Pentest Tools

Published on January 23rd, 2016 📆 | 6012 Views ⚑


OnionCat — Anonymous VPN Adapter

Text to Voice

OnionCat is a VPN-adapter which allows to connect two or more computers or networks through VPN-tunnels. It is designed to use the anonymization networks Tor or I2P as its transport, hence, it provides location-based anonymity while still creating tunnel end points with private unique IP addresses.

OnionCat uses IPv6 as native layer 3 network protocol. The clients connected by it appear as on a single logical IPv6 network as being connected by a virtual switch. OnionCat automatically calculates and assigns unique IPv6 addresses to the tunnel end points which are derived from the hidden service ID (onion ID) of the hidden service of the local Tor client, or the local I2P server destination, respectively. This technique provides authentication between the onion ID and the layer 3 address, hence, defeats IP spoofing within the OnionCat VPN.

[adsense size='1']

If necessary, OnionCat can of course transport IPv4 as well. Although it has native IP support, the suggested way to do this is to configure an IPv4-in-IPv6 tunnel.



OnionCat is released under GPLv3 and was presented to the public at 25th Chaos Communication Congress.



In order to run OnionCat you need to

  1. install OnionCat,
  2. configure the Tor proxy properly,
  3. on Windows install the OpenVPN TAP Ethernet driver which is included in theOpenVPN Installer, on Mac OSX you need to install the TUNTAP driver,
  4. run OnionCat with the appropriate parameters.

To install OnionCat, have a look at the download page. It describes several installation options. The next thing is to configure your Tor proxy. In the standard installation it is assumed that Tor runs locally on your host as well as OnionCat, although this is not required. In either case you have to set up a hidden service. Add the following two lines to your Tor configuration which is typically found int/etc/tor/torrc.

[adsense size='2']

HiddenServiceDir /var/lib/tor/onioncat/
HiddenServicePort 8060

For a general information on confiugration of hidden services have a look the hidden service confiugration page on the Tor project page. After reloading Tor go to the hidden service directory (/var/lib/tor/onioncat). You will find the file namedhostname there. It contains your onion Id. It is a string which looks like this:62bwjldt7fq2zgqa.onion.

Now you can run OnionCat as root with the following command:

ocat 62bwjldt7fq2zgqa.onion

It has to be started as root because it opens a tunnel device and configures an IP address which is only allowed as root. OnionCat will immediately drop the privileges to nobody or any other user if the option -u is specified. For more configuration options please see the man page or run `ocat -h`.



Package Managers

There are several ways to retrieve OnionCat. The easiest way to install it is to use the package manager of your operating system. OnionCat is known to be included at least in Debian Linux, ArchLinux, Ubuntu,FreeBSD, OpenBSD, DragonFly BSD, and probably others which are not explicitly known.


Source Packages

The method which should work on nearly all systems is to download the source package from the primary location and compile and install it manually. Since OnionCat was developed with portability in mind this works on Linux, Windows with Cygwin, Mac OSX, and Solaris. Currently there is no report of any system where it does not work. Please do not hesitate to contact us for bug reports or feature requests.

The build chain is based on the GNU Autotools, hence, simple do

make install


SVN Checkout

OnionCat may also be checked out from our svn repository. To build it in this case you need to have autotools installed. To check out the latest revision do

svn checkout onioncat

You can also browse the source in our Trac source code browser at

[adsense size='3']

Source && Download

Leave a Reply

Your email address will not be published.