Different VPN Access Methods (Thread to end all threads)

Discussion in 'privacy technology' started by notthatguy, May 23, 2012.

Thread Status:
Not open for further replies.
  1. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    In this thread I'm going to go over the advantages and disadvantages of accessing a VPN through the different methods.

    Then leave this up for discussion on which method you think is more secure OR anonymous.



    YOU → VPN → TOR

    BENEFITS

    1. Greater flexibility. This way, you can reserve your 'VPN --> Tor' configuration for dealing with only the most mission-critical/confidential data... while still being able to use the VPN by itself for the bulk of day-to-day activity (which probably isn't as privacy-sensitive).

    2. Neither my ISP nor my VPN provider can see my final destination. Sure, there's always the risk that a rogue Tor exit node could be sniffing traffic... but as long as you are careful to keep your Tor activity 100% separate from your real-world identity, it isn't going to matter. I say, let the rogue exit nodes sniff all they want... they're not going to find anything useful anyway.

    3. You keep your "expendable men" on the front lines. In other words, if a Tor node gets blocked by a remote site, so be it--there are plenty of others to choose from. But if one of your VPN servers gets blocked, it could potentially become much more of a hassle.

    4. If an adversary tries to plant a "bug" on you in order to bypass your Tor connection, you still have the VPN as a last line of defense since it's protecting the entire network... as opposed to Tor, which only gives you application-layer protection.


    DISADVANTAGES


    1. VPN provider see's where you're coming from.

    2. Exit Node can see your traffic.


    YOU → TOR → VPN


    BENEFITS


    1. Additional privacy layer (our VPN server will not see your real IP address but the IP of the TOR exit node)

    2. Option to connect to web sites under TOR protection, even to those sites which refuse TOR connections

    3. Usage of TOR even by the programs which don't support it

    4. Access to TOR from all the applications transparently: no need to configure each application, one by one

    5. Avoidance of any traffic discrimination from TOR exit nodes (packets are still encrypted when they pass through TOR exit node)

    6. Major security layer in the event you pass through a compromised/malicious TOR exit node (packets are still encrypted when they pass through the TOR exit node)


    DISADVANTAGES

    1. Less flexibility. If all traffic is being forced through Tor, it'll severely limit your ability to do P2P, audio/video streaming, or any other bandwidth-intensive activity... not to mention it's a waste of bandwidth in general for any activity where you don't really need that much protection.

    2. My ISP can't see my traffic, but they can certainly see that I am using Tor... which might inadvertently make me a "person of interest" in the eyes of a strong adversary. Conversely, connecting to a VPN server in a relatively friendly jurisdiction won't look quite as suspicious... as there are seemingly more legitimate reasons for a "Westerner" to be connecting to a VPN as opposed to Tor. Maybe I am over-analyzing this, but that is just my personal opinion.

    3. With your VPN on the front lines, you could still end up losing your VPN account due to complaints or TOS violations. When it comes down to it, I'd rather have an expendable Tor node take the "heat" for some frowned-upon activity, than to sacrifice my precious VPN.

    4. Unless you're 100% certain that your financial transaction with the VPN cannot be traced back to you, there's a greater chance for the VPN to be linked to your real-world identity. If all an adversary has to do is "follow the money", it won't really matter how many of layers of anonymity (i.e., Tor) exist between you and the VPN server.



    Thanks to Pauly Defran, Casper Face, mirimir for providing this info.
     
  2. nuphorce

    nuphorce Registered Member

    Joined:
    May 13, 2012
    Posts:
    12
    Thanks for posting this. In Windows what is the best way to setup ISP -> VPN -> TOR?

    I have OpenVPN installed but when I run Tor using the Browser Bundle with the VPN connected it doesn't seem to work.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    @notthatguy

    That's a good summary. Thanks :)

    If you can browse through the VPN, Tor should connect. But it's been years since I used VPNs and Tor in Windows, so maybe I've forgotten. VPNs in Windows use tap adapters (rather than tun, which is standard in Linux) and they're temperamental.

    You could run VMware Player, with Tor running in a Ubuntu VM. I'm almost certain that will work, and it isolates your Tor activity.
     
  4. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    Using Multiple VPN Question

    I'm still trying to fully understand using Multiple VPN's, so here's my questions...

    Using the following connection

    YOU → VPN 1 → TOR → VPN 2

    Your data leaves you and reaches VPN 1, where it is then sent to TOR and then it finally reaches VPN 2. At VPN 2, your data it is then decrypted by VPN 2 and a connection is made with the server.

    Here's my question if I understand this correctly.

    VPN 1 & TOR have no idea of what is going through their server, as it is encrypted correct?

    Therefore VPN 2 see's all information that you transmit across its network? but has no idea of the originating IP?

    What is the benefit of using multiple VPN's? If you were only using YOU → VPN → TOR your VPN provider would still not be able to read your data.

    Am I missing something?

    God this stuff is interesting
     
    Last edited: May 26, 2012
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Re: Using Multiple VPN Question

    It's clearer, I think, to consider this as nested encrypted channels. I'm going to call them tubes within tubes, for convenience, but you could say tunnels if you like. Each tube begins locally, on one of your machines. The innermost tube is VPN2. It ends at the VPN2 exit node. That is, all of your traffic is encrypted using VPN2 credentials until it reaches the open internet.

    The VPN2 tube runs through the Tor tube between one of your machines and the Tor exit node. It's like a shielded wire within a cable.

    The Tor tube in turn runs through the VPN1 tube between one of your machines and the VPN1 exit node.

    Yes.

    Yes.

    Yes, you do, and you're not.

    Yes :)
     
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Interesting analysis! Thanks!
     
  7. nuphorce

    nuphorce Registered Member

    Joined:
    May 13, 2012
    Posts:
    12
    Re: Using Multiple VPN Question

    Would you be able to explain how to set this up on Windows please?
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Re: Using Multiple VPN Question

    Basically, you'd run VPN1 on the Windows box. You'd run a Tor gateway VM (such as Ra's) in VirtualBox, NATed to the host, that would provide Tor connectivity on an internal network. You'd run VPN2 in an Ubuntu VM, in TCP mode, connected to the Tor internal network. You'd set up a firewall on the Windows box to block all non-VPN1 traffic. You'd set up a firewall on the Ubuntu VM to block all non-VPN2 traffic. That's it.
     
  9. grueneshorn

    grueneshorn Registered Member

    Joined:
    May 27, 2012
    Posts:
    2
    Location:
    Germany
    Re: Using Multiple VPN Question

    Hi All!

    Great forum, great info! I'm a new member here, just signed up a few mintz ago. You can call me green if you like since my chosen username is grueneshorn (greenhorn).
    I'm completely new to web security, anonymous web and so on, but I found already a lot of useful information on this board.
    One question to mirimir: would it be possible -in the future maybe- to help noobs with some kind of a "step-by-step" guide for that mentioned setup? That would be highly appreciated by me and probably by some other noobs as well?!
    Otherwise thanks for that valuable info guys! Cheers, green:D
     
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Re: Using Multiple VPN Question

    Welcome :)

    Check out https://www.wilderssecurity.com/showthread.php?t=316044 .

    There are posts on Wilders with firewall setups for VPNs in Windows and Linux.
     
  11. grueneshorn

    grueneshorn Registered Member

    Joined:
    May 27, 2012
    Posts:
    2
    Location:
    Germany
    @ mirimir

    Thanks! ;)
     
  12. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    Re: Using Multiple VPN Question


    holy moly! my head is about to explode mirimir! and let me guess, this is the easy setup,lols.. :eek:....:ninja: ...:blink: ..:blink: .:blink: ...o_O ...:gack: ...:eek: ...:ouch:

    p.s: reading through all that gave me one monster headache and in the end itll take me months to comprehend all the gibberish , ahhh!!! why cant there just be a simple setup wizard that does all that for people that arent complete nerds, wich i sometimes wish i where ,like now -.-...xD

    an loyal w7x64 ultimate lover , only linux distro i got is TAILS ;)
     
    Last edited: May 28, 2012
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Re: Using Multiple VPN Question

    Yes, it is :)

    It's long and complicated because I included every step, plus some explanation.

    Actually, the Ubuntu and pfSense setup wizards are very user friendly. Manual partitioning to get encrypted LVM on RAID for the Ubuntu host machine is probably the most complicated part. VirtualBox is very easy to use. pfSense hides BSD's capable yet impossibly complicated routing and firewall system pf (packet filter) behind a simple GUI.
     
  14. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    Re: Using Multiple VPN Question

    hot damn thats pretty insane i dont wanna know what the difficult setup is then -.- , i can imagine the speeds already xD , thou impressive nontheless , now the question would be can i do all this on my w7 machine its got better than gaming hardware thou it uses TC fde or an entire seperate rig just for this
     
    Last edited: May 29, 2012
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    Re: Using Multiple VPN Question

    Use a dedicated box. High-end isn't necessary. One of my hosts is a used Gateway DX4710 with Core Duo Quad CPU, 6GB memory and four old 1TB RE3 SATA drives. That or something comparable shouldn't cost more than 400 USD. It'll run a couple pfSense VMs (256MB each) and four Ubuntu VMs (1GB each). That model has a reputation for frying drives, so I drilled some holes through to the front drive bay, and added a large rear fan. If you don't want that much (2TB RAID10) storage, using smaller drives might cut 100 USD off the price. Or you could use four 300GB 10Krpm Velociraptors (or SSD) for speed.
     
  16. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    Re: Using Multiple VPN Question

    ok thanks , ill keep that in mind on my way , thou ill have to take a month vacation sometime this year for this project, until then ill be using your other suggested method of routing the vpn through tor , instead having tor connect to my vpn as ive been doing lately, the tut on how to do this that youve used would be nice, so i can be atleast moderately safe without the ultra epic VMs for Routing VPNs and Tor: Host Machine Setup , until ive finished it ;)
     
    Last edited: May 29, 2012
  17. redcell

    redcell Registered Member

    Joined:
    Sep 27, 2010
    Posts:
    126
    This is my security/privacy setup.

    invincible.jpg

    TOR is not as security tight as VPN with regards to Java, SOCKS v4 & v5.
    Long story short - I've discovered this DNS leak / loophole while playing prank on a live webcam channel.
    Using TOR alone, webcam channel server was able to trace base connection IP.

    This is why TOR is only good to be used thru VPN. However, I know that many so-called experts disagree with me.

    Most imperative reason why we need 2 VPNs is because of disconnection fail-safe.

    Base connection (free public wifi) -> VPN A -> VM VPN B + TOR

    ■ All of the above connection must never be traceable.
    ■ There's no such thing as highly anonymous VPN unless you know the VPN servers being located personally in non-allied countries like China, Russia, North Korea, Iceland.
    ■ Never buy VPN account using your own, family or physical friends. The purchase transactions can still be traced. Thus, get a promo or free VPN accounts.
     
    Last edited: May 30, 2012
  18. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    so i guess its vpn THEN tor , hmmm....now im confused, so ive been doing it right afterall ? , hope mirimir can add to this
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    There is no "right" way. As notthatguy wrote, there are advantages and disadvantages to both arrangements (you->VPN->Tor->site and you->Tor->VPN->site). But you can "combine" them (you->VPN->Tor->VPN->site). That's what got me started on the howto about VMs, VPNs and Tor.
     
  20. hashed

    hashed Registered Member

    Joined:
    May 5, 2012
    Posts:
    53
    Re: Using Multiple VPN Question

    I suppose I now need to look into PFSense, I normally just use Scientific Linux, Mint or the like for my VM's that I run inside of Ubuntu under Vbox.

    ~h
     
  21. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802

    now that makes more sense thanks for clearing that up for me mirimir, and your setup is indeed the best solution afterall ;)
     
  22. bolehvpn

    bolehvpn Registered Member

    Joined:
    Oct 10, 2011
    Posts:
    81
    Location:
    Malaysia
Loading...
Thread Status:
Not open for further replies.