Router configuration
emissary-cli can be configured in two ways: either through a router configuration file (router.toml) or via command-line arguments. Command line arguments override options specified in the router configuration. For example, if router.toml specifies allow_local = false and the router is started with emissary-cli --allow-local, NTCP2 and SSU2 are able to connect to routers within a local network.
To get a full list of available command-line arguments, run emissary-cli --help.
Enabling and disabling subsystems
router.toml contains subsections such as [http-proxy], [i2cp] and [transit]. To disable a subsystem, removed or comment it out. To re-enable it, uncomment the section and restart the router.
For most subsystems, such as I2CP, SAM and transports, disabling them means that the service is not started and that routers and client applications will not able to connect to the endpoints.
Disabling [transit] means that the router is started with G caps, i.e., "rejecting all tunnels" and all inbound tunnel build requests are rejected.
[address-book] is a special case. If an address book has already been downloaded and does not need to downloaded again, default and subscriptions can be commented out while leaving [address-book] uncommented. New hosts.txt files are not downloaded when the router starts but host lookups for SAM, I2CP and HTTP proxy are still supported using the existing hosts file.
[http-proxy], [address-book], [[client-tunnels]], and [[server-tunnels]] require [sam] to be enabled for them to function.
Examples
Transit tunnels disabled, address book enabled and downloaded during start up:
# [transit]
# max_tunnels = 10_000
[address-book]
default = "http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt"
subscriptions = ["http://your-favorite-address-service.i2p/hosts.txt"]Address book, SAM and HTTP proxy disabled and I2CP enabled. Disabling address book means that .i2p host lookups are not supported and all connections must use .b32.i2p addresses:
# [address-book]
# default = "http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt"
# subscriptions = []
# [http-proxy]
# port = 4444
# host = "127.0.0.1"
# [sam]
# tcp_port = 7656
# udp_port = 7655
[i2cp]
port = 7654SAM and address book are enabled but no hosts.txt files are downloaded. SAM can resolve any .i2p host that exist in the current host file:
[address-book]
# default = "http://udhdrtrcetjm5sxzskjyr5ztpeszydbh4dpl3pl4utgqqw2v4jna.b32.i2p/hosts.txt"
# subscriptions = []
[sam]
tcp_port = 7656
udp_port = 7655NTCP2 and SSU2
WARNING
SSU2 is still in development and is not recommended for general use
[ntcp2] and [ssu2] have three fields: host, port and publish.
publish accepts true/false which tells router whether the address should be published in the router info. The router will not be able to accept any inbound connections on unpublished transports.
port specifies on which port the transport should be bound. It can be left as 0, meaning the transport will be bound to a random, OS-assigned port. This is not recommended outside of testing.
host is the public IP of your machine, i.e., the external address which other routers use to connect to your router. This can be found from your internet router's configuration page or, e.g., from https://whatismyip.com, assuming you have a static IP. You can also leave host empty and use UPnP or NAT-PMP for external address discovery, see next section for more details.
IPv6 is currently not supported for either transport.
Port forwarding, UPnP and NAT-PMP
Port forwarding should be configured for the ports specified in [ntcp2] and [ssu2], otherwise the router will have difficulties both in building tunnels and accepting transit tunnels.
emissary-cli supports both UPnP and NAT-PMP for port forwarding and external address discovery. NAT-PMP is tried first and if it's not available, UPnP is used as a fallback. If neither protocol is available, port and host used by NTCP2 and SSU2 must be mapped manually. UPnP and NAT-PMP can be disabled by commenting out the [port-forwarding] section in router.toml or with --disable-upnp and --disable-nat-pmp CLI flags.
emissary-cli supports external address discovery using UPnP and NAT-PMP so if either of them is enabled in router.toml and your internet router supports the enabled protocol(s), host in [ntcp2] and [ssu2] can be commented out.
Example
Enable both UPnP and NAT-PMP and use them for port forwarding and external address discovery:
[ntcp2]
port = 25115
publish = true
[port-forwarding]
name = "emissary"
nat_pmp = true
upnp = trueIf either UPnP or NAT-PMP is supported, emissary-cli creates a mapping for port 25515 and publishes a router info with the external address discovered during the port mapping process.
Logging
There are 5 logging levels, ordered by verbosity: ERROR, WARN, INFO, DEBUG and TRACE.
Each subsystem in emissary has a logging target which allows enabling, disabling and adjusting the logging level of that subsystem individually. It's possible to, e.g., enable TRACE for SSU2, disable logging for NTCP2 entirely and set the logging level of the tunnel subsystem to DEBUG.
By default, INFO is enabled for all logging targets.
Examples
Enable full trace logging for all subsystems:
emissary-cli -lemissary=traceSet default logging level to WARN, enable DEBUG for the tunnel subsystem and TRACE for NTCP2 and SSU2:
emissary-cli -lemissary=warn,emissary::tunnel=debug,emissary::ntcp2,emissary::ssu2=traceEnable TRACE for transit tunnels and turn off tunnel pool-related logging:
emissary-cli -lemissary::tunnel::transit=trace,emissary::tunnel::pool=offemissary has support for three logging presets which are just a shorthand for enabling/disabling several subsystems. All these turn off logging for emissary::tunnel::pool.
i2cp- enable
TRACEfor all I2CP-related subsystems
- enable
sam- enable
TRACEfor all SAM-related subsystems, includingyosemite
- enable
transit- enable
TRACEfor transit tunnels andDEBUGfor transport manager
- enable
Start emissary with full TRACE-level logging for SAM and related subsystems:
emissary-cli -lsamAll logging targets
emissaryemissary::address-bookemissary::client-tunnelemissary::destinationemissary::destination::lease-setemissary::destination::routing-pathemissary::destination::sessionemissary::destination::session::contextemissary::destination::session::inboundemissary::destination::session::outbound
emissary::i2cpemissary::i2cp::messageemissary::i2cp::pending-sessionemissary::i2cp::sessionemissary::i2cp::socket
emissary::i2npemissary::netdbemissary::netdb::k-bucketemissary::netdb::routing-table
emissary::ntcp2emissary::ntcp2::activeemissary::ntcp2::initiatoremissary::ntcp2::messageemissary::ntcp2::responderemissary::ntcp2::session
emissary::port-mapperemissary::port-mapper::nat-pmpemissary::port-mapper::upnp
emissary::primitivesemissary::profileemissary::proxy::httpemissary::reseederemissary::routeremissary::router-storageemissary::runtime::async-stdemissary::runtime::tokioemissary::samemissary::sam::parseremissary::sam::pending::connectionemissary::sam::pending::sessionemissary::sam::sessionemissary::sam::socket
emissary::server-tunnelemissary::ssu2emissary::ssu2::messageemissary::ssu2::session::activeemissary::ssu2::session::active::duplicate-filteremissary::ssu2::session::inboundemissary::ssu2::session::outboundemissary::ssu2::session::terminatingemissary::ssu2::socket
emissary::streamingemissary::streaming::activeemissary::streaming::listeneremissary::streaming::pending
emissary::su3emissary::subsystememissary::transport-manageremissary::tunnelemissary::tunnel::contextemissary::tunnel::garlicemissary::tunnel::ibepemissary::tunnel::noiseemissary::tunnel::obgwemissary::tunnel::pendingemissary::tunnel::poolemissary::tunnel::pool::listeneremissary::tunnel::pool::zero-hop
emissary::tunnel::routing-tableemissary::tunnel::selectoremissary::tunnel::transitemissary::tunnel::transit::ibgwemissary::tunnel::transit::obepemissary::tunnel::transit::participant