Hi, Recently my main IRC bounce went down and I decided to redo things. I'd like to help save people some time and also to give some advice for people who want to use irssi or similar clients to connect to the Tor development channels.
Basically using Tor and irssi is intolerable - it doesn't work with privoxy chained to Tor if you want to use SSL/TLS. As far as I can tell, it's not possible to use any SOCKS proxy safely if at all without major pain. torsocks doesn't work for reasons that I can't easily debug and so I took the kernel filter path... I've found that the best thing to do on Gnu/Linux like platforms for use with irssi is as follows: # install Tor and configure it to have a TransPort and a DNSPort # add this to /etc/tor/torrc TransPort 9040 DNSPort 5353 # Add a user adduser --system --disable-login ircuser # https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy # Add a firewall rule for Transparent proxy iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner ircuser -m tcp --syn -j REDIRECT --to-ports 9040 iptables -t nat -A OUTPUT -p udp -m owner --uid-owner ircuser -m udp --dport 53 -j REDIRECT --to-ports 5353 iptables -t nat -A OUTPUT -m owner --uid-owner ircuser -j DROP # You may want to use a different set of rules depending on iptables versions, etc # Now add this to your /home/ircuser/.irrsi/config file: servers = ( { address = "irc.oftc.net"; chatnet = "OFTC"; port = "6697"; use_ssl = "yes"; ssl_verify = "yes"; ssl_cafile = "~/.irssi/certs/CAs.pem"; autoconnect = "yes"; autosendcmd = "/msg NickServ IDENTIFY you-user-name-here PASSWORD"; } ); chatnets = { OFTC = { type = "IRC"; max_kicks = "1"; max_msgs = "3"; max_whois = "30"; }; }; channels = ( { name = "#tor-dev"; chatnet = "OFTC"; autojoin = "Yes"; }, { name = "#tor"; chatnet = "OFTC"; autojoin = "Yes"; }, { name = "#nottor"; chatnet = "OFTC"; autojoin = "Yes"; } ); settings = { core = { real_name = "you-user-name-here"; user_name = "you-user-name-here"; nick = "you-user-name-here"; }; "fe-text" = { actlist_sort = "refnum"; }; }; ignores = ( { level = "CTCPS"; } ); Now ensure you have the right SSL CA by following these directions: http://www.oftc.net/oftc/NickServ/CertFP You should be good to go - just switch to your irc user and you'll have a torified irc client with SSL/TLS support. All the best, Jacob _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
