How To use XMPP + I2P to build your own decentralized messenger

Building decentralized messenger run by users instead of corporations is definitely not new but thanks to XMPP and I2P (Invisible Internet Protocol) it’s easier than ever before. XMPP needs to have a server running with a registered domain name which is compared to P2P, not the best solution you can get but we can run our server software on a local host and use virtual I2P network for connecting with other servers.  The used .i2p address comes here in handy to ‘replace’ a real domain name, plus it gives us advanced protection against illegal dragnet surveillance.

I2P logo. Picture Source:

What we’re trying to archive?

  1. A messenger, which can be run both on end-user devices and on high-performance server infrastructure.
  2. End-user applications should be connectable like eg. desktop, mobile, web.
  3. Censorship resistance and advanced privacy protection as a bonus from using I2P.
  4. Offline message delivery, “cloud storage” for history and contacts, using one account on multiple devices. The stuff which P2P simply can’t give us.
  5. A free open source solution which can easier be inspected in order to find possible problems.
  6. You can use OTR as crypto protocol in order to provide strong encryption for your instant messaging conversations. A lot of IM’s have plugins in order to use OTR or you can download a plugin for it.


Installing the I2P client

First, you need to install i2pd, after this is done we’re going to create a server I2P tunnel which provides us with a virtual .i2p address, this address will be used in the world to reach our XMPP server.




Alternative if you like to run your messenger only on a local host, set within the webconsole the address to After every change, you need to restart i2pd.

Example address in our webconsole. Save your xxx.b32.i2p address, it will be a domain name of your own XMPP server.

Installing our XMPP server

We will use prosody as XMPP server, it is the most lightweight and has ready to use module for I2P. Installation instructions are available at official documentation, in Ubuntu or Ubuntu you can just run apt install prosody. On Windows you have to use a fork since the download binaries are no longer provided.

We need to install the mod_darknet module, which is required so that prosody could make outgoing connections with I2P Socks5 proxy. Download this file to prosody modules directory, usually, it is /usr/lib/prosody/modules.

Edit config file /etc/prosody/prosody.cfg.lua. Replace xxx.b32.i2p with your address:

interfaces = { "" };
admins = { "admin@xxx.b32.i2p" };
modules_enabled = {
"roster"; "saslauth"; "tls"; "dialback"; "disco"; "posix"; "private"; "vcard"; "register"; "admin_adhoc"; "darknet";
modules_disabled = {};
allow_registration = false;
darknet_only = true;
c2s_require_encryption = true;
s2s_secure_auth = false;
authentication = "internal_plain";

On Debian/Ubuntu
daemonize = true;
pidfile = "/var/run/prosody/";
log = {
error = "/var/log/prosody/prosody.err";
certificates = "certs";

VirtualHost "xxx.b32.i2p";
ssl = {
key = "/etc/prosody/certs/xxx.b32.i2p.key";
certificate = "/etc/prosody/certs/xxx.b32.i2p.crt";

The last step is the certificate generation by running the following:
openssl genrsa -out /etc/prosody/certs/xxx.b32.i2p.key 2048
openssl req -new -x509 -key /etc/prosody/certs/xxx.b32.i2p.key -out /etc/prosody/certs/xxx.b32.i2p.crt -days 3650
chown root:prosody /etc/prosody/certs/.b32.i2p.{key,crt}
chmod 640 /etc/prosody/certs/

You need to add then an admin account via prosodyctl adduser admin@xxx.b32.i2p and restart prosody.


  • Specify custom server address to: port 5222

Via I2P:

  • Set your remote address to: port 4447

If everything is configured correctly, you will be able add other users of I2P federation to your contacts and chat with them and you can test your setup with adding a contact and send it ‘hello’ (or whatever you like) hello@xmpp<yourID>.b32.i2p.

Closing Words

It’s not hard to setup your own XMPP server, the documentation is very detailed and you only need to change the configuration file, same goes for I2P it’s all about the configuration. Try and error if you’re beginner but I hope I explained the guide good enough to get a first start in to the XMPP and I2P world.

Windows users need alternative forks but the configuration is except the certificate genration exactly the same. They usually have a button to generate a certificate automatically.

Everything else is self explaining and you can now chat secure over I2P. If you have a PI I suggest you run your XMPP server on it, in order to avoid wasting much energy since you like to be available all the time.

Enjoy your secure chat!