Onioncat Security Considerations

Onioncat is an add-on for anonymization networks such as Tor and I2P. It adds real IP layer networking capability to hosts connected through Tor. Hence it is not enough to just refer to the security of Tor (or I2P). This article discusses security Considerations which are specific to Onioncat. Of course, since Onioncat relies on Tor, most security issues which are valid for the Tor network also apply to Onioncat as well but not completely, because it is a totally different use-case.

Onioncat was specifically designed to work with Tor’s hidden services version 2 and therein Onioncat perfectly integrates into. It will and it does work with different systems as well (e.g. Tor hidden services v3, or I2P) but there are some drawbacks. This will also be explained within this article.

Continue reading

Onioncat on Windows

Onioncat ist written in a portable manner, thus it runs on almost all operating systems, even on Windows. This document describes how to run Onioncat on a Windows 10 installation together with the Tor browser bundle.

The Windows part of the code was already written in 2008, hence Onioncat on Windows is nothing new. This document is here to meet recent versions of Windows, Tor, and Onioncat.


If you read this article you probably know what you are doing, aren’t you?

Continue reading


This is a new version of the Garlicat-HOWTO which I wrote about 10 years ago in November 2009. Actually, this original HOWTO still applies but, anyway, I rewrote it to match the software versions of today, August 2019. This document is based on the I2P router version 0.9.41 and Onioncat 0.2.7, both running on a recent Debian Linux 9.9 system.

This HOWTO explains how to connect two systems named onioncat-A and onioncat-B together using Garlicat and I2P. Of course, the setup is not limited to two hosts, you can connect as many as you like.

Update note 2021/03/14: The gcat symlink was removed from the installation procedure because of a name conflict with another binary. To run OnionCat in GarliCat mode add option -I to ocat: ocat -I

What is Garlicat?

Garlicat is Onioncat with a few configuration changes, i.e. Garlicat uses different port numbers and IPv6 addresses than Onioncat but everything else is the same. This difference is made to be able to run Tor and Onioncat, and I2P and Garlicat in parallel on the same host. Hence, everything that applies to Onioncat also applies to Garlicat. The terms can really be used interchangeably.

What is Onioncat?

Onioncat is a VPN adapter which is designed to connect through Tor/I2P to other Onioncats. Thus you can build a VPN between systems based on anonymization networks. No surveillor will be able to monitor your traffic dependent on the strength of your Tor/I2P node and its network.

Continue reading

Onioncat and Tor Hidden Services V3

For security reasons the Tor project introduced hidden services version 3 (HSv3) which facilitate stronger cryptography to comply with modern needs for security. Onioncat was developed with version 2 of hidden services which are still in place work as expected. Unfortunately HSv3 do not integrate smoothly into the OnionCat concept but nevertheless, with a few additional steps Onioncat still will run perfect with these new HSv3 services.

This HowTo explains how to setup three systems to connect to each other using HSv3. It does not explain technical details, why everything is done in such a way, it simply shall be a step by step procedure to success.

In the following explanation there are three hosts, named onioncat-A, onioncat-B, and onioncat-C which may be any system anywhere in the Internet. This Howto was based on a clean Debian Linux installations but it shall work straight forward on any other system.

Continue reading

OnionCat Repository Moved to Github

It was almost exactly 10 years ago that we started to run our OnionCat SVN repository for managing the source code.

As of today, the 9th of January 2018, the OnionCat source repository has moved to Github at https://github.com/rahra/onioncat.

This also solves the mailing list problem. To be honest, the mailing list never really worked reliably, just occasionally. All issues can now be discussed directly on Github within the issue tracker.

Evading Firewalls With OnionCat

You operate your own server running some web services, a mail submission service, an IMAP service, of course ssh for maintenance and several other services? But unfortunately you cannot reach any ports except 80 and 443 as soon as you are somewhere in a public Wifi because of firewall restrictions? Then OnionCat is your friend 🙂

This article explains how to evade a firewall to access your own services in the Internet. Continue reading

OnionCat on Android

Screenshot_2015-09-05-12-17-01This article is about how to compile and run OnionCat on Android. Unfortunately, there is no Android app which simply enables it, due to the lack of programming power.1 But if you are familiar with compiling projects and using ADB and the command line, this should be no big deal for you. Here’s how it works! Continue reading

  1. But OnionCat is a free project, thus you are invited to write a simple Android app for it 😉

OnionCat Mailinglist Up Again!

Sorry, forgot to post this here: the mailing list is up again (since about 2 months 😉 )

OnionCat Mailing List Down!

Unfortunately, we encountered some problems with the mailing list. It will be repaired as soon as possible!

OnionCat Mailinglist

After a long time living without mailing list, it is back up again. To subscribe to the OnionCat list send an email to onioncat-subscribe@onioncat.org or register at the following URL http://mx01.services.blackmesa.at/cgi-bin/mailman/listinfo/onioncat.