Chaining VPNs between host/VM?

My scenario:

I startup xerobank on my laptop. When I launch the VM and surf the web, I see that the IP is the xerobank IP, even within the VM.

Sooo... can I launch another VPN inside the VM as well, such as perfect privacy or the like, and will that mean I'm connecting to the PP machines through the xerobank network?

I'm asking a purely technical question. I'm aware of the issues re: chaining proxies and the need to ensure end to end encryption. Speed is not an issue for me, and it just seemed that it would provide another layer, but I'm not clear on the interaction of the adapters from within the VM to the host machine under these circumstances.

 

So your connection would be perfect privacy tunneling through Xerobank? And you would go through Xerobank and then on to PP? That would be a pretty neat trick, LOL! But what IP would PP see? Would they see Xerobank because you had to go through their system first? Or would PP see *your* true IP since PP is connected directly to your computer?

 

remember: think straws.

 

Yes. You're sharing the host's internet connection, which is routed through the XeroBank VPN.

Yes, that works. From the perspective of the VPN client running on the guest, the guest is sitting at the XeroBank exit node. Given that XeroBank accounts permit multiple connections, you can run XeroBank on both host and guest, using different entry-exit combinations, to verify that this works. FWIW, you can store the guest in a TrueCrypt file.

Latency is the killer for this. Also, if better anonymity is your goal, you need to consider how you'll pay anonymously.

Although it's somewhat mind-boggling, it's actually rather simple. Let's say that your host has one physical NIC, which we'll call NIC-host. XeroBank VPN creates a TAP adapter, which we'll call TAP-host. It's the preferred connection when XeroBank is connected. Although traffic is routed via TAP-host, it's of course transported in encrypted form via NIC-host.

The guest has a virtual NIC, which we'll call NIC-guest. The VPN running on the guest creates a TAP adapter, which we'll call TAP-guest. It's the preferred connection when the guest's VPN is connected. Just as in the host, traffic is routed via TAP-guest, but is transported in encrypted form via NIC-guest.

NIC-guest is NATed to the host's preferred connection, which is TAP-host when XeroBank is connected (and NIC-host when it's not).

 

Yes, as Steve says, straws.

PP would see the XeroBank exit node IP, just like anything else on the net does.

With XeroBank, nobody sees your true IP except XeroBank (and it doesn't tell itself what you're connecting to).

 

Are you alluding, perhaps, to the problem of sucking on a collapsed straw?

Although people make fun of Al Gore's tube analogy, it's actually not bad. Virtual tubes within virtual tubes.

 

Hierophant - thank you for the detailed reply (I'm not requoting them all here). I did a test and found that yes, it did work! As far as paying for VPNs anonymously, there are certainly ways to do that (legitimate ways). Since I have no plans to fall afoul of any global adversaries or break any laws, using xerobank as the first on the chain is adequate for my needs.

Having said that, I'd like to make the same point others have made in other places on these forums: if you're going to engage in a criminal enterprise of any significance, all the VPN QandA on these forums isn't going to give you the anonymity you need. Once the long arm of the law weighs in and court orders are involved, game over.

It's one of the reasons I don't like the predictive models some throw up, by that I mean the "what if..." and then using a criminal enterprise as the example. I think fifth column efforts are the better model and are more realistic on this playing field. For example (and this IS just an example... my mother is Catholic) if I started posting up a bunch of legally obtained but extremely injurious information about the Catholic Church, what failsafes exist to protect my identity? In that model, it's not likely that court orders will become involved, but you run the risk of deeply offending Catholics generally... and they could be employed in any country or by any company. Who can say what a good person will do when required to choose between loyalty to a company and general respect for privacy and the church they believe is the one true way?

To put it in shorthand: I prefer the journalistic model when I query VPN providers and not the criminal model. I'm interested in any views on this.

Thanks again for the answer.

 

My pleasure, JustTheFacts. Have fun, and play safe