About OnionCat

oc_torOnionCat is a VPN-adapter which allows to connect two or more computers or networks through VPN-tunnels. It is designed to use the anonymization networks Tor or I2P as its transport, hence, it provides location-based anonymity while still creating tunnel end points with private unique IP addresses.

oc_switchOnionCat uses IPv6 as native layer 3 network protocol. The clients connected by it appear as on a single logical IPv6 network as being connected by a virtual switch. OnionCat automatically calculates and assigns unique IPv6 addresses to the tunnel end points which are derived from the hidden service ID (onion ID) of the hidden service of the local Tor client, or the local I2P server destination, respectively. This technique provides authentication between the onion ID and the layer 3 address, hence, defeats IP spoofing within the OnionCat VPN.

If necessary, OnionCat can of course transport IPv4 as well. Although it has native IP support, the suggested way to do this is to configure an IPv4-in-IPv6 tunnel.


The first ideas of this project were born in 2006. The original intention was to solve the DNS leakage problem of Tor, then. Although OnionCat does not solve this problem, it became a very useful and yet mature solution to address a different problem: running a VPN on top of Tor including an automatic secure and unique method of addressing.

OnionCat is released under GPLv3 and was presented to the public at 25th Chaos Communication Congress. The recording of the talk is found on Youtube.

Several articles about OnionCat are found at Cypherpunk.at.

1 comment

    • Anonymous on November 19, 2019 at 7:14 pm
    • Reply


Leave a Reply

Your email address will not be published.