Using quassel with tor

Applications
1

Hi all,

to those of you making use of “tor”: I have a question/problem as far as “torsocks” is concerned.

My system is: Linux/Lubuntu 20.04.2 LTS, 64 bit and I´m using the IRC client “quassel” on that system.

Per default it came preconfigured with “IRC Networks: irc.ubuntu.com:8001”.
As an example I use the chatroom “#fish” (the one for fish-shell).

Yet I noticed the following entry after the connection is established:

rosika (~quassel@dynamic-[my-ip-address]) hat #fish betreten.

(So basically: “rosika has entered #fish”).

The only thing I wouldn´t be over-enthusiastic about is the fact that my real ip-address is displayed here. So I installed “tor” as an addition and thus have the command “torsocks” available.

In principle tor works as I found out by comparing the output of these two commands:

curl ipv4.icanhazip.com
torsocks curl ipv4.icanhazip.com

They yielded different IPs which is fine. :+1: :smile:

After establishing that torification in general works I prefixed quassel with torsocks:

The GUI started alright but when trying to establish a connection to e.g. “#fish” the GUI closes and the programme shuts down. Here´s what the terminal says about it:

torsocks quassel
2021-03-16 13:32:49 [Warn ] Missing icon: "inactive-quassel-tray" (using fallback: "inactive-quassel")
2021-03-16 13:32:49 [Warn ] Missing icon: "active-quassel-tray" (using fallback: "active-quassel")
2021-03-16 13:32:49 [Warn ] Missing icon: "message-quassel-tray" (using fallback: "message-quassel")
2021-03-16 13:32:49 [Warn ] SslServer: Certificate file /home/rosika/.config/quassel-irc.org/quasselCert.pem does not exist 
2021-03-16 13:32:49 [Warn ] SslServer: Unable to set certificate file
           Quassel Core will still work, but cannot provide SSL for client connections.
           Please see https://quassel-irc.org/faq/cert to learn how to enable SSL support. 
2021-03-16 13:32:49 [Warn ] SslServer: Certificate file /home/rosika/.config/quassel-irc.org/quasselCert.pem does not exist 
2021-03-16 13:32:49 [Warn ] PostgreSQL driver plugin not available for Qt. Installed drivers: QSQLITE 
2021-03-16 13:32:49 [Info ] SQLite storage backend is ready. Schema version: 31 
2021-03-16 13:32:49 [Info ] Database authenticator is ready. 
2021-03-16 13:32:49 [Info ] Restoring previous core state... 
2021-03-16 13:32:50 [Warn ] InputWidget::updateNickSelector(): can't find Identity for Network  1 IdentityId:  0
2021-03-16 13:32:52 [Warn ] Konnte nicht mit Lubuntu IRC (Der entfernte Rechner hat die Verbindung geschlossen) verbinden
2021-03-16 13:32:53 [Info ] Caught signal 11

Surely I´m doing something wrong here. :thinking: Can anybody help me how to proceed now, please?

Thanks a lot in advance.

Many greetings.
Rosika :slightly_smiling_face:

2

Hi, :wave:

for anyone interested in this topic: I may tell you that I managed to solve the problem. :blush:

Yet I didn´t use quassel with torification but installed weechat (IRC client for the command-line). This one - according to ubuntuusers.de - should be very well suited for use with tor (see WeeChat › Wiki › ubuntuusers.de # in German)

On https://szorfein.github.io/weechat/tor/configure-weechat/ I found a great recipe for setting up weechat using tor. I followed the instructions and it seems to work just fine. :+1:

So for the sake of completeness here are the steps to follow:

Once weechat is installed, launch it.

$ weechat

Add a Freenode server

Add a freenode server without SSL, we enable it later.

/server add freenode chat.freenode.net/6667 -autoconnect

Change the nickname by default, it’s used by freenode to create your account…

/set irc.server.freenode.nicks ninja

Connect to freenode…

/connect freenode

Create your freenode account

You have to create an account, this is a restriction to use TOR. And yes, anonyma is take a hit… You can create a password with pwgen like this: pwgen -sy 24 1.

/msg NickServ REGISTER password ninja@ninja.co

You will receive in your mail box, a command line to enter bellow like:

/msg NickServ VERIFY REGISTER ninja ijgimopaoijv

Next, to enable TOR, we will using the SASL method.

Enable SASL authentication

Create the new key. ref

$ mkdir ~/.weechat/certs
$ cd ~/.weechat/certs
$ openssl ecparam -genkey -name prime256v1 -out ~/.weechat/certs/ecdsa.pem

Find the fingerprint.

$ openssl ec -noout -text -conv_form compressed -in ~/.weechat/certs/ecdsa.pem | grep '^pub:' -A 3 | tail -n 3 | tr -d ' \n:' | xxd -r -p | base64
  e084219c214d391a8fd75cdbb891b5b966515db7

Into weechat, we enable SASL.

/msg nickserv set pubkey e084219c214d391a8fd75cdbb891b5b966515db7
/set irc.server.freenode.sasl_mechanism ecdsa-nist256p-challenge
/set irc.server.freenode.sasl_username "ninja"
/set irc.server.freenode.sasl_key "%h/certs/ecdsa.pem"

/reconnect freenode

You should be reconnect with your username.

Tor

Finally, to use tor. (tor should run) ref

/set irc.server.freenode.addresses "ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion"
/proxy add tor socks5 127.0.0.1 9050
/set irc.server.freenode.proxy "tor"

You have to disable ssl_verify who doesn’t work with TOR.

/set irc.server.freenode.ssl_verify off
/reconnect freenode

Enhance your privacy

Add somes settings bellow to weechat. detail from faq

/set irc.server_default.msg_part ""
/set irc.server_default.msg_quit ""
/set irc.ctcp.clientinfo ""
/set irc.ctcp.finger ""
/set irc.ctcp.source ""
/set irc.ctcp.time ""
/set irc.ctcp.userinfo ""
/set irc.ctcp.version ""
/set irc.ctcp.ping ""
/plugin unload xfer
/set weechat.plugin.autoload "*,!xfer"

And save all our works:

/save

Reconnect to freenode as a ninja :slight_smile:

/reconnect freenode

Troubleshooting

Please, post an issue to github.

Many greetings from Rosika. :slightly_smiling_face:

2 Likes