Yes, but there are only a few vpn providers that work this way. The more common way would be to connect to your vpn first.
@Melita -- You can, but it's not so easy. First, I wouldn't use Tor browser, because the browser controls the Tor client. It's better to use the "Expert Bundle" from https://www.torproject.org/download/download.html.en Second, you must configure OpenVPN to use a Tor SocksPort, just as with any app. To do that, you add something like "socks-proxy 127.0.0.1 9050 foo" and "socks-proxy-retry" to the OpenVPN config file. You may not need "foo". Last I used this, there was a bug in OpenVPN that required a value for the SOCKS authorization passphrase. Even if (as for Tor) there isn't one. And it could be anything. Anyway, with that in place, the VPN should connect via Tor. But you can't just use Tor browser, because it will only connect via Tor SocksPort. You can fix that, but then you stand out as someone using Tor browser without Tor. Better to just use locked-down Firefox. Also, you'll want firewall rules that prevent all apps except Tor from using the machine's LAN adapter. And that prevent Tor from using the VPN tunnel.
Tor Expert Bundle This installer must be run as Administrator. I take it you can not use it in a LUA (Limited user account) in XP or can you set it up in Admin account and then run Tor in LUA? TBB can be setup and run in a LUA which is more secure than running XP in Admin account.
There are pro's and con's to both approaches. Taking the "devil's advocate" position on this thread. If you elect to connect to TOR and then your VPN you sacrifice what I perceive as one key attribute of TOR. Namely; auto rotate of the circuit every 10 minutes or so. By connecting to your VPN and then using TOR in the bundled package (or using Whonix), your exit node IP will rotate every 10 minutes. As Mirimir noted above, AirVpn has a great client which makes going the TOR first route pretty easy. I have played with that client and its coded open source so you can change it any way you want. Where I live I feel its detrimental to have my ISP know I use TOR as opposed to a VPN. By locking into a VPN tunnel and then connecting to TOR my ISP has no idea I ever use TOR.
This is an enormous amount of help here A big Thank you to all of you. Is it possible to configure the computer to dump the internet connection if the VPN is disconnected unexpected
Many custom VPN clients prevent VPN-bypass leaks. In Windows, I wasn't able to get those from AirVPN, IVPN, Mullvad, Perfect Privacy or SlickVPN to leak. You can also use Windows Firewall. Basically, you set LAN as a private network, and the VPN tunnel as a public network. Then you allow only connections to desired VPN servers on LAN aka private network.
When this is done will the internet connection drop if the vpn disconnects inadvertently? Is there a tutorial somewhere showing how to do this? I don't have much knowledge about networks.
It's not so much that a connection will drop. It's just that only the VPN client can connect through the LAN interface. Everything else can only connect through the VPN. If the VPN connection goes down, then nothing connects. I already told you as much as I remember about configuring Windows firewall. You'll find all sorts of guides about that. But most of them have it backwards. That is, they focus on blocking LAN use by particular apps, rather than blocking everything and allowing the VPN client. If you don't want to take time to figure it out, I recommend just using a custom VPN client that doesn't leak. Such as AirVPN, IVPN, Mullvad, Perfect Privacy or SlickVPN.
I agree with Mirimir for those that just want a basic lock to work. That said we both write and use our own firewalls. I like to set mine so that IF a connection breaks ONLY I can manually re-establish it. With dependable vpn servers a "drop" only happens once a month or less for me and I live online. Most of the clients do a great job and will automatically reconfigure and re-establish a vpn tunnel without leaking anything. I also don't allow LAN devices to see or get a "ping" from my hobby computers. They are on separate LAN hardware from the rest of the house.
There is also another aspect when it comes to setting VPN as final output to the Internet. It is probably important to know, because using two different anynymisation technologies are for paranoid threat-models. If VPN provider would know who you are, they can deanimise you regardless of using Tor. How they can know who you are: 1. You probably need to pay them for VPN. They can connect payment to your person probably easier than track you Tor connection. 2. All your data goes through VPN. This means VPN provider tunnels unencrypted metadata and even some unencrypted data (depends whether you use end-to-end crypto). One need to carefully consider that in order to evade deanonimisation.
Has anyone tried running a tracert on a windows computer while connected to a VPN? Does it reveal the ISP assigned IP address of the local router? At the cmd promt, tracert google.com
If it does, something's wrong. Generally, the first address should be the device on the VPN tunnel network. The second should be the VPN exit.
Yes but what happens to the original direct connection to the ISP? I kinda assumed the VPN was a second interface created after the connection to the ISP was established so they would both be active at the same time... That's why I wondered if a trace route would show one or both of them.
Yes, both interfaces are there. But OpenVPN clients modify the routing table, so that traffic preferentially uses the VPN interface.
Hello Mood, It's no very clear for me that Tor through/over VPN (meaning MyPC -> VPN-> Tor) is more secure because of the potentially malicious Tor exit node (spying, malware injection....). And it's not very clear for me either that VPN through/over Tor is more anonymous, as the path trough Tor network become static. Nevertheless, connecting VPN over Tor as the benefit to allow to route UDP traffic through Tor Network. But I disagree concerning what Boleh blogger wrote at the end of his article ("combining the use of both helps make it harder for anyone online to identify you") because no one knows what happens in this "Tor over Tor" case. The 2 Tor paths may be entangled in an unpredictable way, there may be loop(s), and no ones knows the implication of all that concerning anonymity. Hello Mirimir, If I will prevent one given application (say utorrent...) to expose my ISP IP in case of VPN disconnection, is it sufficient to allow utorrent connections to public network only (assuming that LAN is private and VPN tunnel is public, as you adviced)??
If you use that firewall setup, you don't need to allow specific apps. Just allow everything out on public aka VPN.