Onioncat errors

i’m trying to get secure vpn capability from whonix box to whonix box over tor

is onioncat the best solution for this?

i’m following the whonix onioncat instructions but getting errors

https://www.whonix.org/wiki/OnionCat

on the workstation i do

sudo apt-get update
sudo apt-get install onioncat

and it installs but gives this error during install

dpkg: error processing onioncat (–configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
onioncat
E: Sub-process /usr/bin/dpkg returned an error code (1)

and when starting onioncat like this

sudo ocat address.onion -U -l 10.152.152.11:8060

it fails and says

ocat: invalid option – ‘U’

It is not clear this is a problem with onioncat. The problem is the dpkg error. Somehow your system’s package management is broken. This needs to be fixed, otherwise you run into a lot other issues.

i'm trying to get secure vpn capability from whonix box to whonix box over tor

is onioncat the best solution for this?


On the same computer / local network or in different physical locations?

okay, i will clean install the workstation and see if this error occurs again

not on the same local network

different physical locations, wanting to go across the internet with a whonix box on each end

Depends on what you want to do exactly?

Remote administration? Then vnc and/or ssh over hidden services (Onion Services - Whonix) would do more than good enough.

i’m wanting to do a few different things. but there are a couple custom apps that i need to interact as if they are on a local network, so vnc or ssh probably won’t work for those.

more on the error

i clean installed whonix a couple times and found out more.

the same error happened to me again in a clean whonix workstation.

i figured out that onioncat was looking for the tor package to be installed on the same machine.

when i install the tor package into the workstation and then install onioncat it seems to install fine without the error.

but obviously with whonix tor is not supposed to be installed in the workstation.

is onioncat compatible with the two vm gateway/workstation configuration of whonix?

have others got onioncat working over the internet in the whonix workstation?

Feel free to install the Debian tor package on Whonix-Workstation. There won’t be Tor over Tor by default. It will be disabled by default. Because of GitHub - Whonix/anon-ws-disable-stacked-tor. anon-ws-disable-stacked-tor also “Provides: tor”.

This also explains why onioncat cannot be installed. Because it expects Tor’s sysvinit script to be enabled beforehand. This is a bug in anon-ws-disable-stacked-tor.

HulaHoop had onioncat working, I think. And I had onioncat working. We developed and tested these instructions using onioncat:
https://www.whonix.org/wiki/OnionCat
Especially:

[hr]

Anyhow. Not idea if onioncat is the right tool for your use case. It’s not a VPN in the sense that it forces all connections through the VPN. It provides a virtual network interface. Securely connects two endpoints. Two way communication while you only need one hidden service.

Dunno if OpenVPN in TCP mode over a Tor hidden service would work well for your use case. (Because OpenVPN forces all connections through Tor and I don’t know if you want to allow exceptions for connecting by only using Tor.)

thanks, installing tor into the workstation before installing onioncat does work for getting it installed without error.

i can now launch onioncat on the server and client machine and the virtual ipv6 tun device comes up with sudo ifconfig.

yeah, i don’t know if i’ll be able to get my apps to work natively with onioncat.

a vpn like openvpn would probably work but i’m looking for tor location anonymity on both ends.

so i’m wondering how i could do one of the following

  • layer openvpn on top of onioncat

  • connect openvpn through hidden service without onioncat (might be what you were mentioning?)

“Dunno if OpenVPN in TCP mode over a Tor hidden service would work well for your use case. (Because OpenVPN forces all connections through Tor and I don’t know if you want to allow exceptions for connecting by only using Tor.)”

i don’t need any clearnet exceptions. only tor connections.

a vpn like openvpn would probably work but i'm looking for tor location anonymity on both ends.
I don't think OpenVPN opposes anonymity on both ends.
* layer openvpn on top of onioncat
Needlessly complex. Not necessary / useful as far I can see. (extra encryption layer aside)
* connect openvpn through hidden service without onioncat (might be what you were mentioning?)
Yes.
i don't need any clearnet exceptions. only tor connections.
If I remember correctly, anything can be done with OpenVPN. Historically it's first/primary use case was to create secure LAN over insecure networks. Using it to route all traffic through another computer for anonymization purposes is just a "bonus".

for simple uses like VNC and SSH you don’t need onioncat. Normal Tor Hidden Services can do what you want. However to make access to your Hidden Services private (like a VPN) you need to set up Authentication: Onion Services - Whonix