projects / irc / freenode / web-7.0.git / blame
| Commit | Line | Data |
|---|---|---|
| de97d234 | 1 | Title: Connecting to freenode |
| c7279396 | 2 | Slug: chat |
| 3 | --- | |
| de97d234 | 4 | The freenode network can be accessed via the [freenode webchat](//webchat.freenode.net) or using an IRC client such as irssi, WeeChat, ERC, HexChat, Smuxi, Quassel or mIRC. |
| c7279396 | 5 | |
| 2990146e | 6 | You can connect to freenode by pointing your IRC client at `chat.freenode.net` on ports 6665-6667 and 8000-8002. |
| a1b22831 CD |
7 | |
| 8 | ## Accessing freenode Via SSL | |
| de97d234 SB |
9 | freenode provides SSL client access on all servers, on ports 6697, 7000 and 7070. Users connecting over SSL will be given user mode +Z, and _is using a secure |
| 10 | connection_ will appear in WHOIS (a 671 numeric). Webchat users will not currently appear with +Z or the 671 numeric, even if they connect to webchat via SSL. | |
| a1b22831 | 11 | |
| de97d234 SB |
12 | In order to verify the server certificates on connection, some additional work may be required. First, ensure that your system has an up-to-date set of root CA |
| 13 | certificates. On most linux distributions this will be in a package named something like ca-certificates. Many systems install these by default, but some (such | |
| 14 | as FreeBSD) do not. For FreeBSD, the package is named ca_root_nss, which will install the appropriate root certificates in /usr/local/share/certs/ca-root-nss.crt. | |
| a1b22831 | 15 | |
| debd708e EK |
16 | Certificate verification will generally only work when connecting to **`freenode.net`**. If your client thinks the server's certificate is invalid, make sure you are connecting to `chat.freenode.net` rather than any other name that leads to freenode. |
| 17 | ||
| de97d234 SB |
18 | For most clients this should be sufficient. If not, you can download the required intermediate cert from [Gandi](http://crt.gandi.net/GandiStandardSSLCA.crt) |
| 19 | and the root cert from [Instant SSL](http://www.instantssl.com/ssl-certificate-support/cert_installation/UTN-USERFirst-Hardware.crt). | |
| a1b22831 | 20 | |
| 6da654fb | 21 | Client SSL certificates are also supported, and may be used for identification to services. See [this kb article](kb/using/nickcerts). If you have connected with a client certificate, _has client certificate fingerprint f1ecf46714198533cda14cccc76e5d7114be4195_ (showing |
| de97d234 | 22 | your certificate's SHA1 fingerprint in place of _f1ecf46..._) will appear in WHOIS (a 276 numeric). |
| 6da654fb CFL |
23 | |
| 24 | ## Accessing freenode Via Tor | |
| 25 | ||
| 26 | freenode is also reachable via [Tor<i class="fa fa-external-link" aria-hidden="true"></i>](https://www.torproject.org/), bound to some restrictions. You can't directly connect to chat.freenode.net via Tor | |
| 27 | but rather have to use the following hidden service as server address: | |
| 28 | ||
| 29 | freenodeok2gncmy.onion | |
| 30 | ||
| 31 | The hidden service requires SASL authentication. In addition, due to | |
| 32 | the abuse that led Tor access to be disabled in the past, we have | |
| 33 | unfortunately had to add another couple of restrictions: | |
| 34 | ||
| 35 | - You must log in using SASL's `EXTERNAL` or `ECDSA-NIST256P-CHALLENGE` (more | |
| 36 | below) | |
| 37 | - If you log out while connected via Tor, you will not be able to log in without | |
| 38 | reconnecting. | |
| 39 | ||
| 40 | If you haven't set up the requisite SASL authentication, we recommend SASL | |
| 41 | EXTERNAL. You'll need to generate a client certificate and add that to your | |
| 42 | NickServ account. This is documented [in our knowledge base](kb/using/nickcerts). | |
| 43 | Note that due to the SSL certificates not matching the hidden service, | |
| 44 | you might have to disable the verification in your client. | |
| 45 | ||
| 46 | You'll then want to tell your client to try the `EXTERNAL` mechanism. We lack | |
| 47 | comprehensive documentation for this, but it's a feature in most modern | |
| 48 | clients, so please check their docs for instructions for now. |