Connecting TOR Network through multiple VPNs

Discussion in 'privacy technology' started by Edmerf, Oct 20, 2014.

  1. Edmerf

    Edmerf Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    2
    I want to make a setup like this:

    Me--->VPNX--->VPNY--->TOR--->Internet

    The reason why I want to do something like this is because I want to hide the fact that I'm using TOR from my ISP and avoid being backtraced to my ip if something happens in TOR network. I thought of connecting tor through just one vpn but I also don't want the vpn to know what I'm doing and my real ip at the same time. With the setup above, my guess is VPNY will see the information I'm sending and what I'm trying to do but don't know my real ip because the traffic is tunneled through VPNX. At the same time VPNX will know my real ip but it won't know what I'm trying to do and the information I'm sending. (even if they keep logs they won't be able to know because the info I'm sending is encrypted from me to VPNY right? I need someone to clarify that)

    So if the setup above is technichally possible, then I need some help to set it up. I'm thinking of using VM over VM to make this happen.

    Ok so let's say "OS A" is my host os, "OS B" is my VM running on OS A and "OS C" is my second VM that is running on OS B. I connect to VPNX with OS A then bridge/NAT (need some help here about using these options) the connection to OS B. Then I connect to VPNY with OS B and do the same thing to OS C. At the end I connect to TOR network with OS C and all set up. Is this correct? If so, then is there an easier method to achieve what I'm trying to do?
     
  2. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I could do that fairly easily. I have a router set up with TomatoUSB with OpenVPN as my base VPN. I can add another one using OpenVPN or VPNGate client software in a laptop and run another client on top of that in a VM in that laptop and TOR in that VM.

    I have all my wifi connections VPNed at the router which makes it easy to layer VPN connections on top of my base VPN. It is also possible to cascade routers and have a second VPN connection on a second router. It is as simple as connecting a LAN port to the second router's WAN port and setting up the WAN port for DHCP. Very simple because that is usually the default setting on the WAN port.

    There are lots of threads already on Wilders about this sort of thing using VMs. Mirimir is our VPN guru here and you can start by looking at some of his threads.
     
    Last edited: Oct 21, 2014
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I have guides on iVPN's website that cover this. See my sig.

    I use pfSense router/firewall VMs as VPN clients. For Tor, I recommend using Whonix VMs.
     
  4. Edmerf

    Edmerf Registered Member

    Joined:
    Oct 20, 2014
    Posts:
    2
    I have read your guides and they are perfect for a starter. That info in your guides are what I've beeb looking for.

    So I searched a bit about VM setups and Whonix VM and it looks like a good way to achieve what I'm trying to do. What I understand is there are two seperate VMs running on host (Workstation and Gateway) and Gateway is bridged to host. That gives me the opportunity to connect VPNX with host os and VPNY with gateway VM. Then TOR connection is establised through both VPNX and VPNY under workstation VM.

    I want to clarify if that VPNX--->VPNY--->TOR setup is useful to avoid vpn servers from learning my info. One will know my ip and the other one will know the info I'm sending. Both neither of them will know these info together right? That's the thing I want to achieve at first place. I will use tor for hidden services mostly so being backtraced accidentaly is sonething that won't accept failure.

    Also is windows 8 safe enough to use as host OS? I can also make a setup with Linux on a clean pc if needed.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    :)
    That's close, but there's no bridging in that setup. VPNX does run in the host OS. VPNY runs in a pfSense VM, which is NATed to the host. If it were bridged, it wouldn't connect through VPNX, but rather through your LAN, and so directly through your ISP. Then there are two VirtualBox internal networks. One is shared by the pfSense VPN-gateway VM and the Whonix Tor-gateway VM. It's basically a local extension of the VPNY tunnel network (actually, it's a LAN routed from the tunnel network, which serves as WAN). The other VirtualBox internal network is shared by the Whonix Tor-gateway and workstation VMs. It's also basically a LAN.
    Yes, using two nested VPNs distributes trust, as you describe. So it's much harder for your ISP to know that you use Tor. It's generally better to be seen running VPNs than running Tor, I think. Even in repressive environments, Tor probably attracts more attention than VPNs do.
    I don't recommend that. It's better to use Debian 7.6 x64 as the host OS, and run Windpws as a VM (or better yet, on another machine).
     
  6. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    I would recommend Linux over Windows as a host too. The routers I use have Linux based firmware. I use Windows client machines but would not use Windows as a server or host. Security issues aside, Windows is very bloated. A base Windows install will use a lot of cpu and memory resources that could be dedicated to VMs. Linux can tailored to specific needs a lot more easily. If I wanted to have an OS just to host VMs, I would have that host OS be as light weight as possible. Windows is not good at being light weight.
     
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Agreed. Thumbs down on windows for a host. I run TOR after/on top of my VPN(s) network too. Smooth and decent speeds, but certainly not like 3 high end VPN's alone and no TOR. Of course for hidden services you must have TOR.

    Its nice to have options and with various VM's pre-configured you can change the circuit for the day's mission.
     
Loading...