To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.

Tor: Difference between revisions

From ZNC
Jump to navigation Jump to search
m added freenode example
freenode updated onion address
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
==Introduction==
==Introduction==
This has been copied from http://area51archives.com/index.php?title=Using_ZNC_with_Tor&action=edit
This has been copied from http://area51archives.com/index.php?title=Using_ZNC_with_Tor&action=edit
===Alternative method===
[https://github.com/znc/znc/issues/143 There is an open issue at GitHub on supporting SOCKS proxies directly] and [https://github.com/znc/znc/issues/143#issuecomment-12858126 there user ErebusBat gives alternative method quoted below].
----
FYI this can be easily accomplished using <code>socat</code> by running the following command on the ZNC server, then using <code>127.0.0.1:4321</code> as the server in ZNC.
Freenode via TOR:
<code>socat TCP4-LISTEN:4321,fork SOCKS4A:localhost:ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion:6697,socksport=9050</code>
Assume you just want to use proxy.mycompany.com:8080 as your SOCKS proxy, then the command would be:
<code>socat TCP4-LISTEN:4321,fork SOCKS4A:proxy.mycompany.com:ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion:6697,socksport=8080</code>
Obviously you can replace the .onion address with another IRC server, or change the port.


==Installing Tor==
==Installing Tor==
The [https://www.torproject.org/docs/debian.html.en installation guide] couldn't be simpler, but this is the quick walk through. Each version of Ubuntu has a different name. The version I am using at the time of this article is 12.04, Precise Penguin. The release name will always be the first name, in this case, '''precise'''. A list of names are provided [https://wiki.ubuntu.com/Releases here]. You will need to know the name of your release for this next step.
Follow the instructions at the [https://www.torproject.org/docs/debian.html.en tor installation guide].
You need to edit the '''/etc/apt/sources.list''' file as root and add:
deb    http://deb.torproject.org/torproject.org <RELEASE> main
Of course, you will need to replace <RELEASE> with the proper release name.
Run this command to add the Tor Project's package keys to your system.
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
Now update your distribution lists:
apt-get update
Run this command to install the Tor Project's application that keeps the signing key up to date:
apt-get install deb.torproject.org-keyring
Finally, run this command to install Tor:
apt-get install tor


==Installing ZNC==
==Installing ZNC==
Line 27: Line 32:


==ProxyChains==
==ProxyChains==
Tor ships with a SOCKS proxy which is used to tunnel traffic through the Tor network. ZNC doesn't have the option to use SOCKS proxies, that's where ProxyChains comes in. ProxyChains allows you to force an application to use a SOCKS proxy. Luckily, ProxyChains is configured to work with Tor out of the box! You may already have ProxyChains installed. If not, it's a simple run of this command to get it:
Tor ships with a SOCKS proxy which is used to tunnel traffic through the Tor network. ZNC doesn't have the option to use SOCKS proxies, that's where ProxyChains comes in. ProxyChains allows you to force an application to use a SOCKS proxy. Luckily, ProxyChains is configured to work with Tor out of the box! You may already have ProxyChains installed.  
  sudo apt-get install proxychains
 
If you are not able to get it via apt, or are not using Ubuntu, you can acquire the source from the [http://proxychains.sourceforge.net/ ProxyChains website].
===The recommended way, proxychains v4===
With proxychains4, you can specify the .onion address in ZNC directly.  With proxychains v3, this was not possible, which we touch on below.  This is why proxychains v4 is preferable to v3 when possible.  If you do not have proxychains v4 installed already, you can likely install it with:
  sudo apt install proxychains-ng
or
sudo apt install proxychains4
If you are not able to get it via apt, or are not using Ubuntu, you can acquire the source from the [https://github.com/rofl0r/proxychains-ng GitHub website].
At this point, you can simply run <code>'''proxychains znc'''</code> from the command line. This will start up znc and tunnel its connections via Tor. If you run znc as a system service, then you'll need to edit that config file to launch znc via proxychains.


==.onion Resolution==
===The old way, .onion resolution===
At this point, you can simply run '''proxychains znc''' from the command line. This will start up znc and tunnel its connections via Tor. However, it will not work if you attempt to connect to .onion addresses. If you run znc as a system service, then you'll need to edit that config file to launch znc via proxychains.
If you only have proxychains v3, you will not be able to immediately connect. It will not work if you attempt to connect to an .onion address directly in ZNC. What we will have to do instead, is map an IP address in the Tor configuration to resolve to the .onion address. This is annoying, but it's really your only shot of making this work. You will want to use an IP range that you will not use, and never plan on using.
What we will have to do instead, is map an IP address in the Tor configuration to resolve to the .onion address. This is annoying, but it's really your only shot of making this work. You will want to use an IP range that you will not use, and never plan on using.
Let's say you want to connect to 2600net. The .onion address is ''awwqg2ishrohngue.onion''. You would need to open the '''/etc/tor/torrc''' file and add at the end of the file:
Let's say you want to connect to 2600net. The .onion address is ''awwqg2ishrohngue.onion''. You would need to open the '''/etc/tor/torrc''' file and add at the end of the file:
  mapaddress  10.99.99.90 awwqg2ishrohngue.onion
  mapaddress  10.99.99.90 awwqg2ishrohngue.onion
If you were to try to connect to freenode's hidden service (via tor-sasl), you would instead add at the end of the '''/etc/tor/torrc''' file:
If you were to try to connect to freenode's hidden service (via tor-sasl), you would instead add at the end of the '''/etc/tor/torrc''' file:
  mapaddress  10.99.99.90 freenodeok2gncmy.onion
  mapaddress  10.99.99.90 ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion
Save the file, and restart Tor using:
Save the file, and restart Tor using:
  sudo /etc/init.d/tor restart
  sudo /etc/init.d/tor restart

Latest revision as of 08:29, 9 August 2020

Introduction

This has been copied from http://area51archives.com/index.php?title=Using_ZNC_with_Tor&action=edit

Alternative method

There is an open issue at GitHub on supporting SOCKS proxies directly and there user ErebusBat gives alternative method quoted below.



FYI this can be easily accomplished using socat by running the following command on the ZNC server, then using 127.0.0.1:4321 as the server in ZNC.

Freenode via TOR: socat TCP4-LISTEN:4321,fork SOCKS4A:localhost:ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion:6697,socksport=9050

Assume you just want to use proxy.mycompany.com:8080 as your SOCKS proxy, then the command would be: socat TCP4-LISTEN:4321,fork SOCKS4A:proxy.mycompany.com:ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion:6697,socksport=8080

Obviously you can replace the .onion address with another IRC server, or change the port.

Installing Tor

Follow the instructions at the tor installation guide.

Installing ZNC

The installation page gives you an easy walkthrough on compiling and install ZNC for your distribution of choice. This page will have the most up to date version listed quicker than the PPA listed below. For novices, the PPA should serve to be easier to maintain, but comes with a potential lapse of updates. It's your choice.

For Ubuntu-based distros, please refer to the Ubuntu section in the installation guide to install ZNC.

After you have compiled and/or installed znc, you need to configure znc before continuing by running:

znc --makeconf

At the end of the makeconf screen when it asks if you would like to launch ZNC, select "no."

ProxyChains

Tor ships with a SOCKS proxy which is used to tunnel traffic through the Tor network. ZNC doesn't have the option to use SOCKS proxies, that's where ProxyChains comes in. ProxyChains allows you to force an application to use a SOCKS proxy. Luckily, ProxyChains is configured to work with Tor out of the box! You may already have ProxyChains installed.

The recommended way, proxychains v4

With proxychains4, you can specify the .onion address in ZNC directly. With proxychains v3, this was not possible, which we touch on below. This is why proxychains v4 is preferable to v3 when possible. If you do not have proxychains v4 installed already, you can likely install it with:

sudo apt install proxychains-ng

or

sudo apt install proxychains4

If you are not able to get it via apt, or are not using Ubuntu, you can acquire the source from the GitHub website. At this point, you can simply run proxychains znc from the command line. This will start up znc and tunnel its connections via Tor. If you run znc as a system service, then you'll need to edit that config file to launch znc via proxychains.

The old way, .onion resolution

If you only have proxychains v3, you will not be able to immediately connect. It will not work if you attempt to connect to an .onion address directly in ZNC. What we will have to do instead, is map an IP address in the Tor configuration to resolve to the .onion address. This is annoying, but it's really your only shot of making this work. You will want to use an IP range that you will not use, and never plan on using. Let's say you want to connect to 2600net. The .onion address is awwqg2ishrohngue.onion. You would need to open the /etc/tor/torrc file and add at the end of the file:

mapaddress  10.99.99.90 awwqg2ishrohngue.onion

If you were to try to connect to freenode's hidden service (via tor-sasl), you would instead add at the end of the /etc/tor/torrc file:

mapaddress  10.99.99.90 ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion

Save the file, and restart Tor using:

sudo /etc/init.d/tor restart

...and now you will be able to connect to that .onion address in ZNC by using the server address of 10.99.99.90. For each .onion address you would like to resolve, just add another mapaddress line.