This is a simple guide how to use an SSL connection to an IRC server with an IRC client that does not support SSL. The example configuration file named stunnel.conf.example found in the same directory this guide is in should work in most cases as a drop in config file for irc.esper.net. Author: Hikaru Quick start: 1. Install stunnel 2. use the example configuration file stunnel.conf.example in place of the stunnel.conf that came with stunnel 3. start stunnel 4. Connect your irc client to localhost 6697 for irc.esper.net ==================== =1. Getting Started= ==================== If using Windows: If you are using windows you will need to download the program from here: http://www.stunnel.org/download/binaries.html Make sure you download the latest version. As of the current date (8/19/08) it is "stunnel-4.25-installer.exe" After downloading, simply run the installer and use the defaults. It will create shortcut entries in your start menu. If using Linux: Most distributions will allow you to use your package manager to download and install stunnel for you. On Debian/Ubuntu you may be able to install it simply by running apt-get install stunnel4 as the root user. On Slackware, install the stunnel package. It is in the Slackware/n directory on the cds/ftp/http site. ======================== =2. Configuring stunnel= ======================== Now that you have stunnel installed, it is time to configure it. If using Windows: Copy the stunnel.conf.example to c:\program files\stunnel\ rename stunnel.conf to stunnel.conf.old rename stunnel.conf.example to stunnel.conf Now, in start -> all programs -> stunnel click on 'edit stunnel.conf' You will want to comment out the chroot, setuid, setgid, and PID lines in the stunnel.conf - do this by placing ;'s in front of each line, like this: ;chroot = /var/lib/stunnel/ After you're finished with that, if you don't want to connect to any servers other than Espernet or OFTC, simply save, exit notepad, and click on 'run stunnel' from start -> all programs -> stunnel - Please continue to section 3, configuring your IRC client. To construct connection lines of your own, I'll use the esperirc stanza as an example. Move to the end of the stunnel.conf. You will see something like this, as the next to last entry: [esperirc] accept = 6697 connect = irc.esper.net:6697 [esperirc] gives a name to the service that is being used. Typically activity from using it will show up in logfiles under this 'service' name. The name must be unique. accept = 6697 This is the port number for stunnel to open on YOUR computer for YOUR IRC client to connect to. It must not use the same number as any other stanza or program running on your computer. connect = irc.esper.net:6697 This is the actual IRC server to connect to - the 6697 in this case is the *port* to connect to. Many IRC servers use a different port number for SSL. You should ensure that the IRC server has SSL enabled on that port before trying to connect to it using stunnel. Typically this information is in the message of the day, or MOTD that is sent to you on connection to the server. Once you're sure you are finished, save and exit, then click on 'Run stunnel' from start -> All programs -> stunnel' If using Linux: First of all, if you are already using stunnel for anything you should ignore what I'm about to tell you to do and simply merge my example configuration file into the stunnel.conf you already have. Okay, with that out of the way, if you just want to connect to irc.esper.net immediately, copy the original /etc/stunnel/stunnel.conf somewhere safe then copy the example stunnel.conf over it. To construct connection lines of your own, I'll use the esperirc stanza as an example. Open /etc/stunnel/stunnel.conf in a text editor and move to the end of the file. You will see this as the next to last entry in it: [esperirc] accept = 6697 connect = irc.esper.net:6697 [esperirc] gives a name to the service that is being used. Typically activity from using it will show up in logfiles under this 'service' name. The name must be unique. accept = 6697 This is the port number for stunnel to open on YOUR computer for YOUR IRC client to connect to. It must not use the same number as any other stanza or program running on your computer. connect = irc.esper.net:6697 This is the actual IRC server to connect to - the 6697 in this case is the *port* to connect to. Many IRC servers use a different port number for SSL. You should ensure that the IRC server has SSL enabled on that port before trying to connect to it using stunnel. Typically this information is in the message of the day, or MOTD that is sent to you on connection to the server. Okay, so now you've finished writing stunnel.conf - save and exit your text editor. If you are on debian/Ubuntu, the next time you boot stunnel will be running in the background waiting for you to connect through it to an IRC server. On Slackware, edit /etc/rc.d/rc.local and add to the end of the file on a new line: /usr/sbin/stunnel Save and exit. Reboot and stunnel will be running. ================================ =3. Configuring your IRC client= ================================ To use the already given examples in the stunnel.conf configuration file, tell your IRC client to connect to localhost:6697 for irc.esper.net. Each 'accept' line in the stunnel.conf describes the port on localhost for you to connect to for the IRC server you have configured. It is very likely that dcc sends will not work right off the bat. Most IRC clients allow you to choose an option that gets your ip address from the server. If you are behind a firewall, you will also need to modify your IRC clients configuration so it selects one, or a range of ports, to do dccs from and also make sure your firewall allows that range of ports to be connected to. If you have a firewall that works with your IRC clients dcc sends already, it will most likely NOT work while you are using stunnel, and you will still need to modify your IRC client to only use a single port, or range of ports, and modify your firewall to allow those port(s) in.