I2p upgrade from 0.9.38-0-3.1 to 0.9.49 and installing i2pbote plugin

Summary
Is an upgrade for i2p to 0.9.48 in the works?

Problem
Just bought a FreedomBox and trying to setup i2pBote.
I downloaded the latest i2pbote.su3 file mhatta’s site and installed his certificate, but installing the plugin fails because i2p needs to be version 0.9.48 but is only 0.9.38

Solution
The geti2p website has an i2pupdate_0.9.48.zip which it says should be copies to the i2p installation directory (/usr/share/i2p) and renamed to i2pupdate.zip which should then get automatically applied upon restarting the i2prouter. So gave it a try but didn’t work. Apparently default FreedomBox did not come with “unzip” installed so I then installed via “apt install unzip”. Restarted i2prouter but it was still running version 0.9.38 instead of 0.9.48. Checking logfile:

Blockquote
2021/01/23 15:40:54 | Launching a JVM…
2021/01/23 15:40:56 | WrapperManager: Initializing…
2021/01/23 15:40:59 | Starting I2P 0.9.48-0
2021/01/23 15:41:00 | ERROR: No write permissions on /usr/share/i2p to extract software update file
2021/01/23 15:41:05 | INFO: Locally optimized native BigInteger library loaded from file
2021/01/23 15:42:27 | WARNING: An illegal reflective access operation has occurred
2021/01/23 15:42:27 | WARNING: Illegal reflective access by net.i2p.util.FileUtil (file:/usr/share/i2p/lib/i2p.jar) to method com.sun.java.util.jar.pack.UnpackerImpl.unpack(java.io.InputStream,java.util.jar.JarOutputStream)
2021/01/23 15:42:27 | WARNING: Please consider reporting this to the maintainers of net.i2p.util.FileUtil

Looks like i2psvc runs with uid=114 and gid=119 but /usr/share/i2p is only writeable by root.
Anyhow, I just went ahead and manually unzipped. Restarted router and it was now running updated version.

So installed mhatta’s certificate from https://people.debian.org/~mhatta/mhatta_at_mail.i2p.crt
and copied to /usr/share/i2p/certificates/plugin/
Then under “Manage Plugins” I installed the i2pbote.su3 file from https://people.debian.org/~mhatta/i2pbote.su3

i2prouter is now running i2pbote SecureEmail. Tried to create New Identiy in i2pBote but get error:

Blockquote
Jan 23, 2021, 4:32:39 PM ERROR [le Jetty-201] i2p.bote.web.CSRFLogger : potential cross-site request forgery (CSRF) attack thwarted (user:, ip:0:0:0:0:0:0:0:1, method:POST, uri:/i2pbote/submitIdentity.jsp, error:required token is missing from the request)

Not sure what’s needed to fix. Running i2prouter with i2pBote on my Ubuntu laptop works just fine with no complaints about CSRF when creating new identities or importing/exporting identities.

Screenshots/Layouts
Alternatives
Tasks

Update:
Looks like I need to tunnel from my laptop to my freedombox server and then connect to the i2prouter in my browser using localhost:7657 rather than connecting to freedombox.local.

See reddit discussion:
https://pay.reddit.com/r/i2p/comments/265la6/browsing_through_a_remote_i2p_router/cho1rsf/

So create static tunnels from localhost (laptop) to remote freedombox.local

Blockquote
ssh -f -N -L 4444:127.0.0.1:4444 -L 4445:127.0.0.1:4445 -L 7657:127.0.0.1:7657 @freedombox.local

Then change browser proxy settings to forward port 4444.
I use privoxy so have line in /etc/privoxy/config like this:

#this forwards all requests to .i2p domains to the local i2p
forward .i2p localhost:4444

Now can access i2prouter using localhost:7657 instead of freedombox.local/i2p
and creating i2pBote new identity now works.

Cannot install i2pbote plugin. Corrupt i2pbote.su3 file error message. Need I install cert first? And how? Thanks.

I’ll have to break up my answer, as this forums says that new users can put no more than 2 links in a post to prevent spamming.

There a subreddit on resurrecting i2p-Bote which I followed:

You need to download mhatta’s certificate from:
https://people.debian.org/~mhatta/mhatta_at_mail.i2p.crt

and put it in /usr/share/i2p/certificates/plugin/

then download latest i2pbote.su3 plugin from
https://people.debian.org/~mhatta/i2pbote.su3

and upload file to i2prouter running on your freedombox on the “Manage Plugins” page.
Guess you could also put in the download url for the plugin. Think I tried that but it didn’t work,
but might have been because I was accessing the i2prouter from my laptop and not from the freedombox.

In any event, you’ll need the latest version of i2p “0.9.48”. My freedombox image came installed with version 0.9.38. On the geti2pnet website there’s an update file which you can download:
https://geti2p.net/en/download/0.9.48/clearnet/https/download.i2p2.de/i2pupdate_0.9.48.zip/download

I downloaded the zipfile and copied to my freedombox. Upon rebooting the i2prouter, it was supposed to unpack the zipfile but couldn’t for 2 reasons:
the freedombox didn’t have “unzip” installed and
the i2psvc user/group didn’t have write permissions on /usr/share/i2p (owned by root.root)

So I installed “unzip” via “apt install unzip” and then manually unzipped to
/usr/share/i2p/
The installation home path is defined in /etc/i2p/wrapper.config
(BTW, your eepsite/docroot is located in /usr/share/i2p/ )
Your plugin data gets stored in /var/lib/i2p/i2p-config

Rebooted i2prouter and it then showed correct version, so then installed i2pbote.su3 plugin
by uploading i2pbote.su3 which I had previously downoaded to my laptop.

On the i2prouter page some of the clickable apps/pages expect you to be accessing the i2prouter running on localhost from a browser also running on localhost.

In my case the i2prouter was running on freedombox.local and my browser was running on my laptop.

So I created a bash script to create 3 tunnels from my laptop to the freedombox
on ports 7658, 4444, and 7657.

You’ll need these tunnels created in order to use your browser if it’s not running on the freedombox itself; otherwise, you’ll get blank pages when you click on various things for the i2prouter to do. since it expects the browser is running on localhost with the i2prouter.

$ cat ~/bin/mk_i2p_tunnels.sh

#!/bin/bash
ssh -f -N -L 7658:127.0.0.1:7658 -L 4444:127.0.0.1:4444 -L 4445:127.0.0.1:4445 -L 7657:127.0.0.1:7657 freedombox@freedombox.local

Also, I was running privoxy on my laptop (guess I could run that on the freedombox, but haven’t done so yet).

$xat /etc/privoxy/config
#############################################

forward to tor

#forward-socks5 / localhost:9050 .

forward .onion site through tor

forward-socks4a .onion localhost:9050 .

#this forwards all requests to .i2p domains to the local i2p
forward .i2p localhost:4444
#forward .i2p freedombox.local:4444

#forward GNS socks
#forward-socks5 .gnu localhost:7777
#########################################

I also needed to keep privoxy on my laptop from filtering my freedombox/_cockpit
so added this line to laptop:/etc/privoxy/user.action

{ -filter }
freedombox.local/_cockpit/

Hope this helps.

Cant install plugin… any plugin… corrupted plugin error… tried also with orchid…
Captură de ecran la 2021-01-29 00-12-09

IDK, the md5sum has of the plugin I downloaded is:

$ md5sum i2pbote.su3
77a05f1c0745ef18c82d482c9a684fe9 i2pbote.su3

md5sum is OK. Other is my problem. Cant install any plugin.

Did you install the certificate for the signer of the plugin?
I know that if the certificate isn’t installed then there’s an error message when trying to install a plugin but I don’t recall the error message.

copied to /usr/share/i2p/certificates/plugin/
dont know how to install…

That’s the correction location to put the certificate on the freedombox. There’s nothing to install.
Sorry, don’t know why you can’t install any plugins to i2p on the freedombox. I had no problem.

One last thought … when you’re managing plugins, you’re using a browser running on some device (laptop, desktop) other than the freedombox, correct?

Did you create the necessary tunnels from your browser device to the freedombox?
eg.:
ssh -f -N -L 7658:127.0.0.1:7658 -L 4444:127.0.0.1:4444 -L 4445:127.0.0.1:4445 -L 7657:127.0.0.1:7657 freedombox@freedombox.local

Some things didn’t work correctly for me when i2p is running on a different device than the browser. Once the tunnels were created from laptop browser to the freedombox i2p then things worked correctly.

Im running FreeedomBox in VM on my laptop with Artix Linux, I tried also in Artix to install plugin, same result.

A VM should still behave like a separate machine. Did you try creating the tunnels to the VM?

I created tunnels with the same result…



I run privoxy locally on laptop and i2p in VM in FreedomBox…

I see you tried installing the plugin by pasting in the URL link.
IIRC, I tried that too, unsuccessfully, so instead I downloaded the i2pbote.su3 to my laptop, then uploaded from my lapltop (Instalare din fisier) .

Did you try the second method of uploading the plugin file rather than downloading via URL?

Tried of course. I managed to install 2 other plugins: zzzot, i2psnark-rpc, so its ok, but note bote plugin.