Shadowsocks, Outline VPN and/or N2N instead the OpenVPN

[NiKola-UE]

Hello for all,

What do you think about these mentioned protocols that could replace OpenVPN and thus contribute to better decentralization and privacy? If for some reason it can't, then WireGuard can come in handy. All of the above are FOSS.

[rahra]

Is this a general question about these VPNs? Or what is context?

[NiKola-UE]

I simply think that the mentioned protocols can be used instead of the OpenVPN, which would result in greater privacy and decentralization. So, instead OpenVPN, some of the above would be installed or added; at least in the case of Windows. As I said, all of the above is completely FOSS. If for some reason it doesn't suit the OnionCat, no problems...

[rahra]

Ok, I think I understand what you mean.

Neither OpenVPN nor any other of them is needed by OnionCat at all.

The Windows version of OnionCat requires the installation of the OpenVPN because it uses the tunnel adapter supplied with OpenVPN. The tunnel adapter is the kernel interface which is a virtual network interface. This is used by OnionCat for tunneling the packets.

It is necessary because different from Linux, Windows has no such interface natively. And since I'm not very familiar with Windows programming I simply used the adapter from OpenVPN instead of rewriting all that code myself.

But again, OpenVPN itself isn't used at all. So there is no privacy issue.

[rahra]

The Windows HOWTO (https://github.com/rahra/onioncat/blob/master/doc/ONIONCAT_ON_WINDOWS.md) explains that it is sufficient to just install the "OpenVPN TAP Adapter" (instead of installing everything of OpenVPN).

[NiKola-UE]

Thank you for your answers.

I thought that the mentioned tools or protocols can replace OpenVPN because they are more private, decentralized, cross-platform, FOSS, safer and better, but if none of them can do it - that's fine, it can't...

Also, the official website onioncat.org is unavailable.

[rahra]

OnionCat is a VPN by itself and solely relies on Tor or I2P and does not need any other VPN software. As I said, on Windows the TAP adapter of OpenVPN is necessary as an interface but nothing more.

[NiKola-UE]

I think I better understand now. OpenVPN is used on Windows because of the Tap Adapter that cannot be replaced by anything, which the other listed protocols obviously do not have, no matter how flexible and better they are. I also understood how the OnionCat is installed on Windows, but it is not entirely clear to me whether the copyed text should be pasted into the "torrc" and "ocat.bat" files - at the beginning, at the end, or if all their original content should be deleted first, so that there is no errors when starting.

Windows or Mac are certainly not synonymous with privacy, but it is the same with Google: they are still the most popular and used, although everyone knows very well who and what they are.

Will the OnionCat be able to be used with some virtual machines (eg. Virtual Box), perhaps along the lines of Whonix, which I think would be much easier to set up?

[NiKola-UE]

I'm sure you know (you're a programmer, I'm not), but just to remind you: the mentioned protocols are not a VPNs and cannot be used independently without the "help" of third-party services, so I thought they could be used for that purpose with OnionCat. When you look at their repositories, you can see that Shadowsocks is a secure and fast tunnel socks5 proxy, designed to protect your Internet traffic and helps you bypass firewalls, Outline VPN a tool by Jigsaw that deploys Shadowsocks servers on multiple cloud service providers, N2N a layer-two peer-to-peer virtual VPN which allows users to exploit features typical of P2P applications at network instead of application level, VpnHood! a solution to bypass Advanced Firewall and can circumvent deep packet inspection, and WireGuard an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. N3N is a new network.

OpenVPN is freemium and centralized client and is not the best suited for keyboard and screen readers, which doesn't suit me at all as a blind user, while the mentioned, also FOSS clients do and suit me better because they are nicer and more flexible. If openVPN has to be used just because of the Tap Windows Adapter, maybe the solution is in their source code, so some of it can be implemented directly into the OnionCat, without a need for the OpenVPN's installation. In addition to the Tor and I2P (I2PD), you also can be add support to GMUnet.

[rahra]

but it is not entirely clear to me whether the copyed text should be pasted into the "torrc" and "ocat.bat" files -

I guess you are talking about the onion hostname. On Windows you have to put it into the ocat.bat startup file. There is the variable ONION_URL which has to be set to this hostname.

Will the OnionCat be able to be used with some virtual machines (eg. Virtual Box), perhaps along the lines of Whonix, which I think would be much easier to set up?

Yes of course! I think it is in the repository of Whonix and Tails.

[rahra]

OpenVPN is freemium and centralized client and is not the best suited for keyboard and screen readers, which doesn't suit me at all as a blind user, while the mentioned, also FOSS clients do and suit me better because they are nicer and more flexible. If openVPN has to be used just because of the Tap Windows Adapter, maybe the solution is in their source code, so some of it can be implemented directly into the OnionCat, without a need for the OpenVPN's installation. In addition to the Tor and I2P (I2PD), you also can be add support to GMUnet.

Yes, the solution is of course in their source code. But as I already said I have only a very basic understanding of Windows programming. So this could cause some headaches. And if somebody needs strong anonymity and a strong OPSec, he most probably will use some more reliable OS, such as Whonix or Tails, or some other Linux-based distro.

And yes, I could implement support for GNUnet. But OnionCat is not just a generic peer-to-peer VPN solution. It was specifically designed and programmed to be used on top of such networks which offer strong anonymity. These are Tor and I2P but not GNUnet. If somebody needs just "some" VPN, then there are a bunch of other solutions ready to go. You mentioned some of them yourself in the list above.

[NiKola-UE]

I think I understand you a little better now. If you don't know much about programming on Windows, I'm still a beginner in the field of anonymity and have very little technical knowledge, so maybe my ideas are so strange, although not impossible.

Perhaps the solution for a better implementation on Windows and some other systems would be if the OnionCat community of volunteers increased, so there would be more understanding for different operating systems. It's not easy for one person if he has to do everything by himself (even the official website doesn't work anymore), and it's a completely different thing when you're part of a team that cooperates with each other, but I can't help much there.

And for technical and other personal reasons, I simply can't move on Linux directly (for virtual machines is easier), but that's irrelevant here.

I could be wrong, but I think the Tap Windows Adapter can now be downloaded independently of the main OpenVPN application. If I guessed, OpenVPN may no longer be necessary for OnionCat.

Feel free to close this issue if you feel that everything that needs to be said has already been said.

[NiKola-UE]

As you know, into the file "torrc" is wrote (without the quotes):

"# This file was generated by Tor; if you edit it, comments will not be preserved

The old torrc file was renamed to torrc.orig.1, and Tor will ignore it

ClientOnionAuthDir C:\Users\username\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth DataDirectory C:\Users\username\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor GeoIPFile C:\Users\username\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip GeoIPv6File C:\Users\username\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6"

Should the text from the instructions be pasted before or after this or should this be replaced or completely deleted?

You also know that Tor has its own options for configuring proxies and bridges, and since the latest version there is an "Onionize" button on the home page under the search field. Yes, also has hidden options ("about:config"). So, you can create modified Tor Browser which is allready customized for OnionCat, that can be called OnionCat Browser or some similarly. In addition to source code, Tor also has a bundles for all supported operating systems for relays and all other items.

Windows 11 has some new features that should be familiarized with and examined in more detail.

By virtual machines, I meant that OnionCat can be used separately and independently in some of them.

Also centralized WireGuard is better than OpenVPN only because it is faster and that's where I was wrong. The rest that I have listed are decentralized client applications that do not provide any anonymity by themselves because they are not intended for that. Yggdrasil does not provide any anonymity, but it has three times stronger encryption than I2PD and support IPV6. I mention all this because I think some of it can be implemented in OnionCat which requires no installation, just like Tor, so I don't think it will be necessary anymore to use centralized third-party applications that require full installation. The new version of OnionCat will certainly offer a lot of new things.

One digression: Lokinet is a blockchain-based decentralized network which is wery different than Tor, Hyphanet (formerly Freenet) is good for file uploading and sharing, ZeroNet and Phantom can be good solutions for decentralized websites, Tomi is a relative new decentralized (still in the Alpha phase) project, while IPFS and SeaweedFS are good for decentralized file sharing and transferring and large data storage and saving it on the P2P nodes. So, using OnionCat with popular centralized VPNs is not mecessary and it can be wery bad, and even dangerous. I mention all this simply because in the development of the Web3, OnionCat will surely find and take its place, right?

[rahra]

About the Tor config: The HiddenServicePort und HiddenServiceDir go anywhere in the torrc file. Within the original torrc there is an example. You can uncomment and modify it accordingly.

About the Tor options: Tor's options such as bridges and proxies are related to the Tor network itself. It defines how your Tor client connects to the Tor network. OnionCat works on top of Tor, i.e. it requires that Tor already works and then it connects to your Tor client.

About the virtual machines: You can run Tor in a VM and OnionCat in a different VM and the connect with yet another VM (or PC) to that OnionCat. But this requires a deep understanding of networks, IP, and routing.

OnionCat is generally a general purpose (low layer) IP VPN which is based on Tor. It is made to fully connect computers or even networks to each other. Most other of these VPNs are not general purpose. Even Tor isn't. Tor can "just" tunnel TCP sessions. That's one reason why a plugged OnionCat on top of it: to have a generic IP connection between systems (such as an Ethernet switch does but just virually).

[NiKola-UE]

Thanks again for your patience and all the answers.

I think it's time to finally close this issue because everything that needs to be said has already been said.

When you release the next version of OnionCat, make it even better, more accessible, user-friendly for all supported platforms, more customizable, and preferably contain some of what we mentioned here.

Finally, as someone who truly fights for a free and safe Internet, I will mention another interesting FOSS project called

Lonero's Decentralized Internet,

that is theoretically very promising, but in practice it still cannot be used because the Internet as such is not yet and will not be decentralized anytime soon. The idea is really great, but the complete services will also have to be decentralized, which also applies to hardware, but it is still difficult to imagine and achieve...

Best regards

[rahra]

Thank you very much!

Since a very long time I think about producing a video for Youtube which shows how to setup and use it. But since my time is overfull with other stuff I was unable to do this so far.