Freenode IRC – Connect And Auth Securely
January 30th, 2010 | Published in FYI, Tutorial | 5 Comments
OK, so today freenode migrated to their new server. It was a bit rough around the edges at first, however they have finally added support for connecting via SSL and using a script in Irssi you can authenticate via SASL. So, I will quickly show you how to get SSL and SASL setup for Irssi and Irssi only, and I am assuming you already have a connection to Freenode already setup.
WARNING: It has been brought to my attention that the Irssi folks get mad when people tell you to edit the config file instead of using the commands, so with that, backup your config file first, and if anything goes wrong, not my fault 
- Let’s install the necessary packages (I think this is all, I already had openssl installed but had to install the libcrypt- packages for the SASL script below):
sudo apt-get install openssl libcrypt-openssl-bignum-perl libcrypt-dh-perl libcrypt-blowfish-perl
- Grab and save the cap_sasl.pl script to ~/.irssi/scripts and setup a link for it to autorun:
cd ~/.irssi/scripts wget http://www.freenode.net/sasl/cap_sasl.pl mkdir autorun ## only if you do not have this directory already cd autorun ln -s ../cap_sasl.pl .
- Fire up Irssi without connecting to anything:
irssi -! - Once in Irssi, setup your username and password for SASL:
/sasl set freenode your_nick your_password DH-BLOWFISH /sasl save /save
- Quit Irssi
- Using a text editor, edit ~/.irssi/config and in the section that says servers = ( you want to remove the stuff between the { and } for freenode, and then add the following in its place:
address = "chat.us.freenode.net"; chatnet = "freenode"; port = "7000"; use_ssl = "yes"; ssl_verify = "yes"; ssl_capath = "/etc/ssl/certs"; autoconnect = "yes";
- Now under the chatnets = ( section, you want the freenode = part to be changed to:
freenode = { type = "IRC"; };
If you get a message about your nick being “Juped” or “temporarily unavailable” and get switched to Guestxxxx nick, read the following, otherwise enjoy your new secure connection.
Now you can go ahead and connect to IRC like you are used to. If you have the ENFORCE flag set for your nickname, you may come across some issues with identifying, and the one message I kept getting was:
Nick nixternal is Juped
If you get this, you need to disable the ENFORCE flag on your nick (make sure you are identified with your correct nick first):
/msg nickserv set enforce off
After that, disconnect from IRC, then reconnect to IRC. You shouldn’t be getting that error message now. If you do, go to #freenode and complain accordingly If all is well, you can go ahead and set the ENFORCE flag back to on:
/msg nickserv set enforce on
Now all should be well. Enjoy your new secure, SSL and SASL authentication, connection.
January 31st, 2010 at 04:38:14 (#)
Thanks for this nice howto. Is there any way to get this done in XChat, too?
January 31st, 2010 at 04:41:26 (#)
Ok, just changing the port to 7070 is enough for XChat. Certificate is valid
). More information on http://freenode.net/irc_servers.shtml
February 1st, 2010 at 23:40:48 (#)
[...] Freenode IRC – Connect And Auth Securely [...]
February 22nd, 2010 at 16:43:48 (#)
hello i am a noob
would it be possible to write the same Tutorial
to use it with Xchat , i am not a geek.
I tried to add the perl script inn Xchat ,
but it has been a failure .
Greetings from italy
Thanks in advance
Lorenzo
March 11th, 2010 at 04:01:07 (#)
Freenode’s new SASL fascist nazi tactic had my network blocked. I don’t even use TOR nor do I want to.
Tell those fags at freenode to go fuck themselves.
Sincerely, Freenode sucks.