Open soakes opened 6 years ago
@christeld we should potentially look at making this mergeable?
On OpenBSD the second command needs to changed from "sha1sum" to "sha1" because there is no "sha1sum" package/port.
echo "/msg NickServ CERT ADD $(openssl x509 -in freenode.pem -outform der | sha1 -b | cut -d' ' -f1)"
Reference: https://man.openbsd.org/sha1#b
Also: chown username:username -R ~/.irssi/certs
needs to be changed to: chown -R username:username ~/.irssi/certs
I have not tested/adopted/modified anything beyond the /server
command as I came here for the SASL configuration hints! :-)
I will report with more updates if I test TOR and convert the bash script to ksh for OpenBSD compatibility.
It's probably easier to just connect with the certificate and run /msg NickServ CERT ADD
, which defaults to the certificate fingerprint currently used, fwiw. That also ensures the certificate is properly used by the client.
I created a docker version a few months ago which I forgot to add here. This might be helpful to some people. This is heavily optimized with compiled versions of tor for added speed.
https://hub.docker.com/r/netspeedy/tor-znc/
Sources will be sorted/online when I get a few minutes as its all in my private repos right now.
and fill in details as it prompts you
-subj "/CN=yournicknamehere"
is all you need
On OpenBSD the second command needs to changed from "sha1sum" to "sha1" because there is no "sha1sum" package/port.
Why not use openssl sha1
, or in fact openssl x509 ... -noout -fingerprint -sha1
?
@svbeon Agreed! Would you or @soakes like to make a PR to that effect? :)
By all means :) and adjust it to suite. The main reason why I did this originally was that of the lack of information (in one place) to build a successful config. I'm glad others have found it useful.
This is a quick walkthrough on how to setup TOR support with SASL on freenode network as I was asked by kline from the #freenode channel as I set mine up earlier this evening.
I was going to type out the full walkthrough but I thought it probably would be easier for most people if I made a quick simple script which gives the process.
This script has only been tested using Debain 8 but it will install and configure tor with proxychains support so that it can be used to connect to freenode IRC.
It should work with other versions but thats untested. I have added in a few simple checks to make sure its not run twice or if tor is already installed. It also does a very quick simple check to see if its debian based.
Please note, that you MUST configure SASL certs manually for whatever client your using, but the steps below are what you generally will need to create SASL certs no matter what distro you use.
openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1000 -nodes -out freenode.pem -keyout freenode.pem
echo "/msg NickServ CERT ADD $(openssl x509 -in freenode.pem -outform der | sha1sum -b | cut -d' ' -f1)"
The easiest way I found was to use IRSSI client and that was to use the following command(s) to test SASL connectivity..
Type the following into your shell which runs IRSSI...
Type the following into IRC client window (IRSSI):
/server add -auto -ssl -ssl_cert ~/.irssi/certs/freenode.pem -network freenode chat.freenode.net 6697
Please replace username with your username which runs your IRSSI client
Beware if you hit the BUG and it wont connect due to SSL error with IRSSI, make sure the PORT is set to 6697 not 6667 as some versions seems to ignore what you type in.
See references links to find the exact BUG/FIX for more help.
Once/If SASL is now connecting with your IRC client, its time to run this script which will setup and configure tor and proxychains for you. Please remember that this script is designed to be used on Debian systems and has only been tested on Debian 8 due to its what my ZNC VM was already running.
I have setup the script to BIND the onion TOR hidden service address to be 127.0.0.2, this shouldn't need adjusting but your network may very.
On your IRC client, after this setup has been completed, you will need to change the connecting server address for IRC from chat.freenode.org to 127.0.0.2 +7000
This above address is what proxychains is using/redirecting though TOR. If you don't use this address, you wont be using TOR. So if your connection still shows that your not connecting via TOR, please make sure you have updated your clients server connection info.
Please take note that even if your not running Debian 8, no matter what your distro is, the steps are mostly the same.
Final note, it will take a few minutes to get a connection as some TOR nodes don't seem to allow IRC, just wait, it will connect as long as SASL is working.
References: https://wiki.znc.in/Tor https://freenode.net/news/tor-online https://freenode.net/kb/answer/certfp https://bbs.archlinux.org/viewtopic.php?id=210315
OUTPUT SAMPLE
SCRIPT
Everyone is welcome to use/adapt/improve the script. I have not added any license to it as I really have little clue what to use, so use whatever you wish. If you wish you credit me, just stick it as majestic on freenode IRC.
p.s. when I get more time, will improve script and or switch the script to ansible and support multi distos which would be better.