DD-WRT Multiple VPN's?

Discussion in 'privacy technology' started by notthatguy, Sep 17, 2013.

Thread Status:
Not open for further replies.
  1. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    If a DD-WRT router is setup to use Open VPN and is connecting to a VPN, then connecting to a VPN off of your computer that is connecting to that router wouldn't it essentially chain the two VPN's?

    DD-WRT Router configured to VPN 1

    Computer Connects to Router, then connects to VPN 2

    Computer -> VPN 1 -> VPN 2

    If my logic is off here please correct me
     
  2. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Instead of chaining VPNs, why not just use Tor because Tor is just an automated, three-hop VPN chain? Tor Browser Bundle beats VPN chaining by a long shot, especially since it is so easy to set up compared to a VPN chain. Plus, Tor is just as secure if not more so than your own manual three-hop VPN chain. I just use Tor and MAYBE have an extra VPN behind Tor, giving me 4 hops in total.
     
  3. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    Thanks for replying well aware of TOR but am not interested in using it with my current home setup. TOR is a bit more than an automated three hop VPN chain, especially considering recent malicious code attack, default enabling of java-script, anonymous Botnets that are still going on, unknown exit relays, and the overall stigma attached to it. I'd prefer to use VPN's for my home computer daily browsing.

    Anyone know if my original post makes sense? Any issues I would be worried about if running VPN's chained in that manner?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    @notthatguy

    Yes, that would work. It would also work to chain multiple DD-WRT routers, each set up for a different VPN. Chaining VPNs works the same way, whether you use physical DD-WRT routers or virtual routers. I've used pfSense for my virtual routers instead of DD-WRT or OpenWRT because it has a very easy to use webGUI. Using DD-WRT or OpenWRT VMs would be much lighter, but also much harder to set up properly.

    Also, Tor does provide far better anonymity than chaining VPNs does. That's mainly because the client picks routes from thousands of relays, and changes routes at ten minute intervals. Doing something like that with VPNs would be unworkable in numerous ways -- account management, anonymous payment setup, overall expense, etc. But Tor is slower than a good nested VPN chain, it's latency is much larger (1-2 seconds vs 0.2-0.3 seconds) and it only handles TCP traffic. VPN->Tor->VPN is a nice combination :)

    The bit about Javascript vulnerabilities just reflects the Tor Project's default choice for NoScript. There's no underlying vulnerability in Tor itself. Just having NoScript installed protects against some exploits, and having it set to allow scripts globally arguably helps protect overall anonymity, because users are less likely to mess with it, and create unique sets of rules to allow scripts on their favorite sites.
     
  5. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    I recently tried something similar to original post,

    Tomato router with VPN 1 and then tried Mullvad software client

    so

    VPN1 > VPN 2 (via mullvad client)

    It did work, I went into ipleak.net and it showed the last VPN (mullvad) exit IP, it also showed an IP from first VPN provider, speed was fine did not see much speed differences and general surfing was fast and safe. Felt more safer also, perhaps since an adversary would have to go through 2 companies, but only the last VPN provider to really see anything. Then I guess it depends on how good both VPNs or the last exiting one was to begin with.

    I have been unable to run VPN with Tor however, even if I do set my config files to connect to socks Proxy sever/port of tor I think this is a big draw back of having a openVPN router. Tor over VPN works fine.

    I had no idea pfsense can be used as a virtual router ? I guess in theory this would be better then a physical router in one way since it removes the 7-8meg limit that physical VPN routers have!
     
  6. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    Awesome Mirimir can always count on you for a solid answer! Will consider tossing Tor into the mix.

    In regards to pfSense I know you said your working on a tutorial, are you planning on adding a virtual router portion into that tutorial? Would be a life saver. Going to start researching Pfsense more over the next few weeks.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, it will cover pfSense in detail.

    Look in the "Why should I use a VPN?" thread, about the middle, for the most recent setup on Wilders. There's also my draft video tutorial at Vimeo.
     
  8. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    That is correct. Tor is an automated, changing proxy chain. It is the best anonymity system for surfing the internet anonymously. And the slightly slower browsing speeds are more than bearable. In fact, hardily notice Tor being any slower than using a VPN or my unprotected ip address for surfing online.

    Are you sure about that? I think it is best to disable scripts globally with NoScript and never allow any scripts. I always disable scripts with NoScript whilst using Tor.

    It is safe to assume all exit nodes are run by adversary, which can inject malicious code through scripts to expose your real ip. So to protect yourself from scripting-related exploits in Tor Browser Bundle, you MUST disable scripts globally

    Disabling scripts globally can be very inconvenient, because I cannot use any of this forum's buttons (no emoticons, bold, italics, underline, pictures, etc). These functions all require scripting, but I will under no circumstances allow scripts globally, because that will compromise Tor's security. So to get around this problem, I learned how to use markup language and html tags.

    That way I can bold, italicize, underline, add picture links, add emoticons and etc without the use of scripts. It is less convenient to have to manually type all of the markup and html tags, but that's the price I have to pay in order to keep Tor browser secure and untraceable.
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
Loading...
Thread Status:
Not open for further replies.