chaining vpn help

Discussion in 'privacy technology' started by noob1, Jan 10, 2013.

Thread Status:
Not open for further replies.
  1. noob1

    noob1 Registered Member

    Joined:
    Jan 10, 2013
    Posts:
    2
    Location:
    france
    hy

    I hope i will make myself clear enough; i have a lot to improve my english (any criticism is welcome ).
    I thought a security forum is the best place to discuss this, rather than vpn providers.
    First of all i want to tell you that i understand very well tactical and strategic of security risks but i'm quite new to the technical approach of security and anonymity. For what i read in the past few month ( more i read more complicated it becomes :) ) i understand that theoretical is safer to chain more layers of security/anonymity (vpn, socks, tor, etc..). That seems pretty logic, taking in consideration that trust have lot to do with security. Since now i was using only one layer of sec/anon, not that i have trusted it, but i simply didn't care because i didn't knew all the risk. Now, is not like i need all that security but i dont feel good either, in some case i feel like someone just could read my thoughts; so for that cases i will want to use chaining just to feel better.
    I am looking for tutorials,tips etc.. about chaining sec/anon layers on ubuntu
    I did found some good explanation concerning tor chaining setup with command for ubuntu terminal( seems they have good community ), but i want to test also some chaining about i read and research fount lots of info( but just didn't find step by step tut for linux/ubuntu);

    ex:
    1 openvpn A >> openvpn B ( A,B = different providers )
    2 openvpn >> socks5
    3 socks5 >> openvpn
    4 socks5 >> openvpn >> socks5
    5 tor >> openvpn >> socks

    I understand that all this was already discussed, but i'm looking for some technical detail for linux/ubuntu ( setup instruction step by step, any reference in the right direction, i would really appreciate any help )

    thanks in advance


    ps: mods feel free to move this if this isn't the right place
     
  2. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,414
    When ever someone mentions sock5 proxies I feel they are usually either carding or hacking.

    Socks5 proxies are logging up the wazoo and are honeypots.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    While I understand your concern that some who post here may be up to no good, I don't believe that it's useful to make assumptions. I won't help those who are clearly asking about doing evil, and you're welcome to call me on that promise if I do.

    That may be so. But there's no way to really know who's logging. So it's prudent to assume that everyone is logging, and to plan accordingly.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    It's wise to use services that you trust, because they have good reputations. But you never know for sure, so it's also wise to combine services for redundancy aka failsafe. If either fails, you're still safe. You want components that don't share failure pathways, such as VPNs and Tor, or VPNs from different providers operating in different nations.

    Although it's possible to chain within a Linux machine, using routing and firewall rules, it's far easier using virtual machines (VMs). VirtualBox is best in Linux. Last January, I posted some step-by-step tutorials on using VMs for routing VPNs and Tor https://www.wilderssecurity.com/showthread.php?t=316044. One change: ra's Incognito [Tor] Gateway VM is now at -https://bitbucket.org/ra_.

    There's also the Whonix Tor gateway and workstation, from Wilders user adrelanos. I haven't experimented with them in chaining, however. I read recently on tor-talk that he's considering adding remailer support. That would be very cool, especially if he included the alt.anonymous.messages feature ;) Perhaps adrelanos can say more.

    That's in my tutorials. Alternatively, you can do that with just one VM. The host machine connects to VPN A. To block leaks around the VPN, install shorewall, and set it up as described in -http://xerobank.com/support/articles/how-to-harden-openvpn-in-12-easy-steps/. Then you have your desktop VM of choice (such as Xubuntu). In the desktop VM, you set up connection manager with VPN B. And you block leaks around the VPN using shorewall as above.

    I don't use SOCKS proxies, so I'll leave these for others. Given that some VPNs are quite inexpensive, I don't see why one would use SOCKS proxies.

    Anyway, I suspect that SOCKS proxies by default use an established VPN tunnel. I do know that OpenVPN has an option to connect via SOCKS proxy. And you can enforce all that with routing and firewall rules.

    I think that you'll need at least one VM for this, with one SOCKS proxy and the VPN client in the host machine, and the other SOCKS proxy in the VM.

    I recommend using Tor through a VPN, because VPNs are used for many purposes other than "being anonymous". See my tutorials.

    See my tutorials. I'll be happy to answer questions. It's time to update them, in any case.
     
    Last edited: Jan 10, 2013
  5. noob1

    noob1 Registered Member

    Joined:
    Jan 10, 2013
    Posts:
    2
    Location:
    france
    i also have seen on others forums few of those assumptions about socks5, so being no reason to use them,i understand it's better to avoid socks proxies, generate too much attention.
    Now will get on all that nice info

    thanks for the help
     
Loading...
Thread Status:
Not open for further replies.