DESCRIPTION
IRC Server behind tor hidden seervice
Firstly, I decided to write this post because when I started using tor
tor hidden service with irc server, I didn't realize it was going to be
a pain in the ass, but with a little efort I figure out how to do it in
the simple way. Secondly I would like to save and share this information
'cause I know someone will have the same questions I had.
Here follow what I have done to get my irc server connected to internet
behind tor hidden service. It is important to note that I have no domain
name, no hostname, no fixed IP address, all I have is a local server
running in the loopback (127.0.0.1) address. I will not cover or make
any specific endorsements about irc server here, it will be expalained
in details in another post.
The intention here is to cover only tor hidden service and irc client
configuration. This instructions are suposed to work only with Linux OS.
DOWNLOAD
irc server
InspIRCd is a modular Internet Relay Chat (IRC) server written in C++
for Linux, BSD, Windows and Mac OS X systems.
https://www.inspircd.org/
tor
If you are using Debian/Ubuntu then you can download and install tor
from here (just follow the instructions on this page):
https://www.torproject.org/docs/debian.html.en#ubuntu
irc client
This document was tested using irssi and hexchat, however you can try
with another irc client like BitchX, xchat, mirc, ..
IRSSI - https://irssi.org/
Hexchat - https://hexchat.github.io/
If you are using debian/ubuntu then apt-get should be enough to make the
installaation of IRSSI or Hexchat.
CONFIGURATION
tor
There are at least 3 diferent methods to connect an IRC server through
Tor: using transparent proxying, socat or usewithtor.
Here I will cover only transparent proxying.
Basically you have to configure your `torrc` file, with debian/ubuntu it
is located at: `/etc/tor/torrc` open your torrc in your favorite text
editor and search for this line:
"This section is just for location-hidden services"
You have to add you HiddenServiceDir (location of the hostname and
private key) and HiddenServicePort in your file.
Here is what I added in my file
HiddenServiceDir /home/
HiddenServicePort 6697 127.0.0.1:6697 # serve with ssl
HiddenServicePort 9050 127.0.0.1:9050
## ________________________
## | TRANSPARENT PROXYING |
## |______________________|
##
## IsolateClientAddr = (on by default) Separate connecting
## clients by address
## IsolateSOCKSAuth = (on by default) Separate streams with
## different SOCKS authentications
## IsolateClientProtocol = SOCKS4, SOCKS5, TransPort connections,
## NATDPort connections, and DNSPort
## requests are all considered different
## protocols
## IsolateDestPort = Separate by destination port
## IsolateDestAddr = Separate by destination address
TransPort 127.0.0.1:9050 IsolateClientAddr IsolateClientProtocol IsolateDestAddr
DNSPort 127.0.0.1:5353 # it is important to resolve the hostname
VirtualAddrNetwork 127.192.0.0/10 ## maps an IP address from localhost/10
AutomapHostsOnResolve 1 ## to each connection to a new host which
AutomapHostsSuffixes .exit,.onion ## ends in '.exit' or '.onion'
Save your torrc file and than restart your tor daemon.
$ sudo /etc/init.d/tor restart
Important: each time you edit your torrc file, then you restart your tor.
Hexchat
Open Network List > add a new network, then edit the network, in the
tab Servers, add your new hostname created by your tor (it is located in
your HiddenServiceDir /home/
hostname file and you should see your address there! something like this
2lqoa4hzw5sy566nuts.onion
When editing the network if you are using ssl then check these options:
✓ Use ssl for all servers in this network
✓ Accept invalide certificate (check if you are using self-signed cert.)
Open Settings > Preferences > in Network Setup > Proxy server
Hostname: 127.0.0.1
Port: 9050 (The same `TransPort` in your `torrc` file)
Type: Socks5
Use Proxy for: All Connections
IRSSI and others irc client
The same config used with Hexchat.
SYNOPSIS
Have sure your irc server and tor is up and running.
Start your irc server (I'm using InspIRCd v2.0.21 - inspircd.org)
user@host:/$ inspircd start/restart/stop
Start tor
user@host:/$ tor &
Start your irc client
user@host:/$ hexchat &
Once the irc client is up and running, than connect to your onion address
(see configuration hexchat).
FAQ
Q: So does this really work?
A: Yes. just try it!
HOW DOES IT WORK?
"Tor makes it possible for users to hide their locations while offering
various kinds of services, such as web publishing or an instant messaging
server. Using Tor "rendezvous points," other Tor users can connect to these
hidden services, each without knowing the other's network identity..."
https://www.torproject.org/docs/hidden-services.html.en
"Tor allows clients and relays to offer hidden services. That is, you can
offer a web server, SSH server, etc., without revealing your IP address to
its users. In fact, because you don't use any public address, you can run a
hidden service from behind your firewall."
https://www.torproject.org/docs/tor-hidden-service.html.en
Be aware DNS leak may occur, you have to learn how to block/prevent it.
EXAMPLE USAGE
see SYNOPSIS
SEE ALSO
to get started with your onion address
https://www.torproject.org/docs/tor-hidden-service.html.en
How to Torify your service
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc
If you are using irssi irc client (actually it worked out with hexchat/xchat)
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/irssi
Lots of reading (recommended)
http://freehaven.net/anonbib/topic.html#Tor_20Performance
A bit more
https://riseup.net/en/security/network-security/tor/onionservices-best-practices
CONTACT
Questions or hate mail, please send it all here -> deepcell@gmail.com
I look forward to hearing from you!
