Using Tor + VPN

Discussion in 'privacy problems' started by prnoid_ntrepreneur, Feb 11, 2014.

  1. prnoid_ntrepreneur

    prnoid_ntrepreneur Registered Member

    Joined:
    Feb 10, 2014
    Posts:
    8
    Location:
    Antarctica
    im confused on how one would use tor and a vpn together. the aim being to stop your isp knowing you're using tor and using tor to protect you from your vpn. but how would this be setup exactly. ive done some research on the topic but its all so confusing.

    also do most vpn providers (recommended on here) route your traffic to exit from several ips and locations like tor does or do they just assign you one ip that is consistent?

    but i really want to find out how to use tor and vpn together so that there are 2 layers of security. using tor by itself is not an option as the isp can tell if youre using tor.
     
  2. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    I'm no expert, but I'll have a stab at answering based on my own experience of using Tor and VPN together.

    Using Tor over a VPN connection is easy. All you have to do is to open your VPN connection first before connecting to Tor. After opening the VPN connection all traffic, including Tor traffic, will automatically be routed through the VPN.

    Typically a VPN will route via a single server, depending on which server you choose to connect to. Most VPN providers will have servers in several countries. This enables you to easily confirm that Tor traffic is routing over the VPN. If you open a normal browser connection, and go to www.myiponline.com, you will see the IP address the VPN server has assigned. If you then do the same thing using the Tor browser, you will see the IP address that the Tor network has assigned. If Tor is routing over VPN, the two IP addresses will be different.
     
    Last edited: Feb 11, 2014
  3. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Pretty much explains it. You basically start one, or the other, first - depending on what you want, and your threat model.

    One hides Tor use from your ISP, the other hides you, from your VPN. Other pros and cons have been discussed in other threads.
     
  4. prnoid_ntrepreneur

    prnoid_ntrepreneur Registered Member

    Joined:
    Feb 10, 2014
    Posts:
    8
    Location:
    Antarctica
    yh thanks i understand it now. id say hiding tor from you isp is more important which will also serve as a trust test for your vpn. if youre vpn are snitches and leak customer info then someone will notice eventually.
     
  5. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    One thing to add here. It is so simple to add VirtualBox and create a linux VM with TBB on it. The use of VM's drastically helps with anonymity since the hardware ID stuff is not that of your actual machine. Lots of threads around here about it, but I wanted to mention this since its quite easy to do.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's easier to just use Whonix, and arguably more secure.
     
  8. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Is the "hardware ID stuff" visible on the internet?
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    That answer depends upon who the "adversary" is. One of the key features of Whonix is that it touts how the Workstation eliminates the hardware ID and the host machine's ID is protected. The same thing is available while using a properly crafted VM in VirtualBox. Using only the NAT to connect keeps (or makes it extremely difficult to obtain) malware running on the VM from gaining access to the "true vitals" of the computer. This subject is discussed on the Whonix website and here as well. Beyond the discussion of pure machine ID only, the VM approach is amazing at eliminating specific fingerprints. If you log on to ipcheck or JonDo while in a linux VM and the TOR bundle is the browser, you virtually look anonymous regarding fingerprints and other identifying particulars.

    The object to this approach is that you look GENERIC as a typical TOR user. Part of that process is to remove actual hardware identifiers from the reach of malware.
     
  10. remiglo

    remiglo Registered Member

    Joined:
    Nov 10, 2014
    Posts:
    1
    Need a little assistance here.... some opinions on my darknet setup:

    I'm on a public network with probably 500 hotel residents fighting for time on multiple wifi routers. I usually connect late at night after the riff raff has gone to bed and the bandwidth becomes useable. I connect to the Internet via the wifi first before anything else happens. I can browse and get email and all that good normal internet through wifi stuff before the VPN is up.

    I read somewhere recently that I should be using a VPN connection, so I got a VPN connection setup that connects to the netherlands and has a rotating access code that changes daily. Once the VPN is up then I'll launch and run TOR and check out darknet just browsing.... Just want to browse and learn about this "Secret" place.

    How safe or unsafe is this connection strategy... please tell me like it is.... I'm running windows 7 premium.

    How do i know that TOR is using that VPN and not just going through my normal internet connection unmasked and clear for God/Gov and anyone to see?

    Thanks Guys
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Look at the Network tab in Resource Monitor. There should be sections for the TAP or TUN adapter, and you should see that Tor is connecting through it.
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Since you are running windows 7 it is very important that you confirm your DNS is not leaking. Windows improperly handles domain name server stuff so you will want to make SURE that your ISP's dns is NEVER used while on the vpn.

    If you will accept suggesting a "nudge" on stepping up your setup, you might give some thoughts to creating a virtual machine. You can run the VM with TOR inside it and NAT (how in connects to the host) the machine to your host. The activity that happens in the virtual machine is basically invisible to the host, which serves merely as a bridge to the VPN connection. You can create a FREE virtual machine using linux. It runs great on VirtualBox software, which is also free.

    I run "very private" in my thinking. For me the key is to separate ALL TOR activity from my host computer, and frankly from my ISP's knowledge that I even use it.

    These would be some beginner steps to learn, and from there we can tighten you up as far as you want to go. There's plenty more but this would be a start!!
     
Loading...