I've come up with a bash hack for creating dynamic VPN chains in a Debian router with DHCP. There's an infinite while loop script which: terminates all openvpn processes uses shuf to randomly select a VPN server IPv4 from each of two lists (vpns0 and vpns1) writes an iptables ruleset for the VPN chain, and restores it writes an init script for each VPN server, which tweaks routing before connecting connects to the first VPN server, and waits five seconds connects to the second VPN server, and waits 15 seconds pings 22.214.171.124 via the second VPN if there's a response, waits 10 minutes, and then restarts the loop otherwise restarts the loop immediately The ip6tables ruleset drops everything. The iptables ruleset for each VPN chain: allows traffic only to vpn0 via enp0s3 allows traffic only to vpn1 via tun0 forwards enp0s8 via tun1 with masquerade Each vpn0 init script: deletes routes for 0.0.0.0/1 and 126.96.36.199/1 adds a route for vpn0 via enp0s3 starts openvpn with vpn0.conf Each vpn1 init script: deletes routes for 0.0.0.0/1 and 188.8.131.52/1 adds a route for vpn1 via tun0 starts openvpn with vpn1.conf It's at https://github.com/mirimir/vpnchains/. You get nested VPN chains, as with https://www.ivpn.net/privacy-guides/advanced-privacy-and-anonymity-part-1. However, there's no OS-level isolation between OpenVPN processes. While that's arguably less secure, it uses less resources. And it also facilitates changing the VPN chain periodically. So it's more like Tor. And without the forwarding and DHCP, the scripts could be used in a single machine or VM. Less secure still, but much lighter. The basic idea for this came from https://github.com/TensorTom/VPN-Chain. It just took me a while to get around to playing with it. Maximum uptime so far is about four days. Having a dynamic IPv4 address doesn't interfere with browsing and streaming. However, it does kill connectivity with BitTorrent swarms, and you must restart the client. So for torrenting, you may want to increase the cycle period.