A checked version of this page, approved on 12 April 2025, was based on this revision.

Using Tor for Onion Encryption / Authentication and NAT Traversal Only - Without Anonymity!

Not anonymous!

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

It is possible to make Tor on a server using a single Tor hop (only one Tor relay instead of three) by using Tor configuration options HiddenServiceNonAnonymousMode 1, HiddenServiceSingleHopMode 1. This is non-anonymous but faster. Server should use Onions Services Authentication. The advantage of this is to have a server which is:

reachable (for users having access to Tor) for NAT traversal, i.e. it works behind common NAT routers.
capable to secure inherently insecure protocols (such as VNC) by using the encryption / authentication provided by Tor Onion Services

Independently, if clients prefer speed over anonymity, they can configure Tor in Tor2Web mode, which means outgoing Tor circuits will have a length of one rather than three.

These two options combined reduce a 6 hop Tor connection to a 2 hop Tor connection. It's not anonymous, but providing NAT traversal as well as onion encryption / authentication.

https://forums.whonix.org/t/should-we-use-hiddenservicesinglehopmode-for-whonix-org-server

Server Side[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Server_Side Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Non_Anonymous_Onion_Encryption_and_NAT_Traversal#Server_Side|Server Side]]
Copy as Wikitext Click = Copy Copied to clipboard! [Server Side](https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Server_Side)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Server Side](https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Server_Side)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Server_Side]Server Side[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Open /usr/local/etc/torrc.d/50_user.conf.

If you are using Kicksecure inside Qubes, complete the following steps.

Qubes App Launcher (blue/grey "Q") → Kicksecure ProxyVM (commonly named kicksecure) → Tor User Config (Torrc)

If you are using a graphical Kicksecure, complete the following steps.

Start Menu → Applications → Settings → /usr/local/etc/torrc.d/50_user.conf

If you are using a terminal-only Kicksecure, complete the following steps. Click = Copy Copied to clipboard! sudo nano /usr/local/etc/torrc.d/50_user.conf

Add.

Click = Copy Copied to clipboard! HiddenServiceNonAnonymousMode 1 HiddenServiceSingleHopMode 1 SocksPort 0 HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 22 127.0.0.1:22 HiddenServicePort 5900 127.0.0.1:5900 HiddenServiceVersion 3 ## syntax: ## HiddenServiceAuthorizeClient auth-type client-name,client-name,… ## The auth-type can either be 'basic' for a general-purpose authorization protocol or 'stealth' for a less scalable protocol that also hides service activity from unauthorized clients. ## Valid client names are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no spaces). HiddenServiceAuthorizeClient stealth 1234567890123456

Save and exit.

Client Side[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Client_Side Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Non_Anonymous_Onion_Encryption_and_NAT_Traversal#Client_Side|Client Side]]
Copy as Wikitext Click = Copy Copied to clipboard! [Client Side](https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Client_Side)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Client Side](https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Client_Side)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Client_Side]Client Side[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Update the package lists.

Click = Copy Copied to clipboard! sudo apt update

Install Tor's build dependencies.

Click = Copy Copied to clipboard! sudo apt build-dep tor

^[1]

Create directory ~/tor-src.

Click = Copy Copied to clipboard! mkdir ~/tor-src

Change directory to ~/tor-src.

Click = Copy Copied to clipboard! cd tor-src

Download the Tor source package.

Click = Copy Copied to clipboard! apt source tor

Change directory to Tor source directory.

Click = Copy Copied to clipboard! cd tor-*/

Open file debian/rules in a text editor of your choice as a regular, non-root user.

If you are using a graphical environment, run. Click = Copy Copied to clipboard! mousepad debian/rules

If you are using a terminal, run. Click = Copy Copied to clipboard! nano debian/rules

Change:

Click = Copy Copied to clipboard! dh_auto_configure \ $(confflags) \ --prefix=/usr \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info \ --localstatedir=/var \ --sysconfdir=/etc \ --disable-silent-rules \ --enable-gcc-warnings-advisory

To:

Click = Copy Copied to clipboard! dh_auto_configure \ $(confflags) \ --prefix=/usr \ --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info \ --localstatedir=/var \ --sysconfdir=/etc \ --disable-silent-rules \ --enable-gcc-warnings-advisory \ --enable-tor2web-mode

Open file src/or/config.c in a text editor of your choice as a regular, non-root user.

If you are using a graphical environment, run. Click = Copy Copied to clipboard! mousepad src/or/config.c

If you are using a terminal, run. Click = Copy Copied to clipboard! nano src/or/config.c

Change

Click = Copy Copied to clipboard! V(Tor2webMode, BOOL, "0"),

To

Click = Copy Copied to clipboard! V(Tor2webMode, BOOL, "1"),

Build the Tor package.

Click = Copy Copied to clipboard! debuild

^[2]

Footnotes[edit] Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Footnotes Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Non_Anonymous_Onion_Encryption_and_NAT_Traversal#Footnotes|Footnotes]]
Copy as Wikitext Click = Copy Copied to clipboard! [Footnotes](https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Footnotes)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Footnotes](https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Footnotes)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Non_Anonymous_Onion_Encryption_and_NAT_Traversal?oldid=93863#Footnotes]Footnotes[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Kicksecure

A secure by default operating system with the latest security research in place.

Dark mode

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!

↑ Click = Copy Copied to clipboard! sudo apt install zlib1g-dev libevent-dev asciidoc xmlto libsystemd-dev
↑
- https://github.com/globaleaks/Tor2web/wiki/Installation-Guide
- https://github.com/globaleaks/Tor2web/issues/327

[1] Click = Copy Copied to clipboard! sudo apt install zlib1g-dev libevent-dev asciidoc xmlto libsystemd-dev

[2] 
https://github.com/globaleaks/Tor2web/wiki/Installation-Guide

https://github.com/globaleaks/Tor2web/issues/327

[3] ttps://github.com/globaleaks/Tor2web/wiki/Installation-Guide

[4] ttps://github.com/globaleaks/Tor2web/issues/327

[1]

[2]

Non Anonymous Onion Encryption and NAT Traversal

Contents

Navigation menu

Non Anonymous Onion Encryption and NAT Traversal

Navigation menu

Search

Disable server cache for this browser

Debug vis URL