With recent versions of I2P you can go to <a href="http://localhost:7657/configreseed">http://localhost:7657/configreseed</a> and click the <em>Save Changes and Reseed Now</em> button. If this method doesn't work—or you're using a very old version—you may need to <a href="#manual_reseed">reseed manually</a>.
-{%- endtrans %}</p>
-<p>{% trans -%}
-The reseed URL changed a few years ago. If this is your first install and you have installed
-an old (0.6.1.30 or earlier) release, or
-you have not run I2P in a long time, you must change the URL and then
-click "Reseed" on the console to find other routers.
-After your router is running,
-on <a href="http://localhost:7657/configadvanced.jsp">configadvanced.jsp</a>,
-add the line <tt>i2p.reseedURL=http://netdb.i2p2.de/</tt>
-OR <tt>i2p.reseedURL=http://i2pdb.tin0.de/netDb/</tt> (either should work),
-then click "Apply", then click the "reseed" link on the left.
-{%- endtrans %}</p>
-<p>{% trans downloadslist=get_url('downloads_list') -%}
-This works if you are running 0.6.1.27 or later.
-If you are running release 0.6.1.31 or later, you probably don't need to do this.
-If you are running release 0.6.1.26 or earlier, either follow the
-<a href="#manual_reseed">manual reseed instructions</a> below
-or install the <a href="{{ downloadslist }}">latest release</a>.
-Possible alternate method - add
-<tt>wrapper.java.additional.5=-Di2p.reseedURL=http://netdb.i2p2.de/</tt>
-to wrapper.config, shutdown the router completely, then start again, then click "reseed".
-Let us know if this works.
-{%- endtrans %}</p>
-<p>{% trans downloadslist=get_url('downloads_list') -%}
-...but you *really* should <a href="{{ downloadslist }}">upgrade</a> to the latest version.
-{%- endtrans %}</p>
+<h3 id="irc"><span class="permalink"><a href="#irc">
+{% trans %}How do I connect to IRC within I2P?{% endtrans %}</a></span>
+</h3>
+<p>{% trans %}
+A tunnel to the main IRC server within I2P, Irc2P, is created when I2P is installed (see the <a href="http://localhost:7657/i2ptunnel/index.jsp">I2PTunnel configuration page</a>), and is automatically started when the I2P router starts.
+To connect to it, tell your IRC client to connect to <code>localhost 6668</code>.
+HexChat-like client users can create a new network with the server <code>localhost/6668</code> (remember to tick "Bypass proxy server" if you have a proxy server configured).
+Weechat users can use the following command to add a new network:
+{%- endtrans %}</p>
+<code>
+ <pre>
+ /server add irc2p localhost/6668
+ </pre>
+</code>
-<h3 id="peers">{% trans %}My router has very few active peers, is this OK?{% endtrans %}
-<span class="permalink">(<a href="#peers">{{ _('link') }}</a>)</span></h3>
+<h3 id="myeepsite"><span class="permalink"><a href="#myeepsite">
+{% trans %}How do I set up my own eepsite?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
-If your router has 10 or more active peers, everything is fine. Changes in releases 0.6.1.31 and 0.6.1.32 improved the
-efficiency of the router and effectively reduced the number of active peers.
-The router <i>should</i> maintain connections to a few peers at all times.
-The best way to stay "better-connected" to the network is to <a href="http://localhost:7657/config">share more bandwidth</a>.
+Click on the <a href="http://localhost:7658/">Website</a> link at the top of your router console for instructions.
{%- endtrans %}</p>
-<h3 id="exit">{% trans %}Is my router an "exit node" to the regular Internet? I don't want it to be.{% endtrans %}
-<span class="permalink">(<a href="#exit">{{ _('link') }}</a>)</span></h3>
+<h3 id="ports"><span class="permalink"><a href="#ports">
+{% trans %}What ports does I2P use?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
-No. Unlike <a href="https://www.torproject.org/">Tor</a>,
-"exit nodes" or "outproxies" are not an inherent part of the network.
-Only volunteers who set up and run separate applications will relay traffic to the regular Internet.
-There are very, very few of these.
+The ports that are used by I2P can be divided into 2 sections:
{%- endtrans %}</p>
-<h3 id="outproxy">{% trans %}I can't access regular Internet sites through I2P.{% endtrans %}
-<span class="permalink">(<a href="#outproxy">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-See above. There are very few HTTP "outproxies", they are not an inherent part of the network,
-and they may not be up.
-In addition, the old outproxies squid.i2p, true.i2p, and krabs.i2p have vanished.
-The only outproxy at the moment is false.i2p.
-To use it, edit your <a href="http://localhost:7657/i2ptunnel/edit.jsp?tunnel=0">i2ptunnel settings for eepProxy</a>
-and set your outproxy list to 'false.i2p' (only).
-Then stop and restart the eepProxy.
-If it doesn't work, the outproxy is not up. It is not I2P's fault.
-If your primary reason to use an anonymous network is to anonymously access sites
-on the regular Internet, you should probably try <a href="https://www.torproject.org/">Tor</a>.
-{%- endtrans %}</p>
+<ol>
+ <li>{% trans %}Internet-facing ports, which are used for communication with other I2P routers{% endtrans %}</li>
+ <li>{% trans %}Local ports, for local connections{% endtrans %}</li>
+</ol>
-<h3 id="https">{% trans %}I can't access https:// or ftp:// sites through I2P.{% endtrans %}
-<span class="permalink">(<a href="#https">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-Within I2P, there is no need for HTTPS, as all traffic is encrypted end-to-end.
-FTP is not supported for technical reasons.
-{%- endtrans %}</p>
-<p>{% trans -%}
-There are no FTP "outproxies" to the Internet—it may not even be possible to set up one.
-Any other kind of outproxy may work if it's set up with a standard tunnel.
-If you would like to set up some type of outproxy, carefully research the potential risks.
-The I2P community may or may not be able to help with the technical aspects, feel free to ask.
-{%- endtrans %}</p>
-<p>{% trans -%}
-As explained several times above, any existing outproxy isn't a core part of the network.
-They are services run by individuals and they may or may not
-be operational at any given time.
-{%- endtrans %}</p>
<p>{% trans -%}
-<b>Update</b>: Thanks to the work of h2ik, there is an https outproxy available for use via I2P. Starting with I2P 0.8.4 <a href="http://localhost:7657/i2ptunnel/edit?tunnel=6">the tunnel</a> is configured out of the box.<br />
-In case the https outproxy is not available in your version of I2P, you can add it easily by doing the following:
+These are described in detail below.
{%- endtrans %}</p>
+
<ol>
- <li>
- {% trans -%}
-Open <a href="http://localhost:7657/i2ptunnel/index.jsp">i2p tunnel manager</a>. Scroll down to the bottom.
- {%- endtrans %}
+ <li>{% trans -%}Internet-facing ports<br> Note: Since release 0.7.8, new installs do not use port 8887;
+ a random port between 9000 and 31000 is selected when the program is run for the first time.
+ The selected port is shown on the router <a href="http://127.0.0.1:7657/confignet">configuration page</a>.{%- endtrans %}<br>
+ <b>{% trans %}OUTBOUND{% endtrans %}</b>
+ <ul>
+ <li>{% trans -%}UDP from the random port listed on the <a href="http://127.0.0.1:7657/confignet">configuration page</a> to arbitrary remote UDP ports, allowing for replies{%- endtrans %}</li>
+ <li>{% trans -%}TCP from random high ports to arbitrary remote TCP ports{%- endtrans %}</li>
+ <li>{% trans -%}Outbound UDP on port 123, allowing for replies.
+ This is necessary for I2P's internal time sync (via SNTP - querying a random SNTP host in pool.ntp.org or another server you specify){%- endtrans %}</li>
+ </ul>
+ <b>{% trans %}INBOUND{% endtrans %}</b>
+ <ul>
+ <li>{% trans -%}(Optional, recommended) UDP to the port noted on the <a href="http://127.0.0.1:7657/confignet">configuration page</a> from arbitrary locations{%- endtrans %}</li>
+ <li>{% trans -%}(Optional, recommended) TCP to the port noted on <a href="http://127.0.0.1:7657/confignet">configuration page</a> from arbitrary locations{%- endtrans %}</li>
+ <li>{% trans -%}Inbound TCP can be disabled on the <a href="http://127.0.0.1:7657/confignet">configuration page</a>{%- endtrans %}</li>
+ </ul>
</li>
- <li>
- {% trans -%}
-Choose <b>CONNECT</b> from <b>New Client Tunnel</b> dropdown list, click <b>Create</b>
- {%- endtrans %}
+ <li>{% trans -%}Local I2P ports, listening only to local connections by default, except where noted:{%- endtrans %}<br>
+ <table >
+ <tr>
+ <th>
+ {% trans %}PORT{% endtrans %}
+ </th>
+ <th>
+ {% trans %}PURPOSE{% endtrans %}
+ </th>
+ <th>
+ {% trans %}DESCRIPTION{% endtrans %}
+ </th>
+ </tr>
+ <tr>
+ <td>
+ 1900
+ </td>
+ <td>
+ UPnP SSDP UDP multicast listener
+ </td>
+ <td>
+ {% trans %}Cannot be changed. Binds to all interfaces. May be disabled on <a href="http://127.0.0.1:7657/confignet">confignet</a>.{% endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 2827
+ </td>
+ <td>
+ BOB bridge
+ </td>
+ <td>
+ {% trans -%}A higher level socket API for clients. Disabled by default. May be enabled/disabled on <a href="http://127.0.0.1:7657/configclients">configclients</a>.
+ May be changed in the bob.config file.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 4444
+ </td>
+ <td>
+ HTTP proxy
+ </td>
+ <td>
+ {% trans %}May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.{% endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 4445
+ </td>
+ <td>
+ HTTPS proxy
+ </td>
+ <td>
+ {% trans %}May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.{% endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 6668
+ </td>
+ <td>
+ IRC proxy
+ </td>
+ <td>
+ {% trans %}May be disabled or changed on the i2ptunnel page in the router console. May also be configured to be bound to a specific interface or all interfaces.{% endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7652
+ </td>
+ <td>
+ HTTP TCP event listener
+ </td>
+ <td>
+ {% trans -%}Binds to the LAN address.
+ May be changed with advanced config <code>i2np.upnp.HTTPPort=nnnn</code>.
+ May be disabled on <a href="http://127.0.0.1:7657/confignet">confignet</a>.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7653
+ </td>
+ <td>
+ UPnP SSDP UDP search response listener
+ </td>
+ <td>
+ {% trans -%}Binds to the LAN address.
+ May be changed with advanced config <code>i2np.upnp.SSDPPort=nnnn</code>.
+ May be disabled on <a href="http://127.0.0.1:7657/confignet">confignet</a>.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7654
+ </td>
+ <td>
+ I2P Client Protocol port
+ </td>
+ <td>
+ {% trans -%}Used by client apps.
+ May be changed to a different port on <a href="http://127.0.0.1:7657/configclients">configclients</a> but this is not recommended.
+ May be to bind to a different interface or all interfaces, or disabled, on <a href="http://127.0.0.1:7657/configclients">configclients</a>.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7655
+ </td>
+ <td>
+ UDP for SAM bridge
+ </td>
+ <td>
+ {% trans -%}A higher level socket API for clients Only opened when a SAM V3 client requests a UDP session.
+ May be enabled/disabled on <a href="http://127.0.0.1:7657/configclients">configclients</a>.
+ May be changed in the <code>clients.config</code> file with the SAM command line option <code>sam.udp.port=nnnn</code>.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7656
+ </td>
+ <td>
+ SAM bridge
+ </td>
+ <td>
+ {% trans -%}A higher level socket API for clients Disabled by default for new installs as of release 0.6.5.
+ May be enabled/disabled on <a href="http://127.0.0.1:7657/configclients">configclients</a>.
+ May be changed in the <code>clients.config</code> file.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7657
+ </td>
+ <td>
+ Your <a href="http://127.0.0.1:7657">router console</a>
+ </td>
+ <td>
+ {% trans -%}May be disabled in the <code>clients.config</code>file.
+ May also be configured to be bound to a specific interface or all interfaces in that file.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7658
+ </td>
+ <td>
+ Your <a href="http://127.0.0.1:7658">eepsite</a>
+ </td>
+ <td>
+ {% trans -%}May be disabled in the <code>clients.config</code> file.
+ May also be configured to be bound to a specific interface or all interfaces in the <code>jetty.xml</code> file.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7659
+ </td>
+ <td>
+ Outgoing mail to smtp.postman.i2p
+ </td>
+ <td>
+ {% trans -%}May be disabled or changed on the i2ptunnel page in the router console.
+ May also be configured to be bound to a specific interface or all interfaces.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 7660
+ </td>
+ <td>
+ Outgoing mail to smtp.postman.i2p
+ </td>
+ <td>
+ {% trans -%}May be disabled or changed on the i2ptunnel page in the router console.
+ May also be configured to be bound to a specific interface or all interfaces.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 8998
+ </td>
+ <td>
+ mtn.i2p-projekt.i2p (Monotone)
+ </td>
+ <td>
+ {% trans -%}May be disabled or changed on the i2ptunnel page in the router console.
+ May also be configured to be bound to a specific interface or all interfaces.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 31000
+ </td>
+ <td>
+ Local connection to the wrapper control channel port
+ </td>
+ <td>
+ {% trans -%}Outbound to 32000 only, does not listen on this port.
+ Starts at 31000 and will increment until 31999 looking for a free port.
+ To change, see the <a href="http://wrapper.tanukisoftware.com/doc/english/prop-port.html">wrapper documentation</a>.
+ For more information see <a href="#port32000">below</a>.{%- endtrans %}
+ </td>
+ </tr>
+ <tr>
+ <td>
+ 32000
+ </td>
+ <td>
+ Local control channel for the service wrapper
+ </td>
+ <td>
+ {% trans -%}To change, see the <a href="http://wrapper.tanukisoftware.com/doc/english/prop-port.html">wrapper documentation</a>.
+ For more information see <a href="#port32000">below</a>.{%- endtrans %}
+ </td>
+ </tr>
+ </table>
</li>
- <li>
- {% trans forum=i2pconv('forum.i2p') -%}
-In the new page, <b>name</b> and <b>describe</b> your new https tunnel as you like.
-The <b>Access Point</b> is your local port for the new https proxy recommended port's <b>4445</b>.
-<b>Outproxy</b> should be the outproxy's .i2p address which supports https.
-See this forum post of <a href="http://{{ forum }}/viewtopic.php?p=31356#31356">h2ik</a>'s for the address.
-Make sure <b>Shared Client</b>, <b>Delay Connect</b>, <b>AutoStart</b> are checked.
-Other options should be left at the defaults. Click Save. In tunnel manger, click the <b>Start</b> button next to your new tunnel.
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-In firefox, click through <b>Tools</b>><b>Options</b>><b>Advanced</b>><b>Network</b>><b>Setting</b>.
-Untick <b>Use this proxy for all protocol</b>, set <b>SSL proxy:</b> to localhost:4445.
- {%- endtrans %}
- </li>
- <li>{{ _('Done.') }}</li>
</ol>
-
-<h3 id="proxy_safe">{% trans %}Is using an outproxy safe?{% endtrans %}
-<span class="permalink">(<a href="#proxy_safe">{{ _('link') }}</a>)</span></h3>
-<p>{% trans threatmodel=site_url('docs/how/threat-model') %}
-This is a question that only you can answer because the correct answer depends on your behaviours, your
-<a href="{{ threatmodel }}">threat model</a>, and how much you trust the outproxy operator.
-{%- endtrans %}</p>
<p>{% trans -%}
-Like Tor, I2P does not magically encrypt the Internet.
-You are vulnerable to snooping by the outproxy operators.
-The <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers">Tor FAQ</a>
-does a good job of explaining this.
-{%- endtrans %}</p>
-<p>{% trans zzz=i2pconv('zzz.i2p') -%}
-In addition, you may be vulnerable to collusion between the outproxy operator
-and operators of other I2P services, if you use the same tunnels ("shared clients").
-There is additional discussion about this on <a href="http://{{ zzz }}/topics/217">{{ zzz }}</a>.
-{%- endtrans %}</p>
-
-<h3 id="proxy_other">{% trans %}How do I access IRC, BitTorrent, or other services on the regular Internet?{% endtrans %}
-<span class="permalink">(<a href="#proxy_other">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-Unless an outproxy has been set up for the service you want to connect to, this cannot be done.
-There are only three types of outproxies running right now: HTTP, HTTPS, and email. Note that there is not a SOCKS outproxy.
-If this type of service is required, try <a href="https://www.torproject.org/">Tor</a>.
-{%- endtrans %}</p>
-
-<h3 id="down">{% trans %}Most of the eepsites within I2P are down?{% endtrans %}
-<span class="permalink">(<a href="#down">{{ _('link') }}</a>)</span></h3>
-<p>{% trans eepstatus='http://'+i2pconv('identiguy.i2p') -%}
-If you consider every eepsite that has ever been created, yes, most of them are down.
-People and eepsites come and go.
-A good way to get started in I2P is check out a list of eepsites that are currently up.
-<a href="{{ eepstatus }}">{{ eepstatus }}</a> tracks active eepsites.
-{%- endtrans %}</p>
-
-<h3 id="myeepsite">{% trans %}How do I set up my own eepsite?{% endtrans %}
-<span class="permalink">(<a href="#myeepsite">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-Click on the <a href="http://localhost:7658/">Website</a> link
-at the top of your router console for instructions.
+The local I2P ports and the I2PTunnel ports do not need to be reachable from
+remote machines, but *should* be reachable locally. You can also create
+additional ports for I2PTunnel instances via http://localhost:7657/i2ptunnel/
+(and in turn, would need to get your firewall to allow you local access, but
+not remote access, unless desired).
{%- endtrans %}</p>
-<h3 id="slow">{% trans %}Why is I2P so slow?{% endtrans %}
-<span class="permalink">(<a href="#slow">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-Why are downloads, torrents, web browsing, and everything else so slow on I2P?
-The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth.
-Anonymity isn't free.
-{%- endtrans %}</p>
<p>{% trans -%}
-In addition, you and everybody else probably need to increase your bandwidth limits.
-Two key settings are the inbound and outbound bandwidth limiters on
-<a href="http://localhost:7657/config.jsp">the configuration page</a>.
-With the default settings of 32KBps you will generally get no better than 15KBps data transfer in I2PSnark.
-Increasing the settings (but keeping within your actual connection limitations)
-will increase the potential transfer rate for I2PSnark and all other applications.
-{%- endtrans %}</p>
-<p>{% trans -%}
-Also, do you have sufficient share bandwidth configured to allow participating tunnels
-to route through your router? Believe it or not, allowing participating traffic
-keeps you well-integrated in the network and helps your own transfer speeds.
-{%- endtrans %}</p>
-<p>{% trans downloadslist=get_url('downloads_list') -%}
-I2P is a work in progress. Lots of improvements and fixes are being implemented, and
-generally speaking, running the latest release will help your performance.
-If you haven't, <a href="{{ downloadslist }}">install the latest release</a>.
-{%- endtrans %}</p>
-
-<h3 id="snark">{% trans %}Bittorrent / I2PSnark / Azureus I2P Plugin Questions?{% endtrans %}
-<span class="permalink">(<a href="#snark">{{ _('link') }}</a>)</span></h3>
-<p>{% trans forum=i2pconv('forum.i2p') -%}
-See the
-<a href="http://{{ forum }}/viewtopic.php?t=2068">I2P Bittorrent FAQ</a>
-{%- endtrans %}</p>
-
-<h3 id="irc">{% trans %}How do I connect to IRC within I2P?{% endtrans %}
-<span class="permalink">(<a href="#irc">{{ _('link') }}</a>)</span></h3>
-<p>{% trans %}
-A tunnel to the main IRC server within I2P, Irc2P, is created when I2P is installed (see
-the <a href="http://localhost:7657/i2ptunnel/index.jsp">I2PTunnel configuration page</a>),
-and is automatically started when the I2P router starts. To connect to it, tell your IRC
-client to connect to <code>localhost 6668</code>. XChat-like client users can create a
-new network with the server <code>localhost/6668</code> (remember to tick "Bypass
-proxy server" if you have a proxy server configured).
+So, to summarize, nothing needs to be reachable by unsolicited remote peers, but
+if you can configure your NAT/firewall to allow inbound UDP and TCP the <a href="http://localhost:7657/config">outbound facing port</a>, you'll
+get better performance. You will also need to be able to send outbound UDP packets
+to arbitrary remote peers (blocking IPs randomly with something like PeerGuardian
+only hurts you - don't do it).
{%- endtrans %}</p>
-<h3 id="remote_webconsole">{% trans %}How can I access the web console from my other machines or password protect it?{% endtrans %}
-<span class="permalink">(<a href="#remote_webconsole">{{ _('link') }}</a>)</span></h3>
+<h3 id="subscriptions"><span class="permalink"><a href="#subscriptions">
+{% trans %}I'm missing lots of hosts in my addressbook. What are some good subscription links?{% endtrans %}</a></span></h3>
<p>{% trans -%}
-For security purposes, the router's admin console by default only listens
-for connections on the local interface. However, with a little hacking,
-you can make it reachable remotely:
+This question can be answered in 3 parts:
{%- endtrans %}</p>
<ol>
-<li>
- {% trans -%}
-Open <code>~/.i2p/clients.config</code> and replace<br />
-<code>clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/</code><br />
-with <br />
-<code>clientApp.0.args=7657 0.0.0.0 ./webapps/</code>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-Go to <a href="http://localhost:7657/configui">http://localhost:7657/configui</a>
-and add a console username and password if desired.
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-Go to <a href="http://localhost:7657/index.jsp">http://localhost:7657/index.jsp</a>
-and hit "Graceful restart", which restarts the JVM and reloads the client applications
- {%- endtrans %}
- </li>
+ <li>{% trans -%}My router often displays a message saying "Website Not Found In Addressbook", why do I see this message?{%- endtrans %}
+ <p>{% trans -%}Human-readable addresses such as <i>http://website.i2p</i> are references to a long, random string known as a <b>destination</b>.
+ These references are registered and stored at addressbook services such as stats.i2p, which is run by zzz.
+ You will often encounter a "b32" address. A "b32" is a hash (specifically, a <a href="https://en.wikipedia.org/wiki/SHA-2">SHA256</a> hash) of the
+ destination. This hash is appended with ".b32.i2p" and serves as a convenient way to link to your hidden service, without requiring any registration on an addressbook service.{%- endtrans %}</p>
+ <p>{% trans -%}It is possible to add subscriptions to your router's configuration which may reduce the frequency of these messages.{%- endtrans %}</p></li>
+ <li>{% trans -%}What is an addressbook subscription?{%- endtrans %}
+ <p>{% trans -%}This is a list of files hosted on various I2P websites each of which contain a list of I2P hosts and their associated destinations.{%- endtrans %}</p>
+ <p>{% trans -%}The addressbook is located at <a href="http://localhost:7657/dns">http://localhost:7657/dns</a> where further information can be found.{%- endtrans %}</p></li>
+ <li>{% trans -%}What are some good addressbook subscription links?{%- endtrans %}
+ <p>{% trans -%}You may try the following:{%- endtrans %}</p>
+<div class="links">
+<ul>
+<li><a href="http://stats.i2p/cgi-bin/newhosts.txt">http://stats.i2p/cgi-bin/newhosts.txt</a></li>
+<li><a href="http://identiguy.i2p/hosts.txt">http://identiguy.i2p/hosts.txt</a></li>
+</div>
</ol>
+<h3 id="remote_webconsole"><span class="permalink"><a href="#remote_webconsole">
+{% trans %}How can I access the web console from my other machines or password protect it?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
-After that fires up, you should now be able to reach your console remotely. Reload the router at
-http://127.0.0.1:7657 and you will be prompted for the username and password you specified in step 2
-above if your browser supports the authentication popup. Note: the
-<code>0.0.0.0</code> above specifies an <i>interface</i>, not a network or netmask. 0.0.0.0
-means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as
-any LAN/WAN IP.
-{%- endtrans %}</p>
-
-<h3 id="remote_i2cp">{% trans %}How can I use applications from my other machines?{% endtrans %}
-<span class="permalink">(<a href="#remote_i2cp">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-By default, the router I2CP interface (port 7654) binds to address 127.0.0.1. To bind to 0.0.0.0, set the
-router advanced configuration option <tt>i2cp.tcp.bindAllInterfaces=true</tt> and restart.
-{%- endtrans %}</p>
+For security purposes, the router's admin console by default only listens for connections on the local interface.
-<h3 id="eepsite">{% trans %}Whats an "eepsite"?{% endtrans %}
-<span class="permalink">(<a href="#eepsite">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-An eepsite is a website that is hosted anonymously - you can access it by
-setting your web browser's HTTP proxy to use the web proxy (typically it
-listens on localhost port 4444), and browsing to the site.
-{%- endtrans %}</p>
+There are two methods for accessing the console remotely:{%- endtrans %}</p>
-<h3 id="browserproxy">{% trans %}How do I configure my browser?{% endtrans %}
-<span class="permalink">(<a href="#browserproxy">{{ _('link') }}</a>)</span></h3>
-<p>{% trans browserconfig=site_url('about/browser-config') -%}
-The proxy config for different browsers is on a <a href="{{ browserconfig }}">
-separate page</a> with screenshots. More advanced configs with external tools
-are possible but could introduce leaks in your setup.
-{%- endtrans %}</p>
+<ol>
+ <li>{% trans %}SSH Tunnel{% endtrans %}</li>
+ <li>{% trans %}Configuring your console to be available on a Public IP address with a username & password{% endtrans %}</li>
+</ol>
+<p>{% trans %}These are detailed below:{% endtrans %}</p>
+<ol>
+ <li>{% trans %}SSH Tunnel{% endtrans %}<br>
+ {% trans -%}If you are running a Unix-like Operating System, this is the easiest method for remotely accessing your I2P console.
+ (Note: SSH server software is available for systems running Windows, for example <a href="https://github.com/PowerShell/Win32-OpenSSH">https://github.com/PowerShell/Win32-OpenSSH</a>){%- endtrans %}<br>
+ {% trans %}Once you have configured SSH access to your system, the '-L' flag is passed to SSH with appropriate arguments - for example:{% endtrans %}
+ <code>
+ <pre>
+ ssh -L 7657:localhost:7657 (System_IP)
+ </pre>
+ </code>
+ where '(System_IP)' is replaced with your System's IP address.
+ This command forwards port 7657 (the number before the first colon) to the remote system's (as specified by the string 'localhost' between the first and second colons) port 7657 (the number after the second colon).
+ Your remote I2P console will now be available on your local system as 'http://localhost:7657' and will be available for as long as your SSH session is active.
+ If you would like to start an SSH session without initiating a shell on the remote system, you can add the '-N' flag:
+ <code>
+ <pre>
+ ssh -NL 7657:localhost:7657 (System_IP)
+ </pre>
+ </code>
+ </li>
+ <li>{% trans %}Configuring your console to be available on a Public IP address with a username & password{% endtrans %}<br>
+ <ol>
+ <li>{% trans %}Open <code>~/.i2p/clients.config</code> and replace{% endtrans %}
+ <code>
+ <pre>
+ clientApp.0.args=7657 ::1,127.0.0.1 ./webapps/
+ </pre>
+ </code>
+ with
+ <code>
+ <pre>
+ clientApp.0.args=7657 ::1,127.0.0.1,(System_IP) ./webapps/
+ </pre>
+ </code>
+ where you replace (System_IP) with your system's public IP
+ address</li>
+ <li>{% trans -%}Go to <a href="http://localhost:7657/configui">http://localhost:7657/configui</a> and add a console username and password if desired -
+ Adding a username & password is highly recommended to secure your I2P console from tampering, which could lead to de-anonymization.{%- endtrans %}</li>
+ <li>{% trans -%}Go to <a href="http://localhost:7657/index">http://localhost:7657/index</a> and hit "Graceful restart",
+ which restarts the JVM and reloads the client applications{%- endtrans %}</li>
+ </ol>
+ {% trans -%}After that fires up, you should now be able to reach your console remotely.
+ Load the router console at <code>http://(System_IP):7657</code> and you will be prompted for the username and password you specified in step 2 above if your browser supports the authentication popup.{%- endtrans %}
+ <br>
+ {% trans -%}NOTE: You can specify 0.0.0.0 in the above configuration.
+ This specifies an interface, not a network or netmask.
+ 0.0.0.0 means "bind to all interfaces", so it can be reachable on 127.0.0.1:7657 as well as any LAN/WAN IP.
+ Be careful when using this option as the console will be available on ALL addresses configured on your system.{%- endtrans %}</li>
+</ol>
-<h3 id="active">{% trans %}What do the Active x/y numbers mean in the router console?{% endtrans %}
-<span class="permalink">(<a href="#active">{{ _('link') }}</a>)</span></h3>
+<h3 id="remote_i2cp"><span class="permalink"><a href="#remote_i2cp">
+{% trans %}How can I use applications from my other machines?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
-x is the number of peers you've sent or received a message from
-successfully in the last minute, y is the number of peers seen in the last
-hour or so.
+Please see the previous answer for instructions on using SSH Port Forwarding, and also see this page in your console:
+<a href="http://localhost:7657/configi2cp">http://localhost:7657/configi2cp</a>
{%- endtrans %}</p>
-<h3 id="socks">{% trans %}Is it possible to use I2P as a SOCKS proxy?{% endtrans %}
-<span class="permalink">(<a href="#socks">{{ _('link') }}</a>)</span></h3>
+<h3 id="socks"><span class="permalink"><a href="#socks">
+{% trans %}Is it possible to use I2P as a SOCKS proxy?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
-The SOCKS proxy is working as of release 0.7.1. SOCKS 4/4a/5 are supported.
-There is no SOCKS outproxy so it is of limited use.
+The SOCKS proxy has been functional since release 0.7.1. SOCKS 4/4a/5 are supported.
+I2P does not have a SOCKS outproxy so it is limited to use within I2P only.
{%- endtrans %}</p>
<p>{% trans -%}
-In addition, many applications leak sensitive
-information that could identify you on the Internet. I2P only filters
-connection data, but if the program you intend to run sends this
-information as content, I2P has no way to protect your anonymity. For
-example, some mail applications will send the IP address of the machine
-they are running on to a mail server. There is no way for I2P to filter
-this, thus using I2P to 'socksify' existing applications is possible, but
-extremely dangerous.
+Many applications leak sensitive information that could identify you on the Internet and this is a risk that one should be aware of when using the I2P SOCKS proxy.
+I2P only filters connection data, but if the program you intend to run sends this information as content, I2P has no way to protect your anonymity.
+For example, some mail applications will send the IP address of the machine they are running on to a mail server.
+There is no way for I2P to filter this, thus using I2P to 'socksify' existing applications is possible, but extremely dangerous.
{%- endtrans %}</p>
<p>{% trans socks=site_url('docs/api/socks') -%}
If you would like more information on the socks proxy application anyway,
there are some helpful hints on the <a href="{{ socks }}">socks page</a>.
{%- endtrans %}</p>
-<h3 id="ports">{% trans %}What ports does I2P use?{% endtrans %}
-<span class="permalink">(<a href="#ports">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-Okay, here's a rundown of the default ports (everything is configurable
-through various settings, of course):
-{%- endtrans %}</p>
-
-
-<ul>
-
-<li>
-{% trans -%}
-<b>Internet-facing ports</b>
-Note: New installs as of release 0.7.8 do not use port 8887; they select a random port
-between 9000 and 31000 when the program is run for the first time.
-The selected port is shown on the router <a href="http://127.0.0.1:7657/confignet.jsp">configuration page.</a>
-{%- endtrans %}
-<ul>
- <li>
- {% trans -%}
-<b>Outbound UDP from the random port noted on the <a href="http://127.0.0.1:7657/confignet.jsp">configuration page</a> to arbitrary remote UDP ports, allowing replies</b>
- {% endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>Outbound TCP from random high ports to arbitrary remote TCP ports</b>
- {% endtrans %}
-</li>
- <li>
- {% trans -%}
-<b>(optional, but recommended) Inbound UDP to the port noted on <a href="http://127.0.0.1:7657/confignet.jsp">configuration page</a> from arbitrary locations</b>
- {% endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>(optional, but recommended) Inbound TCP to the port noted on <a href="http://127.0.0.1:7657/confignet.jsp">configuration page</a> from arbitrary locations</b><br />
-Inbound TCP may be disabled on the <a href="http://127.0.0.1:7657/confignet.jsp">configuration page.</a>
- {%- endtrans %}
- </li>
- <li>
-{% trans -%}
-<b>Outbound UDP on port 123, allowing replies</b><br />
-This is necessary for I2P's internal time sync (via SNTP -
-querying a random SNTP host in pool.ntp.org or another
-server you specify)
-{%- endtrans %}
- </li>
-</ul>
-</li>
-
-<li>
-{% trans -%}
-<b>Local I2P ports</b>, listening only to local connections by default,
-except where noted:
-{%- endtrans %}
-<ul>
- <li>
- {% trans -%}
-<b>1900:</b> UPnP SSDP UDP multicast listener.
-<i>Cannot be changed. Binds to all interfaces.
-May be disabled on <a href="http://localhost:7657/confignet.jsp">confignet.jsp</a>.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>2827:</b> BOB bridge, a higher level socket API for clients
-<i>Disabled by default.
-May be enabled/disabled on <a href="http://localhost:7657/configclients.jsp">configclients.jsp</a>.
-May be changed in the bob.config file.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>4444:</b> HTTP proxy
-<i>May be disabled or changed on the i2ptunnel page in the router console.
-May also be configured to be bound to a specific interface or all interfaces.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>4445:</b> HTTPS proxy
-<i>May be disabled or changed on the i2ptunnel page in the router console.
-May also be configured to be bound to a specific interface or all interfaces.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>6668:</b> IRC proxy
-<i>May be disabled or changed on the i2ptunnel page in the router console.
-May also be configured to be bound to a specific interface or all interfaces.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7652:</b> UPnP HTTP TCP event listener.
-<i>Binds to the LAN address.
-May be changed with advanced config i2np.upnp.HTTPPort=nnnn.
-May be disabled on <a href="http://localhost:7657/confignet.jsp">confignet.jsp</a>.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7653:</b> UPnP SSDP UDP search response listener.
-<i>Binds to all interfaces.
-May be changed with advanced config i2np.upnp.SSDPPort=nnnn.
-May be disabled on <a href="http://localhost:7657/confignet.jsp">confignet.jsp</a>.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7654:</b> I2P Client Protocol port, used by client apps.
-<i>May be changed to a different port on
-<a href="http://localhost:7657/configclients.jsp">configclients.jsp</a>
-but this is not recommended.
-May be to bind to a different interface or all interfaces, or disabled, on
-<a href="http://localhost:7657/configclients.jsp">configclients.jsp</a>.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7655:</b> UDP for SAM bridge, a higher level socket API for clients
-<i>Only opened when a SAM V3 client requests a UDP session.
-May be enabled/disabled on <a href="http://localhost:7657/configclients.jsp">configclients.jsp</a>.
-May be changed in the clients.config file with the SAM command line option sam.udp.port=nnnn.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7656:</b> SAM bridge, a higher level socket API for clients
-<i>Disabled by default for new installs as of release 0.6.5.
-May be enabled/disabled on <a href="http://localhost:7657/configclients.jsp">configclients.jsp</a>.
-May be changed in the clients.config file.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7657:</b> Your router console
-<i>May be disabled in the clients.config file.
-May also be configured to be bound to a specific interface or all interfaces in that file.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7658:</b> Your eepsite
-<i>May be disabled in the clients.config file.
-May also be configured to be bound to a specific interface or all interfaces in the jetty.xml file.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7659:</b> Outgoing mail to smtp.postman.i2p
-<i>May be disabled or changed on the i2ptunnel page in the router console.
-May also be configured to be bound to a specific interface or all interfaces.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>7660:</b> Incoming mail from pop.postman.i2p
-<i>May be disabled or changed on the i2ptunnel page in the router console.
-May also be configured to be bound to a specific interface or all interfaces.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>8998:</b> mtn.i2p2.i2p (Monotone - disabled by default)
-<i>May be disabled or changed on the i2ptunnel page in the router console.
-May also be configured to be bound to a specific interface or all interfaces.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>31000:</b> Local connection to the wrapper control channel port.
-<i>Outbound to 32000 only, does not listen on this port.
-Starts at 31000 and will increment until 31999 looking for a free port.
-To change, see the
-<a href="http://wrapper.tanukisoftware.com/doc/english/prop-port.html">wrapper documentation</a>.
-For more information see <a href="#port32000">below</a>.</i>
- {%- endtrans %}
- </li>
- <li>
- {% trans -%}
-<b>32000:</b> Local control channel for the service wrapper.
-<i>To change, see the
-<a href="http://wrapper.tanukisoftware.com/doc/english/prop-port.html">wrapper documentation</a>.
-For more information see <a href="#port32000">below</a>.</i>
- {%- endtrans %}
- </li>
-</ul>
-</li>
-</ul>
-
-
-<p>{% trans -%}
-The local I2P ports and the I2PTunnel ports do not need to be reachable from
-remote machines, but *should* be reachable locally. You can also create
-additional ports for I2PTunnel instances via http://localhost:7657/i2ptunnel/
-(and in turn, would need to get your firewall to allow you local access, but
-not remote access, unless desired).
-{%- endtrans %}</p>
-
-<p>{% trans -%}
-So, to summarize, nothing needs to be reachable by unsolicited remote peers, but
-if you can configure your NAT/firewall to allow inbound UDP and TCP the <a href="http://localhost:7657/config">outbound facing port</a>, you'll
-get better performance. You will also need to be able to send outbound UDP packets
-to arbitrary remote peers (blocking IPs randomly with something like PeerGuardian
-only hurts you - don't do it).
-{%- endtrans %}</p>
-
-<h3 id="port32000">{% trans %}Why is I2P listening on port 32000?{% endtrans %}
-<span class="permalink">(<a href="#port32000">{{ _('link') }}</a>)</span></h3>
-<p>{% trans -%}
-The Tanuki java service wrapper that we use opens this port—bound to localhost—in order
-to communicate with software running inside the JVM. When the JVM is launched it is given a key
-so it can connect to the wrapper. After the JVM establishes its connection
-to the wrapper, the wrapper refuses any additional connections.
-{%- endtrans %}</p>
-<p>{% trans -%}
-More information can be found in the
-<a href="http://wrapper.tanukisoftware.com/doc/english/prop-port.html">wrapper documentation</a>.
-{%- endtrans %}</p>
-
-<h3 id="manual_reseed">{% trans %}How do I reseed manually?{% endtrans %}
-<span class="permalink">(<a href="#manual_reseed">{{ _('link') }}</a>)</span></h3>
+<h3 id="manual_reseed"><span class="permalink"><a href="#manual_reseed">
+{% trans %}How do I reseed manually?{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
An I2P router only needs to be seeded once, to join the network for the first
time. Reseeding involves fetching multiple "RouterInfo" files (bundled into a
@@ -792,7 +652,7 @@ a reseed file if you can not verify its source.
<li>{% trans filename='i2preseed.zip' %}Select the {{ filename }} file{% endtrans %}</li>
<li>{% trans %}Click "Reseed from File"{% endtrans %}</li>
</ul>
-<p>{% trans url='http://localhost:7657/logs' %}Check the <a href="{{ url }}">log</a> for the following message:{% endtrans %}
+<p>{% trans url='http://localhost:7657/logs' %}Check the <a href="{{ url }}">log</a> for the following message:{% endtrans %}<br>
<code>Reseed got 100 router infos from file with 0 errors</code>
</p>
@@ -818,40 +678,219 @@ sparingly (< 2 per week).
<li>{% trans %}The file is valid only a few days (< 20)!{% endtrans %}</li>
</ul>
-<h3 id="compat6x">{% trans %}I'm using FreeBSD and when I start I2P I receive an error about <code>libm.so.4</code>!{% endtrans %}
-<span class="permalink">(<a href="#compat6x">{{ _('link') }}</a>)</span></h3>
+<h3 id="proxy_other"><span class="permalink"><a href="#proxy_other">
+{% trans %}How do I access IRC, BitTorrent, or other services on the regular Internet?{% endtrans %}</a></span>
+</h3>
+<p>{% trans -%}
+Unless an outproxy has been specifically set up for the service you want to connect to, this cannot be done.
+There are only three types of outproxies running right now: HTTP, HTTPS, and email. Note that there is no SOCKS outproxy.
+If this type of service is required, we recommend that you use Tor.
-{% trans %}When trying to start the router using "i2prouter start", you may see output like the following:{% endtrans %}<br />
-<code> $ ./i2prouter start<br />
- Starting I2P Service...<br />
- /libexec/ld-elf.so.1: Shared object "libm.so.4" not found, required by "i2psvc"
-</code>
-<p>{% trans %}
-In order to be inclusive and try to ensure that I2P will run on as many systems
-as possible, up until I2P 0.8.9 we used a <a href="http://wrapper.tanukisoftware.com/">java wrapper</a>
-compiled for FreeBSD 6.x. If you're receiving this error you most likely are missing the necessary compatibility libraries.
-These libraries may be installed by performing the following steps:
+Please be aware that the Tor project <a href="https://blog.torproject.org/bittorrent-over-tor-isnt-good-idea">recommends against using BitTorrent over Tor</a>,
+as there are serious anonymity-related issues associated with doing so.
{%- endtrans %}</p>
+
+<h3 id="https"><span class="permalink"><a href="#https">
+{% trans %}I can't access https:// or ftp:// sites through I2P.{% endtrans %}</a></span>
+</h3>
<ul>
- <li>
-{% trans %}Switch to the root user with <code>su</code> or log in as <code>root</code>.{% endtrans %}
+ <li> <b>HTTPS</b><br>
+ {% trans -%}
+ Within I2P, there is no requirement to use HTTPS.
+ All traffic is encrypted end-to-end, any further encryption, e.g. with the use of HTTPS, doesn't create any further anonymity-related benefits.
+
+ However, if one would like to use HTTPS or has a requirement to do so, the existing default I2P HTTP Proxy has support for HTTPS traffic.
+ Any hidden service operator would have to specifically set up and enable HTTPS access.
+ {%- endtrans %}
</li>
- <li><code>cd /usr/ports/misc/compat6x</code></li>
- <li><code>make install</code></li>
+ <li> <b>FTP</b><br>
+ {% trans -%}
+ FTP is not supported for technical reasons.
+
+ There are no FTP "outproxies" to the Internet—it may not even be possible to set up one.
+ Any other kind of outproxy may work if it's set up with a standard tunnel.
+ If you would like to set up some type of outproxy, carefully research the potential risks.
+ The I2P community may or may not be able to help with the technical aspects, feel free to ask.
+
+ As explained several times above, any existing outproxy isn't a core part of the network.
+ They are services run by individuals and they may or may not be operational at any given time.
+ {%- endtrans %}
+ </li>
+</ul>
+
+<h2>Troubleshooting</h2>
+
+<h3 id="cpu"><span class="permalink"><a href="#cpu">
+{% trans %}My router is using a large amount of CPU, what can I do about this?{% endtrans %} </a></span></h3>
+<p>{% trans -%}
+There are many possible causes of high CPU usage. Here is a checklist:
+{%- endtrans %}</p>
+<ul>
+<li>
+ <b>{% trans -%}Java Runtime Environment{%- endtrans %}</b><br>
+{% trans -%}Try to use either OpenJDK or Sun/Oracle Java if it's available for your system.
+You can check which version of java you have installed by typing <code>java -version</code> at a command/shell prompt.
+Performance tends to suffer with other implementations of java.{%- endtrans %}
+</li>
+<li>
+ <b>{% trans -%}File sharing applications, e.g. BitTorrent{%- endtrans %}</b><br>
+{% trans -%}
+Are you running a BitTorrent client over I2P? Try reducing the number of torrents, the bandwidth limits,
+or try turning it off completely to see if that helps.
+{%- endtrans %}
+</li>
+<li>
+ <b>{% trans -%}High bandwidth settings{%- endtrans %}</b><br>
+{% trans -%}
+Are your bandwidth limits set too high? It is possible that too much traffic is going through your I2P router and it is overloaded.
+Try reducing the setting for <em>share bandwidth percentage</em> on the <a href="http://localhost:7657/config">configuration</a> page.
+{%- endtrans %}</li>
+<li>
+ <b>{% trans -%}I2P Version{%- endtrans %}</b><br>
+{% trans -%}
+Make sure that you're running the latest version of I2P to get the benefits of increased performance and bug fixes.
+{%- endtrans %}
+</li>
+<li>
+ <b>{% trans -%}Memory allocation{%- endtrans %}</b><br>
+{% trans -%}
+Has enough memory been set aside for use by I2P? Look at the memory graph on <a href="http://localhost:7657/graphs">the graphs page</a>
+to see if the memory usage is "pegged"—the JVM is spending most of its time in garbage collection.
+Increase the setting <code>wrapper.java.maxmemory</code> in the file <code>wrapper.config</code>.
+{%- endtrans %}
+</li>
+<li>
+ <b>{% trans -%}Bursts of high-usage vs. constant 100% usage{%- endtrans %}</b><br>
+{% trans -%}
+Is the CPU usage simply higher than you would like, or is it pegged at 100% for a long time?
+If it is pegged, this could be a bug. Look in the logs for clues.
+{%- endtrans %}
+</li>
+<li>
+ <b>{% trans -%}Java-related{%- endtrans %}</b><br>
+{% trans jbigi=site_url('misc/jbigi') -%}
+You may be using the Java-based BigInteger library instead of the native version, especially if you are running on a new or unusual OS or hardware (OpenSolaris, mipsel, etc.).
+See the <a href="{{ jbigi }}">jbigi page</a> for instructions on diagnosing, building, and testing methods.
+{%- endtrans %}
+</li>
+<li>
+ <b>{% trans -%}Participating tunnels{%- endtrans %}</b><br>
+{% trans -%}
+If your native jbigi library is working fine, the biggest user of CPU may be routing traffic for participating tunnels.
+This uses CPU because at each hop a layer of encryption must be decoded. You can limit participating traffic in two ways -
+by reducing the share bandwidth on the <a href="http://localhost:7657/confignet.jsp">confignet</a> page,
+or by setting <tt>router.maxParticipatingTunnels=nnn</tt> on the <a href="http://localhost:7657/configadvanced.jsp">configadvanced</a> page.
+{%- endtrans %}
+</li>
</ul>
-<p>{% trans manualwrapper=site_url('misc/manual-wrapper') -%}
-If you cannot install these compatibility libraries (or do not want to), other
-possibilities would be to compile the wrapper for <a href="{{ manualwrapper }}">your
-system</a>, starting I2P with the <code>runplain.sh</code> script, or you can
-replace the wrapper with one from the source tarball.
+<h3 id="reseed"><span class="permalink"><a href="#reseed">
+{% trans %}My router has been up for several minutes and has zero or very few connections{% endtrans %}
+</a></span></h3>
+<p>{% trans -%}
+New installations of I2P carry out the reseeding process automatically, as well as when the number of known peers falls to a drastically low value.
+If you need to carry out a reseed of your router, please see the <a href="#manual_reseed">reseed instructions</a>.
+{%- endtrans %}</p>
+
+<h3 id="peers"><span class="permalink"><a href="#peers">
+{% trans %}My router has very few active peers, is this OK?{% endtrans %}</a></span>
+</h3>
+<p>{% trans -%}
+If your router has 10 or more active peers, everything is fine.
+The router should maintain connections to a few peers at all times.
+The best way to stay "better-connected" to the network is to share more bandwidth.
+The amount of bandwidth that is shared by the router can be changed on the configuration page:
+ <a href="http://localhost:7657/config">http://localhost:7657/config</a>
+{%- endtrans %}</p>
+
+<h3 id="vary"><span class="permalink"><a href="#vary">
+{% trans %}My active peers / known peers / participating tunnels / connections / bandwidth vary dramatically over time! Is anything wrong?{% endtrans %}</a></span>
+</h3>
+<p>{% trans -%}
+No, there isn't anything wrong.
+This is normal behavior.
+All routers adjust dynamically to changing network conditions and demands.
+Routers come online and go offline depending on whether the system it is installed on is operational or not, as well as whether there is an available network connection.
+Your router is constantly updating its local Network Database.
+Tunnels which your router is participating in expire every 10 minutes and may or may not be rebuilt through your router.
+{%- endtrans %}</p>
+
+<h3 id="slow"><span class="permalink"><a href="#slow">
+{% trans %}What makes downloads, torrents, web browsing, and everything else slower on I2P as compared to the regular internet?{% endtrans %}</a></span>
+</h3>
+<p>{% trans -%}
+The encryption and routing within the I2P network adds a substantial amount of overhead and limits bandwidth.
+
+We can try to clarify this with the aid of a diagram:
+{%- endtrans %}</p>
+
+<img src="/_static/images/i2p_traffic_path.jpg">
+
+<p>{% trans -%}
+In this diagram, the path that some I2P traffic takes as it travels through the network is traced.
+A user's I2P router is denoted by the box labeled 'A' and an I2P Hidden Service (for example, the http://stats.i2p website) is labelled as 'B'.
+Both the client and the server are using 3-hop tunnels, these hops are represented by the boxes labelled 'P', 'Q', 'R', 'X', 'Y', 'Z', 'P_1', 'Q_1', 'R'_1, 'X_1', 'Y_1' and 'Z_1'.
{%- endtrans %}</p>
+
<p>{% trans -%}
-For the 0.8.9 release of I2P, the wrapper was upgraded to v3.5.12 and compiled on systems running FreeBSD 7.2.
+The boxes labelled 'P', 'Q' and 'R' represent an outbound tunnel for A while the boxes labelled 'X_1', 'Y_1', 'Z_1' represent an outbound tunnel for 'B'.
+Similarly, the boxes labelled 'X', 'Y' and 'Z' represent and inbound tunnel for 'B' while the boxes labelled 'P_1', 'Q_1' and 'R_1' represent an inbound tunnel for 'A'.
+The arrows in between the boxes show the direction of traffic.
+The text above and below the arrows detail some example bandwidth between a pair of hops as well as example latencies.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+When both client and server are using 3-hop tunnels throughout, a total of 12 other I2P routers are involved in relaying traffic.
+6 peers relay traffic from the client to the server which is split into a 3-hop outbound tunnel from 'A' ('P', 'Q', 'R') and a 3-hop inbound tunnel to 'B' ('X', 'Y', 'Z').
+Similarly, 6 peers relay traffic from the server to back to the client.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+First, we can consider latency - the time that it takes for a request from a client to traverse the I2P network, reach the the server and traverse back to the client.
+Adding up all latencies we see that:
+{%- endtrans %}</p>
+
+<code>
+<pre>
+ 40 + 100 + 20 + 60 + 80 + 10 + 30 ms (client to server)
+ + 60 + 40 + 80 + 60 + 100 + 20 + 40 ms (server to client)
+ -----------------------------------
+ TOTAL: 740 ms
+</pre>
+</code>
+
+<p>{% trans -%}
+The total round-trip time in our example adds up to 740 ms - certainly much higher than what one would normally see while browsing regular internet websites.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+Second, we can consider available bandwidth.
+This is determined through the slowest link between hops from the client and server as well as when traffic is being transmitted by the server to the client.
+For traffic going from the client to the server, we see that the available bandwidth in our example between hops 'R' & 'X' as well as hops 'X' & 'Y' is 32 KB/s.
+Despite higher available bandwidth between the other hops, these hops will act as a bottleneck and will limit the maximum available bandwidth for traffic from 'A' to 'B' at 32 KB/s.
+Similarly, tracing the path from server to client shows that there is maximum bandwidth of 64 KB/s - between hops 'Z_1' & 'Y_1, 'Y_1' & 'X_1' and 'Q_1' & 'P_1'.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+We recommend increasing your bandwidth limits.
+This helps the network by increasing the amount of available bandwidth which will in turn improve your I2P experience.
+Bandwidth settings are located on the <a href="http://localhost:7657/config">http://localhost:7657/config</a> page.
+Please be aware of your internet connection's limits as determined by your ISP, and adjust your settings accordingly.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+We also recommend setting a sufficient amount of shared bandwidth - this allows for participating tunnels to be routed through your I2P router.
+Allowing participating traffic keeps your router well-integrated in the network and improves your transfer speeds.
+{%- endtrans %}</p>
+
+<p>{% trans downloadslist=get_url('downloads_list') -%}
+I2P is a work in progress. Lots of improvements and fixes are being implemented, and, generally speaking, running the latest release will help your performance.
+If you haven't, <a href="{{ downloadslist }}">install the latest release</a>.
{%- endtrans %}</p>
-<h3 id="protocolfamily">{% trans %}In <code>wrapper.log</code> I see an error that states "<code>Protocol family unavailable</code>" when loading the Router Console{% endtrans %}
-<span class="permalink">(<a href="#protocolfamily">{{ _('link') }}</a>)</span></h3>
+<h3 id="protocolfamily"><span class="permalink"><a href="#protocolfamily">
+{% trans %}In <code>wrapper.log</code> I see an error that states "<code>Protocol family unavailable</code>" when loading the Router Console{% endtrans %}</a></span>
+</h3>
<p>{% trans -%}
Often this error will occur with any network enabled java software on some systems that are configured to use IPv6 by default. There are a few ways to solve this:
{%- endtrans %}</p>
@@ -877,21 +916,71 @@ router console will NOT reread this file! You must
click <em>Shutdown</em>, wait 11 minutes, then start I2P.
{%- endtrans %}</p>
-<h3 id="java">{% trans %}Is installing Java required to use I2P?{% endtrans %}
-<span class="permalink">(<a href="#java">{{ _('link') }}</a>)</span></h3>
-<p>{% trans alt=site_url('about/alternative-clients') -%}
-While the main I2P client implementation requires Java, there are several
-<a href="{{ alt }}">alternative clients</a> which don't require Java.
+<h3 id="down"><span class="permalink"><a href="#down">
+{% trans %}Most of the eepsites within I2P are down?{% endtrans %}</a></span>
+</h3>
+<p>{% trans eepstatus='http://'+i2pconv('identiguy.i2p') -%}
+If you consider every eepsite that has ever been created, yes, most of them are down.
+People and eepsites come and go.
+A good way to get started in I2P is check out a list of eepsites that are currently up.
+<a href="{{ eepstatus }}">{{ eepstatus }}</a> tracks active eepsites.
{%- endtrans %}</p>
+<h3 id="port32000"><span class="permalink"><a href="#port32000">
+{% trans %}Why is I2P listening on port 32000?{% endtrans %}</a></span>
+</h3>
+<p>{% trans -%}
+The Tanuki java service wrapper that we use opens this port —bound to localhost— in order to communicate with software running inside the JVM.
+When the JVM is launched it is given a key so it can connect to the wrapper.
+After the JVM establishes its connection to the wrapper, the wrapper refuses any additional connections.
+{%- endtrans %}</p>
+<p>{% trans -%}
+More information can be found in the <a href="http://wrapper.tanukisoftware.com/doc/english/prop-port.html">wrapper documentation</a>.
+{%- endtrans %}</p>
+
+<h3 id="bug"><span class="permalink"><a href="#bug">
+{% trans %}I think I found a bug, where can I report it?{% endtrans %}</a></span></h3>
+
+<p>{% trans -%}
+You may report any bugs/issues that you encounter on our bugtracker, which is available over both clearnet and I2P.
+We have a discussion forum, also available on I2P and clearnet. You can join our IRC channel as well:
+either through our IRC network, IRC2P, or on Freenode.{%- endtrans %}</p>
+
+<ul>
+<li>{% trans -%}Our Bugtracker:{%- endtrans %}
+ <ul>
+ <li>{% trans -%}Clearnet:{%- endtrans %} <a href="https://trac.i2p2.de/report/1">https://trac.i2p2.de/report/1</a></li>
+ <li>{% trans -%}On I2P:{%- endtrans %} <a href="http://trac.i2p2.i2p/report/1">http://trac.i2p2.i2p/report/1</a></li>
+ </ul>
+<li>{% trans -%}Our forums:{%- endtrans %} <a href="http://{{ i2pconv('i2pforum.i2p') }}/">{{ i2pconv('i2pforum.i2p') }}</a></li>
+<li>{% trans -%}You may paste any interesting logs to a paste service such as the clearnet services listed on the
+ <a href="https://github.com/PrivateBin/PrivateBin/wiki/PrivateBin-Directory">PrivateBin Wiki</a>, or an I2P paste service such as this
+ <a href="http://paste.crypthost.i2p">PrivateBin instance</a> or this
+ <a href="http://pasta-nojs.i2p">Javascript-free paste service</a> and follow up on IRC in #i2p<{%- endtrans %}/li>
+<li>{% trans -%}
+Join #i2p-dev Discuss with the developers on IRC
+{%- endtrans %}</li></ul>
+
+<p>{% trans -%}
+Please include relevant information from the router logs page which is available at:
+<a href="http://127.0.0.1:7657/logs">http://127.0.0.1:7657/logs</a>.
+We request that you share all of the text under the 'I2P Version and Running Environment'
+section as well as any errors or warnings displayed in the various logs displayed on the page.
+{%- endtrans %}</p>
+
+
<hr />
-<h3 id="question">{% trans %}I have a question!{% endtrans %}
-<span class="permalink">(<a href="#question">{{ _('link') }}</a>)</span></h3>
-<p>{% trans forum=i2pconv('forum.i2p') -%}
-Great! Find us on IRC irc.freenode.net #i2p or post to
-the <a href="http://{{ forum }}/">forum</a> and we'll post it here (with
-the answer, hopefully).
+<h3 id="question"><span class="permalink"><a href="#question">
+{% trans %}I have a question!{% endtrans %}</a></span>
+</h3>
+<p>{% trans forum=i2pconv('i2pforum.i2p') -%}
+Great! Find us on IRC:
+<ul>
+ <li>on <code>irc.freenode.net</code> channel <code>#i2p</code></li>
+ <li>on <code>IRC2P</code> channel <code>#i2p</code></li>
+</ul>
+or post to <a href="http://{{ forum }}/">the forum</a> and we'll post it here (with the answer, hopefully).
{%- endtrans %}</p>
{% endblock %}
diff --git a/i2p2www/static/images/i2p_traffic_path.jpg b/i2p2www/static/images/i2p_traffic_path.jpg
new file mode 100644
index 0000000000000000000000000000000000000000..e0e8584de1058f251b9b7b15436997b48592d537
Binary files /dev/null and b/i2p2www/static/images/i2p_traffic_path.jpg differ