You can set this up on any port you like. There are a few issues to keep in mind here:

  • Users other than root cannot bind to ports under 1024
  • Many common firewalls may block packets on ports under 1024
  • The user running stunnel must be able to write a pid file for stunnel on startup (usually to /var/run)

For the purposes of this howto we'll use local port 6994. This is bindable by users, and assuming you have access to write the pid file (or give -P none) you should be fine. If you have problems, but have root access available, the workaround is to just run stunnel as root. In this case feel free to choose whatever port you like.

Stunnel version 3 instructions (may not work with newer linux distros)

Issue the following command: stunnel -c -d 6994 -r

This tells stunnel to listen on port 6994 on your local computer, and forward the connections to port 994 at

(Type stunnel -h for a more complete description of these flags)

Stunnel version 4 instructions (newer)

You will need to set up a configuration file and encryption key as detailed in the "Installation" section of the page SecureIrcStunnelWindows . After following those directions you would invoke stunnel by doing something like

sudo stunnel /home/yourusername/.stunnel/stunnel.conf

You should now have a secure tunnel set up. To make sure, look for the stunnel process running in the background. You should also see something similar to the following in your system log:

Mar 24 21:13:48 yourhost stunnel[11990]: Using '' as tcpwrapper service name Mar 24 21:13:48 yourhost stunnel[11990]: stunnel 3.22 on i586-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.6c 21 dec 2001 Mar 24 21:13:48 yourhost stunnel[11991]: FD_SETSIZE=1024, file ulimit=1024 -> 500 clients allowed

The difficult part of the process is complete. Now all you have to do is connect to the local side of your tunnel with your IRC client. Regardless of the client you choose, this consists of connecting to localhost on the port you've chosen (in our case 6994). From most IRC clients you issue the command /server localhost 6994. You should connect as usual.

When you make this connection, stunnel should report something like this in your system log:

Mar 24 21:51:30 yourhost stunnel[12073]: connected from

At this point you should be connected to the IRC server, and can enjoy secure communication!

(copied from main SecureIRC page -- SimonShine - 08 Jan 2006)
Topic revision: r1 - 08 Jan 2006, SimonShine
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback