Support connecting to IRC via a SOCKS proxy [$15]

[kylef]

---

There is a $5.00 bounty open on this issue at Bountysource

## --- There is a **[$15 open bounty](https://www.bountysource.com/issues/682-support-connecting-to-irc-via-a-socks-proxy?utm_campaign=plugin&utm_content=tracker%2F1759&utm_medium=issues&utm_source=github)** on this issue. Add to the bounty at [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F1759&utm_medium=issues&utm_source=github).

[DarthGandalf]

HTTP CONNECT can work too....

[ninlilizi]

I'd really <3 this feature too.
Even basic socks4 support would be both grand and simple to implement

[Ramblurr]

This would be incredibly useful. I'd love to be able to use znc over tor or any other arbitrary socks proxy.

[ErebusBat]

FYI this can be easily accomplished using socat by running the following command on the ZNC server, then using 127.0.0.1:4321 as the server in ZNC.

Freenode via TOR:
socat TCP4-LISTEN:4321,fork SOCKS4A:localhost:p4fsi4ockecnea7l.onion:6667,socksport=9050

Assume you just want to use proxy.mycompany.com:8080 as your SOCKS proxy, then the command would be:
socat TCP4-LISTEN:4321,fork SOCKS4A:proxy.mycompany.com:p4fsi4ockecnea7l.onion:6667,socksport=8080

Obviously you can replace the .onion address with another IRC server, or change the port.

[Mikaela]

Could this optionally be network specific for exampe using tor only at specific networks? The socat has issue of not starting automatically on boot or crash unlike ZNC in crontab.

To my own comment above: What sense would it make connecting to Tor only with one server and not the rest? Your real host would be seen on the other networks anyway and if only your ZNC was using tor, your IP could always be gotten by making you click some link etc.

Updated on 2015-06-12 while also strikethroughing the previous comment.

2018-09-28, this is probably the issue where I have changed my mind the most.

Tor hidden services provide additional encryption in addition to TLS and they cannot be MITMed (or at least not "as easily"). Their development also seems to only going forwards with Tor Hidden Services version 3.

Thus I might like to connect to freenode (and some other network) hidden service, while connecting to a IRCd on my localhost or LAN without Tor and like irl says below, I wouldn't need or want to use Tor with network using CJDNS or DN42.

I guess the main point to my original comment is that there are other reasons to use Tor than hiding IP. I would recommend reading Tor's mode sof anonymity in their TorifyHOWTO

And to end this round of editing, the original issue only requests SOCKS proxy support (I hope it to mean SOCKS5) and that there likely are other use cases for SOCKS proxy other than Tor (usually 127.0.0.1:9050) even with keeping in mind that the connection between ZNC and the proxy is not encrypted.

2018-09-28 -EDIT2: HexChat also has option to "bypass proxy for this server", WeeChat has proxy as server-specific option that may also be set globally, I don't know if those compare to ZNC, but ZNC would not be the only software featuring per-server proxies. I also forgot above that anonymity networks other than Tor also exist such as I2P which might also need a separate proxy (I haven't investigated it, sorry).

[Carlgo11]

Added $10. Please add 😘

[pdostal]

I'd also like to ask for proxy support in ZNC 👍

[irl]

+1

The socat example isn't exactly reliable. In response to @Mikaela, Tor is not the only use case for this. I'd like to use Tor to connect to Freenode and OFTC, but I'd still like to go directly to hackint (via dn42) and another network accessible via cjdns, so this would need to be a per server thing.

Looking at how to implement this (hints to prospective developers, I'm not a C++ dev):

• ZNC uses the CSocketManager to manage the low-level socket that is the actual connection to the IRC server. It looks like modifications would be required for the Connect() function here to allow for a SOCKS proxy to be specified.
• When a SOCKS proxy is specified, for the Tor use case at least, it would be necessary to disable DNS resolution and pass the domain name (which may be a hidden service) through the SOCKS proxy.
• It may be a better idea to provide an alternative function such as ConnectSocks() to implement the acquiring of a socket via SOCKS as you're basically rewriting the whole function.

[Mikaela]

As it has been so long time since anything was said here, I would like to add this comment to notify that I have changed my mind on #143 (comment) again and added another set of strikethroughs and written the actual comment there.

Unrelatedly the Bountysource integration in the original post is broken.