Group: LibrePlanet Italia/miniguida-freenode.en

The information in this mini-guide is current as of: 14/03/2010.

Introduction

The freenode network hosts a lot of IRC channels dedicated to free software: #gnu, #fsf, #libreplanet, #lp-it, #gnewsense and many others.

From January 30, 2010 freenode has migrated their servers from from ircd to ircd-seven. This led to several changes, including the possibility of connection in a safe and anonymous way by SSL or by Tor+SASL. These two methods (alternatives to one another) offer much more privacy and security in communication and authentication than the usual connection "clear" mode.

Here below is a brief description about how to configure XChat (one of the best and most used IRC clients) to connect to freenode in different ways as possible (clear, SSL and Tor+SASL).

Prerequisites

• A 100% free GNU/Linux distribution, as is gNewSense :-)
• The XChat (> = 2.8.4) package, properly installed

  Note: In the GNU/Linux distributions which use .deb packages (as gNewSense), XChat could be installed with the command:

  $ sudo apt-get install xchat

XChat: clear connection to freenode

1. From the XChat menu, open the Networks list (Ctrl + S)
2. Click the Add button in order to create a new network and call it (with no spaces): FreeNode
3. Select the FreeNode network you just created and click on the Edit button to configure it as follows:
   • in Servers for …, click on Add and set as server:

     irc.freenode.net/8001

   • in the same section, set:

     - Connect to selected server only: do NOT check

   • in the Your Details section, enter the values for Nick name, User name and Real name
   • in the Connecting section set:

     - Auto connect …: set as desired

     - Use a proxy server: do NOT check

     - Use SSL for all the servers on this network: do NOT check

     - Accept invalid SSL certificate: do NOT check

     - Channels to join: #libreplanet, #lp-it, #gnewsense, … other channels as you like, separated by commas, no spaces…

     - Connect command: leave blank

     - Nickserv password: leave blank

     - Server password: to be set only if you are using a nickname registered and verified on freenode

     - Character set: UTF-8

The configuration of this new FreeNode network will appear in the /~.xchat2/servlist_.conf file. It will be something as:

       N=FreeNode
       I=mynickname
       U=mynickname
       R=mynickname
       P=mypassword
       J=#libreplanet,#lp-it,#gnewsense
       E=UTF-8 (Unicode)
       F=1
       D=0
       S=irc.freenode.net/8001

After closing the setup windows, you can connect in clear to the FreeNode network you just created.

XChat: SSL connection to freenode

1. From the XChat menu, open the Networks list (Ctrl + S)
2. Click the Add button in order to create a new network and call it (with no spaces): FreeNode-SSL
3. Select the FreeNode-SSL network you just created and click on the Edit button to configure it as follows:
   • in Servers for …, click on Add and set as server:

     irc.freenode.net/7070

   • in the same section, set:

     - Connect to selected server only: do NOT check

   • in the Your Details section, enter the values for Nick name, User name and Real name
   • in the Connecting section set:

     - Auto connect …: set as desired

     - Use a proxy server: do NOT check

     - Use SSL for all the servers on this network: CHECK

     - Accept invalid SSL certificate: CHECK

     - Channels to join: #libreplanet, #lp-it, #gnewsense, … other channels as you like, separated by commas, no spaces…

     - Connect command: leave blank

     - Nickserv password: leave blank

     - Server password: to be set only if you are using a nickname registered and verified on freenode

     - Character set: UTF-8

The configuration of this new FreeNode-SSL network will appear in the /~.xchat2/servlist_.conf file. It will be something as:

       N=FreeNode-SSL
       I=mynickname
       U=mynickname
       R=mynickname
       P=mypassword
       J=#libreplanet,#lp-it,#gnewsense
       E=UTF-8 (Unicode)
       F=37
       D=0
       S=irc.freenode.net/7070

After closing the setup windows, you can connect by SSL to the FreeNode-SSL network you just created.

XChat: Tor+SASL connection to freenode

Connecting to freenode by Tor+SASL requires the use of the new dedicated tor hidden service p4fsi4ockecnea7l.onion (for details see: http://blog.freenode.net/2010/01/connecting-to-freenode-using-tor-sasl/ and http://freenode.net/irc_servers.shtml#tor) and also the use of SASL authentication mechanism that could be handled by XChat.

Consequently, this method of connection is more complex and articulated than the previous, as it requires the satisfaction of certain additional requirements:

• Tor must be properly installed and its service must be running (it is *strongly* recommended that you install the latest version of the available packages in the official repositories of the tor project, at: http://www.torproject.org/docs/debian.html).
  Togheter with tor, is also recommended the installation of the latest version of the polipo and geoipdb-tor packages.
  For installation and configuration of tor see the official guide.
• The system must have installed the support for SSL (install the openssl package) and also some libraries for encryption (libcrypt-openssl-bignum-perl, libcrypt-dh-perl, libcrypt-blowfish-perl).
  Note - The required packages may differ depending on the system in use.
• A registered and verified NickServ account on freenode is needed (for the registration procedure, see: http://freenode.net/faq.shtml#userregistration).

A specific script is used to make the authentication and security SASL framework available to XChat. This script should be placed in the ~/.xchat2 directory, in order to be loaded when XChat is opened.

The support for SASL in XChat is obtained using the following commands:

       $ cd ~/.xchat2
       $ wget http://adipose.attenuate.org/~stephen/ircd-seven/sasl/cap_sasl.py

Warning - This Python script seems to work fine, and is released under the GNU GPL license. The Perl script available from http://freenode.net/sasl/ seems not work well with XChat.

At this point, we can finally set XChat. Having to use tor unlike previous cases, now the client must be configured to use the proxy server.

1. From the Settings -> Preferences menu, go to the Network category and open Network setup

to configure it as follows:

1. • in the Proxy server section set:

     - Hostname: localhost

     - Port: 9050

     - Type: Sock5

     - Use proxy for: All connections

2. From the XChat menu, open the Networks list (Ctrl + S)
3. Click the Add button in order to create a new network and call it (with no spaces): FreeNode-TorSASL
4. Select the FreeNode-TorSASL network you just created and click on the Edit button to configure it as follows:
   • in Servers for …, click on Add and set as server:

     p4fsi4ockecnea7l.onion

   • in the same section, set:

     - Connect to selected server only: do NOT check

   • in the Your Details section, enter the values for Nick name, User name and Real name
     Warning - You must use a registered and verified NickServ account on freenode (for the registration procedure, see: http://freenode.net/faq.shtml#userregistration)
   • in the Connecting section set:

     - Auto connect …: set as desired

     - Use a proxy server: CHECK

     - Use SSL for all the servers on this network: do NOT check

     - Accept invalid SSL certificate: do NOT check

     - Channels to join: #libreplanet, #lp-it, #gnewsense, … other channels as you like, separated by commas, no spaces…

     - Connect command: leave blank

     - Nickserv password: leave blank

     - Server password: set the password corresponding to the registered and verified NickServ account on freenode that you are using (see above)

     - Character set: UTF-8

5. To ensure that the SASL framework is used by the FreeNode-TorSASL network, type in the command area of XChat the command:

   /SASL -set FreeNode-TorSASL mynickname mypassword

   where:

   - FreeNode-TorSASL is the name of the network for which SASL have to be used (Warning - Since it is case-sensitive, it must match *exactly* the name assigned to the network for which SASL have to be used)

   - mynickname is the nickname of the registered and verified NickServ account on freenode that you are using (see above)

   - mypassword: is the password of the registered and verified NickServ account on freenode that you are using (see above)

6. Note: The help for SASL in XChat is obtained using the command /HELP SASL
7. Close and reopen XChat

The configuration of this new FreeNode-TorSASL network will appear in the /~.xchat2/servlist_.conf file. It will be something as:

       N=FreeNode-TorSASL
       I=mynickname
       U=mynickname
       R=mynickname
       P=mypassword
       J=#libreplanet,#lp-it,#gnewsense
       E=UTF-8 (Unicode)
       F=17
       D=0
       S=p4fsi4ockecnea7l.onion

The correspondence between the FreeNode-TorSASL network and the SASL framework (shown by the command /SASL) will result in a special section within the ~/.xchat2/sasl.conf file. It will be something as:

       [FreeNode-TorSASL] 
       nick = mynickname 
       password = mypassword
       mechanism = PLAIN

To increase security, it is *strongly recommended* to replace in this file the line:

       mechanism = PLAIN

with:

       mechanism = DH-BLOWFISH

You can now connect by Tor+SASL to the FreeNode-TorSASL network you just created.

Note: In some circumstances, probably because of the latency of the tor network, the connection might be slow or difficult.