Different VPN Access Methods (Thread to end all threads)

notthatguy · #1 May 23rd, 2012, 07:41 PM

In this thread I'm going to go over the advantages and disadvantages of accessing a VPN through the different methods.

Then leave this up for discussion on which method you think is more secure OR anonymous.

YOU → VPN → TOR

BENEFITS

1. Greater flexibility. This way, you can reserve your 'VPN --> Tor' configuration for dealing with only the most mission-critical/confidential data... while still being able to use the VPN by itself for the bulk of day-to-day activity (which probably isn't as privacy-sensitive).

2. Neither my ISP nor my VPN provider can see my final destination. Sure, there's always the risk that a rogue Tor exit node could be sniffing traffic... but as long as you are careful to keep your Tor activity 100% separate from your real-world identity, it isn't going to matter. I say, let the rogue exit nodes sniff all they want... they're not going to find anything useful anyway.

3. You keep your "expendable men" on the front lines. In other words, if a Tor node gets blocked by a remote site, so be it--there are plenty of others to choose from. But if one of your VPN servers gets blocked, it could potentially become much more of a hassle.

4. If an adversary tries to plant a "bug" on you in order to bypass your Tor connection, you still have the VPN as a last line of defense since it's protecting the entire network... as opposed to Tor, which only gives you application-layer protection.

DISADVANTAGES

1. VPN provider see's where you're coming from.

2. Exit Node can see your traffic.

YOU → TOR → VPN

BENEFITS

1. Additional privacy layer (our VPN server will not see your real IP address but the IP of the TOR exit node)

2. Option to connect to web sites under TOR protection, even to those sites which refuse TOR connections

3. Usage of TOR even by the programs which don't support it

4. Access to TOR from all the applications transparently: no need to configure each application, one by one

5. Avoidance of any traffic discrimination from TOR exit nodes (packets are still encrypted when they pass through TOR exit node)

6. Major security layer in the event you pass through a compromised/malicious TOR exit node (packets are still encrypted when they pass through the TOR exit node)

DISADVANTAGES

1. Less flexibility. If all traffic is being forced through Tor, it'll severely limit your ability to do P2P, audio/video streaming, or any other bandwidth-intensive activity... not to mention it's a waste of bandwidth in general for any activity where you don't really need that much protection.

2. My ISP can't see my traffic, but they can certainly see that I am using Tor... which might inadvertently make me a "person of interest" in the eyes of a strong adversary. Conversely, connecting to a VPN server in a relatively friendly jurisdiction won't look quite as suspicious... as there are seemingly more legitimate reasons for a "Westerner" to be connecting to a VPN as opposed to Tor. Maybe I am over-analyzing this, but that is just my personal opinion.

3. With your VPN on the front lines, you could still end up losing your VPN account due to complaints or TOS violations. When it comes down to it, I'd rather have an expendable Tor node take the "heat" for some frowned-upon activity, than to sacrifice my precious VPN.

4. Unless you're 100% certain that your financial transaction with the VPN cannot be traced back to you, there's a greater chance for the VPN to be linked to your real-world identity. If all an adversary has to do is "follow the money", it won't really matter how many of layers of anonymity (i.e., Tor) exist between you and the VPN server.

Thanks to Pauly Defran, Casper Face, mirimir for providing this info.

nuphorce · #2 May 26th, 2012, 06:39 AM

Thanks for posting this. In Windows what is the best way to setup ISP -> VPN -> TOR?

I have OpenVPN installed but when I run Tor using the Browser Bundle with the VPN connected it doesn't seem to work.

mirimir · #3 May 26th, 2012, 03:42 PM

@notthatguy

That's a good summary. Thanks

Quote:

Originally Posted by nuphorce

Thanks for posting this. In Windows what is the best way to setup ISP -> VPN -> TOR?

I have OpenVPN installed but when I run Tor using the Browser Bundle with the VPN connected it doesn't seem to work.

If you can browse through the VPN, Tor should connect. But it's been years since I used VPNs and Tor in Windows, so maybe I've forgotten. VPNs in Windows use tap adapters (rather than tun, which is standard in Linux) and they're temperamental.

You could run VMware Player, with Tor running in a Ubuntu VM. I'm almost certain that will work, and it isolates your Tor activity.

notthatguy · #4 May 26th, 2012, 05:04 PM

I'm still trying to fully understand using Multiple VPN's, so here's my questions...

Using the following connection

YOU → VPN 1 → TOR → VPN 2

Your data leaves you and reaches VPN 1, where it is then sent to TOR and then it finally reaches VPN 2. At VPN 2, your data it is then decrypted by VPN 2 and a connection is made with the server.

Here's my question if I understand this correctly.

VPN 1 & TOR have no idea of what is going through their server, as it is encrypted correct?

Therefore VPN 2 see's all information that you transmit across its network? but has no idea of the originating IP?

What is the benefit of using multiple VPN's? If you were only using YOU → VPN → TOR your VPN provider would still not be able to read your data.

Am I missing something?

God this stuff is interesting

mirimir · #5 May 26th, 2012, 06:24 PM

Quote: