If a man will begin with certainties, he shall end in doubts; but if he will be content to begin with doubts, he shall end in certainties.
F. Bacon , The Advancement Of Learning - 1605 A.D.
I have a really slow ADSL connection but it’s enough to share some bandwidth. Since I’m a strong supporter of privacy, the least I could do - especially now that I’m leaving the place for the summer - was to setup a TOR Relay server. I would love to see more relay servers all over the place. TOR is considerably faster than a couple of years ago for browsing, IRC and other low-bandwith operations. That’s very encouraging.
Since I run a 3350MX box as a home Gentoo server, I just emerged tor, privoxy and g-cpan in order to be able to access Freenode through a “torified” irssi client.
sudo ACCEPT_KEYWORDS="perl ipv6" emerge tor torsocks privoxy irssi g-cpan
Just add this line your torrc
, after you do your relay or single tor server configuration:
mapaddress 10.40.40.40 p4fsi4ockecnea7l.onion
It’s good to configure also tor-tsocks.conf
file in the /etc/tor
directory. Then we add the following line to /etc/privoxy/config
:
forward-socks4a / 10.0.0.4:9050 .
Then change the configuration at /etc/torsocks.conf
to match your network setup. At this point we must emerge some perl CPAN libraries. These are going to be used by irssi SASL script. In theory this step could be made using directly the CPAN manager like:
cpan> install Crypt::Blowfish Crypt::DH Crypt::OpenSSL::Bignum Math::BigInt Math::BigInt::FastCalc Math::BigInt::GMP
However this approach created a myriad of problems to me. It stalled too many times and was not able to compile successfully the Math::FastCalc library. We need this library for faster calculations, since we’re going to encrypt/decrypt packets. Anyway, under Gentoo the approach that worked flawlessly is the following:
g-cpan -iv Crypt::Blowfish Crypt::DH Crypt::OpenSSL::Bignum Math::BigInt Math::BigInt::FastCalc Math::BigInt::GMP
Now we need to configure irssi client. First grab the Freenode SASL perl script. Install it under ~/.irssi/scripts/autorun
like:
mkdir -p ~/.irssi/scripts/autorun && cd ~/.irssi/scripts/autorun && wget http://freenode.net/sasl/cap_sasl.pl
Now we just need to add some configuration to irssi. Start irssi preferably on screen -U
session and run it like:
torify irssi
Now if you see any complaints about ‘cap_sasl.pl’ script then, you need to check the perl installation, make sure that irssi has been compiled with perl support, that the above mentioned libraries are installed etc. If you see no messages then everything is fine. Now let’s configure Freenode and SASL auth:
/network add Freenode
/server add -auto -network Freenode p4fsi4ockecnea7l.onion 6669
/sasl set Freenode <primary-nick> <password> DH-BLOWFISH
/sasl save
/save
Now you should be all setup :-). We don’t need SSL connection because TOR hidden services are encrypted tunnels, so it would be redundant to use SSL upon hidden services.
Enjoy Freenode anonymity!! You might encounter a bit of lag, usually is something like 4-5 seconds. It’s the current cost of cloak-ed host on IRC but pays well :-)