Skip to content

muc111/i2p-ephemeral

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

i2p-ephemeral

An ephemeral I2P proxy daemon written in Rust, designed to run on Android via Termux.

Each unique .i2p destination you visit receives a fresh EdDSA (Sig=7) identity and keypair via the I2P SAM bridge. The identity is cached and reused for all subsequent requests to that same site during your browsing session. After 300 seconds of inactivity, the session is destroyed and keys are wiped—ensuring no persistent identity is linkable across different sites.

Why per‑destination instead of per‑request?

Earlier versions created a new tunnel for every single HTTP request (images, CSS, scripts), which risked flooding the I2P network with excessive tunnel builds. The current per‑destination caching approach:

  • Builds one tunnel per website (e.g., forum.i2p), reused for all assets on that page.
  • Maintains strong cross‑site unlinkability (different sites see different identities).
  • Dramatically reduces network overhead and respects I2P's shared infrastructure.

How it works


Browser -> 127.0.0.1:8080 -> i2p-ephemeral -> SAM bridge -> .i2p destination
  • First request to a .i2p domain: generates a new transient EdDSA identity via SAM.
  • Subsequent requests to the same domain reuse the cached session (no new tunnel build).
  • Idle sessions are automatically destroyed after 300 seconds (configurable) and keys are wiped.
  • Up to 20 concurrent cached sessions (LRU eviction) and 10 simultaneous connections.
  • Throttles requests (500ms delay) to prevent accidental bursts.

Requirements

  • Termux on Android
  • I2P router running with SAM bridge enabled (default 127.0.0.1:7656)
  • Rust toolchain: pkg install rust

Build

cargo build --release

Run

./target/release/i2p-ephemeral

Set your browser's HTTP proxy to 127.0.0.1:8080 and browse .i2p sites normally.

Privacy & Network Impact

Property Status Fresh identity per destination Yes No persistent keypair on disk Yes Keys wiped after idle timeout Yes (300s) No cross‑site linkability Yes EdDSA Sig=7 (I2P standard) Yes Network‑friendly (per‑site tunnels) Yes

Configuration

Adjust the following constants in src/main.rs to suit your needs:

Constant Default Description SESSION_IDLE_TIMEOUT_SECS 300 Seconds before an unused session is evicted MAX_CACHED_SESSIONS 20 Maximum number of distinct sites cached MAX_CONCURRENT 10 Maximum simultaneous client connections REQUEST_THROTTLE_MS 500 Delay between accepting connections

Rebuild after changes:

cargo build --release

Dependencies

Crate Purpose yosemite I2P SAM bridge client tokio Async runtime anyhow Error handling rand Identity name generation dashmap Concurrent session cache tracing Structured logging

License

MIT

About

Ephemeral I2P proxy daemon — fresh EdDSA identity and keys per request, runs in Termux, proxy via 127.0.0.1:8080

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages