Hi all,
while still running Lubuntu I managed to torify weechat. It took a while but with some help I got it going.
Now that I´ve set up my new system Linux Lite 6.2 I want to do just the same but for some reason the steps I followed back then don´t seem to provide the desired effect any more.
First of all the references:
- Problem beim Einrichten von weechat (liberachat mit tor) › Programme › Ubuntu verwenden › Forum › ubuntuusers.de (here I got the help Mai 29 2021 and onwards) # in German
- Connecting to Libera.Chat | Libera Chat
- Configuring SASL for WeeChat | Libera Chat
- Using CertFP | Libera Chat
The preliminary steps I took:
- install tor
- make sure tor service is running:
systemctl status tor@default
● tor@default.service - Anonymizing overlay network for TCP
Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; >
Active: active (running) since Mon 2023-05-29 13:48:19 CEST; 18min ago
[...]
also:
env SHELL=/usr/bin/bash firejail --private=/media/rosika/f14a27c2-0b49-4607-94ea-2e56bbf76fe1/DATEN-PARTITION/Dokumente/work2 torsocks w3m
“https://check.torproject.org/”
says:
Congratulations. This browser is configured to use Tor.
Your IP address appears to be: […]
- in weechat:
/server add libera irc.libera.chat/6697 -autoconnect -ssl
/connect libera
-
mkdir ~/.weechat/certs
-
openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1096 -nodes -out libera.pem -keyout libera.pem
-
mv libera.pem ~/.weechat/certs
-
in weechat:
/set irc.server.libera.addresses irc.libera.chat/6697
/set irc.server.libera.ssl on
/set irc.server.libera.ssl_verify on
/set irc.server.libera.ssl_cert %h/certs/libera.pem
/set irc.server.libera.sasl_mechanism external
/save
/reconnect libera
At this point I ran into difficulties. Reconnecting to libera fails:
weechat says:
│14:19:41 libera -- | irc: verbinde zum Server irc.libera.chat/6697 (SSL)... # connecting to server
│14:19:41 libera =!= | gnutls: Kann das Zertifikat "/home/rosika/.config/weechat/certs/libera.pem" nicht lesen # cannot read certificate
│14:19:41 libera -- | gnutls: empfange 2 Zertifikate # receive 2 certs
│14:19:41 libera -- | - Zertifikat[1]-Information:
│14:19:41 libera -- | - subject `CN=erbium.libera.chat', issuer [...]
| RSA key 4096 bits, signed using RSA-SHA256, activated `2023-05-19 23:48:55 UTC', expires `2023-08-17 23:48:54 UTC',
│ | pin-sha256= [...]
│14:19:41 libera -- | - Zertifikat[2]-Information:
│14:19:41 libera -- | - subject [...] activated `2020-09-04 00:00:00 UTC',
│ | expires `2025-09-15 16:00:00 UTC', pin-sha256= [...]
| gnutls: Peer-Zertifikat ist vertrauenswürdig # cert is trustworthy
│14:19:41 libera -- | irc: Verbindung zu irc.libera.chat/6697 (2001:1bc0:c1::1000) hergestellt # connection established
│14:19:41 libera -- | erbium.libera.chat: *** Checking Ident
│14:19:41 libera -- | erbium.libera.chat: *** Looking up your hostname...
│14:19:41 libera -- | erbium.libera.chat: *** Couldn't look up your hostname
│14:19:41 libera -- | erbium.libera.chat: *** No Ident response
│14:19:41 libera -- | irc: Clientfähigkeiten, Server unterstützt: account-notify away-notify chghost extended-join multi-prefix
│ | sasl=PLAIN,ECDSA-NIST256P-CHALLENGE,EXTERNAL tls account-tag cap-notify echo-message server-time solanum.chat/identify-msg
│ | solanum.chat/oper solanum.chat/realhost
│14:19:41 libera -- | irc: Clientfähigkeit, Anfrage: account-notify away-notify chghost extended-join multi-prefix sasl cap-notify server-time
│14:19:41 libera -- | irc: Clientfähigkeit, aktiviert: account-notify away-notify chghost extended-join multi-prefix sasl cap-notify server-time
│14:19:42 libera -- | SASL authentication failed
│14:19:42 libera -- | irc: vom Server getrennt # disconnected from server
│14:19:42 libera -- | irc: Verbinde erneut zum Server in 10 Sekunden # new try
So basically it´s this:
gnutls: Kann das Zertifikat "/home/rosika/.config/weechat/certs/libera.pem" nicht lesen
I.e.: cannot read. the certificate. No idea why not…
I even saw to it that reading is allowed:
chmod +r libera.pem
[...]
.rw-r--r-- 5,3k rosika rosika 28 Mai 15:57 libera.pem
I also added the following line to /etc/tor/torrc:
MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
in weechat:
/set irc.server.libera.addresses libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion/6697
/save
That was the crucial part back then with Lubuntu.
Still it didn´t work:
weechat says:
│14:28:51 libera -- | irc: verbinde zum Server libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion/6697 (SSL)... # connecting to server
│14:28:51 libera =!= | irc: Adresse "libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion" nicht gefunden # address not found
│14:28:51 libera =!= | irc: Fehler: Name or service not known
│14:28:51 libera -- | irc: Verbinde erneut zum Server in 10 Sekunden # new try
Hmm, I´m at a loss what to do now.
Does anyone have a clue
Thanks a lot in advance and many greetings
Rosika