freenode irc over tor (using hexchat)

I thought IRC is stable technology and easy to use in a privacy friendly way. Turns out this assumption is wrong. Here's what I needed to do to get me set up for chatting on freenode over a TOR secured connection:

  • install hexchat

    sudo apt-get install hexchat

  • start hexchat

  • enter nick-names
  • select freenode from the list
  • click edit
  • select: servers: irc.freenode.net
  • select: connect to select server only
  • select: use ssl for the servers on this network
  • select: login method: sasl external (cert)
  • click close
  • click connect

  • register a freenode account:

    /msg nickserv register your_password your_email_address
  • Wait for an email containing an irc-command to verify your account. Copy and paste that command to hexchat

  • restart hexchat, login with auth method: username+password

  • create sasl cert and display fingerprint

    mkdir -p ~/.config/hexchat/certs
    openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout ~/.config/hexchat/certs/client.pem -out ~/.config/hexchat/certs/client.pem
    chmod 600 .config/hexchat/certs/client.pem
  • add fingerprint to freenode account

    /msg nickserv CERT ADD
  • open: settings > preferences > network setup and enter tor proxy
    (defaults to host: port: 9050 type: socks5)

  • restart hexchat and edit freenode network settings

  • change login method to sasl external
  • use the add button to add following domain name as server: freenodeok2gncmy.onion

  • click: close

  • click: connect

Took my quite a while to figure out what I actually needed to do to get this working. Frankly it feels like a waste when configuration a chat client takes a couple of hours. At least it works now, so see you on freenet eventually.


written by uniq on 2017-01-27