VPN + TOR Bridge or Exit Node?

Discussion in 'privacy technology' started by Brosephine, Feb 13, 2016.

  1. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    I want to pair my VPN with Tor but am not sure which direction I should do it from. My Vpn provider offers tutorials on 3 different methods to do so.
    1. Configure OpenVpn client to connect VPN over Tor network
    2. Configure your Tor client bundle to use VPN as exit nod
    3. Configure your Tor client bundle to use VPN as a bridge
    I don't want my VPN to be able to see my Tor traffic and would prefer my real ISP not know I'm even using Tor. I have an idea which of these methods suits me best but am interested in your thoughts about it.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,369
    1) This routes the VPN tunnel through Tor. That's only useful if you've purchased the VPN subscription using Tor, with no leaks, and have paid with cash through the mail, or with thoroughly anonymized Bitcoin. No matter how anonymous Tor may be, your anonymitity is limited by links to the VPN account.

    2) I've never heard about this before. So are some VPN services running Tor exit nodes as login links? I have played with VPN servers as hidden services. But like 1), this effectively routes the VPN tunnel through Tor.

    3) This is the opposite. It routes Tor through the VPN.

    It sounds like 3) is what you want. Your ISP sees only the encrypted VPN connection. And the VPN provider sees only your encrypted connection to the entry guard.

    1) and 2) allow you to route UDP through Tor, and can get around Tor blocking.
     
  3. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    @mirimir That's what I would have guessed. How sufficient is simply using Tor browser while connected to a VPN client?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,369
    At minimum, I recommend using VirtualBox. Connect to the VPN service on the host. Use a VPN client that prevents leaks, or use the Whonix VPN Firewall. If you're not using a custom VPN client, straight OpenVPN is more secure than Network Manager.

    Do nothing on the host except run updates, and manage VMs. Work in VMs. If you want nested chains of multiple VPNs, use pfSense VMs as VPN gateways. For using Tor, run the Whonix gateway and workstation VMs.
     
  5. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    Yeah VM's are my next "area of study." :argh:
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,744
    You want number 3 from your description of needs. I run 3 most of the time as well. Regardless of the host OS you are using, I would strongly recommend that you build a Linux VM within which you can run the TOR browser bundle. That VM will NAT to your host OS, and as Mirimir stated there is NO workspace activity conducted on the host OS. Don't be confused by all the terms because they will make sense quickly as you learn this stuff.

    Model 3 also allows for TOR to utilize a key feature of its security ----- changing the relay route automatically every 10 minutes or so. Its an ignored feature but its huge!

    If you need any help post back and someone would be happy to give you a steer. Mirimir has some guides on IVPN that are great tools while you are learning. You can read them without being a member there. Have fun.
     
  7. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    Thanks @Palancar I appreciate the guidance. I've heard a lot about Linux systems and their value but have not used one. Aren't they strictly command line?
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,369
    Some distros install with no desktop. But you can always install one.
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,744
    Those "cryptic" days of linux are mostly over except for a few diehards that install and want to run commandline stuff. Even when you install a linux distro with a beautiful windows looking desktop, you will shortly start learning how valuable the linux terminal is and setting up things like executable shell scripts, etc....

    You can move at your own pace. This isn't a contest and if you are like many of us here the learning process is actually so rewarding and fun (does come with frustrations too).
     
  10. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    I didn't know you could have a windows type gui with linux? I would need something like that start out with because I'm not very fluent in CMD!

    I will definitely be moving at my own pace. I'm right brained & artistic, venturing way out of my comfort zone with all this. :argh: Luckily, I have this great forum and the members on it who don't mind taking their time to explain something to a noob & are willing to pass on their knowledge.
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,369
    There are desktops that try very hard to look like Windows, and ones that try very hard to look like IOS. Most distros support most desktops, and vice versa. But there are a few tight associations.

    Check out http://distrowatch.com/
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,744
    If you wanted to start with a true newbie WINDOWS LOOK A LIKE then grab zorin. You can pick a windows desktop and someone sitting down at the screen might not even know it isn't windows. Truthfully though, once you stretch your wings with linux you'll want a flavor that allows you to "wrench" away and do some serious stuff.

    I am not using the systems I started out with. That should be expected and is natural for a "hobbyist". In fact I am studying going to another level myself but in truth I am not quite ready yet. What I have configured completely serves my needs. I simply want to go deeper to stretch my knowledge and do so as a hobby.
     
  13. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    I understand the difference between a traditional Linux system and a Windows system in terms of function and capability, but how does a Linux system that looks exactly like a Windows system differ from a real Windows system?
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,369
    Well, "exactly" is exaggerating ;) The layout is similar. And it includes Wine for running Windows apps. But otherwise, it's just Linux. Any Linux distro can run Windows apps in Wine.
     
  15. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,284
    Location:
    Mexico
    I live in Mexico so I think, maybe wrong, I should not concern about gov that much. Then, is there any free VPN for me to use along with TOR and navigate the deep web?
     
  16. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,247
    Location:
    UK
    Both Windows and Unix GUIs developed in the 80s, based on other research (e.g. at Xerox). The unix/linux graphical systems are currently hosted on the X-Windows base (although Waylands may supplant X in future). A large variety of GUI shells can be built on top of that, which provide a great range of user experiences.

    Linux distributions such as Mint are easily adopted by Windows users because simple things like copy/paste and window close are in the expected places and do similar things.

    I'd encourage what others are saying about use of VM, that's easily the most productive way to learn and experience a variety of operating systems, as well as constructing the necessary structures for privacy.
     
  17. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,311
    Location:
    Oz
    You say do nothing on the host machine. But I have heard that a global adversary can look at an entry connection and an exit node and compare timing plus the amount and shape of the data going in the entry node, coming out of the exit node, and compare what comes back in and going back to the computer.. What if the host machine had a VPN running, with a long youtube documentary playing while Tor was making it's connections back and forth? It seems to me that this would prevent that kind of correlation. Or at least making it much more difficult. Or am I missing something?..... One more thought. That seems like an awfult lot of trouble to go through unless someone was a terrorist or something.
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,369
    Do you mean to connect to Tor through the VPN, or to connect to the VPN through Tor? The first is the safest option. And it's the only way to reach Tor onion sites. Connecting to the VPN through Tor does protect you from Tor exits. And it also keeps websites from blocking you because you use Tor. But it's harder to do, and easier to do wrong.

    Anyway, SecurityKISS is still my favorite free VPN.
     
  19. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,284
    Location:
    Mexico
    Thanks @mirimir . Yes I mean Tor through VPN. Didn't know the other way around. In fact, I haven't connected to the deep web never before, so why I'm asking, lol. Also I didn't know websites could block me because of Tor.
    Going to try SecurityKISS right away. :thumb:
     
  20. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,744
    Technically they are not blocking you because of TOR. They block based upon IP's and TOR nodes quickly get added to the list of blocked nodes for those wanting to block such things. Captcha's are the pain of living on TOR and cruising clearnet, even when a complete block is not installed. Of course once and if you actually go to the DW you will be fully welcome and never see one of those again. There is no exit node on the DW.

    Some of the better VPN clients can facilitate going TOR and then VPN, but it comes at a cost. The largest cost in my view is that the TOR circuit can no longer auto rotate properly. As it stands now without modifying the software, which any user can easily do, the TOR circuit auto rotates every 10 minutes or so. That means that for those on clearnet but using TOR first, their IP's will change every 10 minutes or so.
     
  21. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,284
    Location:
    Mexico
    @Palancar
    Thanks for your reply. I read it since Wednesday but haven't had a chance to try. I did a while ago but no luck, Tor keeps failing to load onion sites. I give up.
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,369
    It's really very simple. Run a VPN on your computer. Run Whonix in VirtualBox. Whonix will use Tor via the VPN.
     
  23. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,284
    Location:
    Mexico
    Thanks @mirimir
    When I click download Whonix it offer various flavors:
    Don't know which one to pick as I am supposed to run it in VirtualBox. My machine runs Win8.1 btw.
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,369
    I have no clue why they did that. The Windows, OSX and Linux buttons all point to https://www.whonix.org/wiki/VirtualBox :rolleyes: Seriously, WTF? So anyway, you just install VirtualBox, download the Whonix apps, and then import them. They both have config wizards. If you like, you can edit the VirtualBox configuration of the gateway to use 256MB RAM instead of the default 768MB. That gives you a text-only console. But you do very little in the gateway, so running a GUI is a waste of RAM. Maybe run arm, and that's a text app.
     
  25. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,448
Loading...