What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
How are you going to tell the 1st VPN's exit node (that you don't
know what it will be, or how to send redirection commands to it)
where to find the 2nd VPN's entry node?
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
On 9/3/24 15:39, david wrote:
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
Theoretically you can.
Technicalities come into play.
Most VPNs add a default route to cause all traffic to run through the
VPN. So when you start the second VPN it alters the default route to
go through it thus usurping the first VPN. Humans can be smarter than
this and work around it.
The other common problem is related to NAT and the VPN protocol. Some
NATing routers assume that all traffic for some VPN protocols goes
specific places (stateful table) and the second VPN breaks this
assumption.
You probably can make multiple VPNs work. It's going to be annoying at
best and difficult to impossible with wizards.
Open your web browser and use a web-based VPN to then visit a website.
You've got a double VPN.
Grant is answering the question of system-wide double VPN'ing.
It would be nice to see an example of that working with one of the many available no-registration free VPNs out there, such as "vpngate.net".
On Wed, 4 Sep 2024 17:47:26 +1200, Your Name wrote:
Open your web browser and use a web-based VPN to then visit a website.
You've got a double VPN.
Everyone already does that using the free Epic or Opera VPN browsers. https://epicbrowser.com/
https://www.opera.com/features/free-vpn
But what the OP is asking about is system-wide VPN, not browser VPN.
Grant is answering the question of system-wide double VPN'ing.
It would be nice to see an example of that working with one of the many available no-registration free VPNs out there, such as "vpngate.net".
On Wed, 4 Sep 2024 17:47:26 +1200, Your Name wrote:
Open your web browser and use a web-based VPN to then visit a website.
You've got a double VPN.
Everyone already does that using the free Epic or Opera VPN browsers. https://epicbrowser.com/
https://www.opera.com/features/free-vpn
But what the OP is asking about is system-wide VPN, not browser VPN.
Grant is answering the question of system-wide double VPN'ing.
It would be nice to see an example of that working with one of the many available no-registration free VPNs out there, such as "vpngate.net".
This feels like you don't trust the first vpn but you trust the second one, then use the second one directly.
Paul
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
If vpn inside of vpn actually works, it should work with one of those.
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
In alt.comp.os.windows-10, on Tue, 3 Sep 2024 14:39:47 -0600, david <this@is.invalid> wrote:
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
Why can't you have a girlfriend when you've already got a girlfriend?
...Oh, wait.
Why can't you be riding on one train when you're already riding on
another train? Yeah, let's go with that.
On 2024-09-08 04:20:15 +0000, micky said:
In alt.comp.os.windows-10, on Tue, 3 Sep 2024 14:39:47 -0600, david
<this@is.invalid> wrote:
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
Why can't you have a girlfriend when you've already got a girlfriend?
...Oh, wait.
Why can't you be riding on one train when you're already riding on
another train?  Yeah, let's go with that.
Technically you can ... if the first train is being carried as cargo by a second train. :-p
But realistically that example doesn't work. It would be more like the second train pushing the first train. It's basically a daisy chain of VPN servers, each connecting to the next one, so you data has to pass through each one in turn.
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
In alt.comp.os.windows-10, on Tue, 3 Sep 2024 14:39:47 -0600, david <this@is.invalid> wrote:
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
Why can't you have a girlfriend when you've already got a girlfriend?
...Oh, wait.
Why can't you be riding on one train when you're already riding on
another train? Yeah, let's go with that.
On 03/09/2024 22.39, david wrote:
What I don't get is if you're on your isp, you can get on vpn.
So why can't you get on another vpn when you're already on vpn?
Or, maybe, you can?
Yes you can, there is a number of solutions to this. but let's not go
into details as many of the posts already poked on them.
The real question is why would you want to do that? You tend to get no >further "security" of "anonymity" of it. The last VPN will be the one
that can decipher your traffic anyway.
Can I use a VPN with Tor?[end quote]
Generally speaking, we don't recommend using a VPN with Tor unless
you're an advanced user who knows how to configure both in a way
that doesn't compromise your privacy.
You can find more detailed information about Tor + VPN at our wiki. >https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
TorPlusVPN
Last edited by Alexander Faeroy 4 years ago
TOC(depth=1)
Introduction
There are many discussions on the Tor Mailing list and spread over
many forums about combining Tor with a VPN, SSH and/or a proxy in
different variations. X in this article stands for, "either a VPN,
SSH or proxy". All different ways to combine Tor with X have
different pros and cons.
General
Anonymity and Privacy
You can very well decrease your anonymity by using VPN/SSH in addition
to Tor. (Proxies are covered in an extra chapter below.) If you know
what you are doing you can increase anonymity, security and privacy.
Most VPN/SSH provider log, there is a money trail, if you can't pay
really anonymously. (An adversary is always going to probe the weakest
link first...). A VPN/SSH acts either as a permanent entry or as a
permanent exit node. This can introduce new risks while solving others.
Who's your adversary? Against a global adversary with unlimited
resources more hops make passive attacks (slightly) harder but active
attacks easier as you are providing more attack surface and send out
more data that can be used. Against colluding Tor nodes you are safer, >against blackhat hackers who target Tor client code you are safer
(especially if Tor and VPN run on two different systems). If the VPN/
SSH server is adversary controlled you weaken the protection provided
by Tor. If the server is trustworthy you can increase the anonymity
and/or privacy (depending on set up) provided by Tor.
VPN/SSH can also be used to circumvent Tor censorship (on your end by
the ISP or on the service end by blocking known tor exits).
VPN/SSH versus Proxy
The connection between you and the VPN/SSH is (in most cases, not all) >encrypted.
On the other hand the connection between you and an OpenProxy is
unencrypted. An 'SSL proxy' is in most cases only a http proxy which
supports the connect method. The connect method was originally
designed to allow you to use to connect using SSL to webservers but
other fancy things such as connecting to IRC, SSH, etc. are possible
as well. Another disadvantage of http(s) proxies is, that some of them, >depending on your network setup, even leak your IP through the 'http >forwarded for' header. (Such proxies are also so called 'non-anonymous >proxies'. While the word anonymous has to be understood with care
anyway, a single OpenProxy is much worse than Tor).
Also read Aren't 10 proxies (proxychains) better than Tor with only 3
hops? - proxychains vs Tor.
VPN versus SSH or Proxy
VPN operates on network level. A SSH tunnel can offer a socks5 proxy.
Proxies operate on application level. These technical details
introduce their own challenges when combining them with Tor.
The problematic thing with many VPN users is, the complicated setup.
They connect to the VPN on a machine, which has direct access to the >internet.
the VPN user may forget to connect to the VPN first
without special precautions, when a VPN connection breaks down (VPN
server reboot, network problems, VPN process crash, etc.), direct
connections without VPN will be made.
To fix this issue you can try something like VPN-Firewall.
When operating on the application level (using SSH tunnel socks5 or
proxies), the problem is that many applications do not honor the proxy >settings. Have a look into the Torify HOWTO to get an idea.
The most secure solution to mitigate those issues is to use
transparent proxying, which is possible for VPN, SSH and proxies.
You -> X -> Tor
Some people under some circumstances (country, provider) are forced to
use a VPN or a proxy to connect to the internet. Other people want to
do that for other reasons, which we will also discuss.
You -> VPN/SSH -> Tor
You can route Tor through VPN/SSH services. That might prevent your
ISP etc from seeing that you're using Tor (VPN/SSH Fingerprinting
below). On one hand, VPNs are more popular than Tor, so you won't
stand out as much, on the other hand, in some countries replacing an >encrypted Tor connection with an encrypted VPN or SSH connection, will
be suspicious as well. SSH tunnels are not so popular.
Once the VPN client has connected, the VPN tunnel will be the
machine's default Internet connection, and TBB (Tor Browser Bundle)
(or Tor client) will route through it.
This can be a fine idea, assuming your VPN/SSH provider's network is
in fact sufficiently safer than your own network.
Another advantage here is that it prevents Tor from seeing who you are
behind the VPN/SSH. So if somebody does manage to break Tor and learn
the IP address your traffic is coming from, but your VPN/SSH was
actually following through on their promises (they won't watch, they
won't remember, and they will somehow magically make it so nobody else
is watching either), then you'll be better off.
You -> Proxy -> Tor
This does not prevent your ISP etc from seeing that you're using Tor
because the connection between your and the proxy is not encrypted.
Sometimes this prevents Tor from seeing who you are depending on the >configuration on the side of the proxy server. So if somebody does
manage to break Tor and learn the IP address your traffic is coming
from, but your proxy does not log an the attacker didn't see the
unencrypted connection between your and the proxy, then you'll be
better off.
You -> Tor -> X
This is generally a really poor plan.
Some people do this to evade Tor bans in many places. (When Tor exit
nodes are blacklisted by the remote server.)
(Read first for understanding: How often does Tor change its paths?.) >Normally Tor switches frequently its path through the network. When
you choose a permanent destination X, you give away this advantage,
which may have serious repercussions for your anonymity.
You -> Tor -> VPN/SSH
You can also route VPN/SSH services through Tor. That hides and
secures your Internet activity from Tor exit nodes. Although you are
exposed to VPN/SSH exit nodes, you at least get to choose them. If
you're using VPN/SSHs in this way, you'll want to pay for them
anonymously (cash in the mail [beware of your fingerprint and printer >fingerprint], Liberty Reserve, well-laundered Bitcoin, etc).
However, you can't readily do this without using virtual machines. And
you'll need to use TCP mode for the VPNs (to route through Tor). In
our experience, establishing VPN connections through Tor is chancy,
and requires much tweaking.
Even if you pay for them anonymously, you're making a bottleneck where
all your traffic goes -- the VPN/SSH can build a profile of everything
you do, and over time that will probably be really dangerous.
You -> Tor -> Proxy
You can also route proxy connections through Tor. That does not hide
and secure your Internet activity from Tor exit nodes because the
connection between the exit node to the proxy is not encrypted, not
one, but two parties may log and manipulate your clear traffic now. If
you're using proxies in this way, you'll want to pay for them
anonymously (cash in the mail [beware of your fingerprint and printer >fingerprint], Liberty Reserve, well-laundered Bitcoin, etc) or use
free proxies.
One way to do that is proxychains. Another way would be to use a
Transparent Proxy and then either proxify (set proxy settings) or
socksify (use helper applications to force your application to use a
proxy) the programs you want to chain inside your Transparent Proxy
client machine.
You -> X -> Tor -> X
No research whether this is technically possible. Remember that this
is likely a very poor plan because [#You-Tor-X you -> Tor -> X] is
already a really poor plan.
You -> your own (local) VPN server -> Tor
This is different from above. You do not have to pay a VPN provider
here as you host your own local VPN server. This won't protect you
from your ISP of seeing you connect to Tor and this also won't
protect you from spying Tor exit servers.
This is done to enforce, that all your traffic routes through Tor
without any leaks. Further read: TorVPN. If you want this, it may
unnecessary to use VPN, a simple Tor-Gateway may be easier, for
example Whonix.
VPN/SSH Fingerprinting
Using a VPN or SSH does not provide strong guarantees of hiding your
the fact you are using Tor from your ISP. VPN's and SSH's are
vulnerable to an attack called Website traffic fingerprinting ^1^. Very >briefly, it's a passive eavesdropping attack, although the adversary
only watches encrypted traffic from the VPN or SSH, the adversary can
still guess what website is being visited, because all websites have
specific traffic patterns. The content of the transmission is still
hidden, but to which website one connects to isn't secret anymore.
There are multiple research papers on that topic. ^2^ Once the premise
is accepted, that VPN's and SSH's can leak which website one is
visiting with a high accuracy, it's not difficult to imagine, that
also encrypted Tor traffic hidden by a VPN's or SSH's could be
classified. There are no research papers on that topic.
What about Proxy Fingerprinting? It has been said above already, that >connections to proxies are not encrypted, therefore this attack isn't
even required against proxies, since proxies can not hide the fact,
you're using Tor anyway.
,, ^1^ See Tor Browser Design for a general definition and
introduction into Website traffic fingerprinting.
^2^ See slides for Touching from a Distance: Website Fingerprinting
Attacks and Defenses. There is also a research paper from those
authors. Unfortunately, it's not free. However, you can find free ones
using search engines. Good search terms include "Website Fingerprinting
VPN". You'll find multiple research papers on that topic.
...(cf. any browser using Omnimix' built-in Tor)
https://coveryourtracks.eff.org/
Test your browser to see how well you are protected from tracking and >fingerprinting:
TEST YOUR BROWSER
https://coveryourtracks.eff.org/kcarter?aat=1
Test with a real tracking company ?
Our tests indicate that you have strong protection against Web tracking.
...
How does tracking technology follow your trail around the web, even if
you've taken protective measures? Cover Your Tracks shows you how trackers >see your browser. It provides you with an overview of your browser's most >unique and identifying characteristics.
Only anonymous data will be collected through this site.
Want to learn more about tracking? Read how it works with our guide:
LEARN MORE ABOUT FINGERPRINTING
https://coveryourtracks.eff.org/learn
...
Our tests indicate that you have strong protection against Web tracking.(cf. any browser not using Tor)
...
Our tests indicate that you are not protected against tracking on the Web. [end quote]
Congratulations. This browser is configured to use Tor.(cf. any browser using Omnimix' built-in Tor)
Your IP address appears to be: ###.###.###.###
...
Congratulations. This browser is configured to use Tor.(cf. any browser not using Tor)
Your IP address appears to be: ###.###.###.###
However, it does not appear to be Tor Browser.
Click here to go to the download page
https://www.torproject.org/download/
...
Sorry. You are not using Tor.[end quote]
Your IP address appears to be: ###.###.###.###
The real question is why would you want to do that? You tend to get no further "security" of "anonymity" of it. The last VPN will be the one
that can decipher your traffic anyway.
Using <news:lk547cFesj4U1@mid.individual.net>, J.O. Aho wrote:
The real question is why would you want to do that? You tend to get no
further "security" of "anonymity" of it. The last VPN will be the one
that can decipher your traffic anyway.
Thank you and everyone for trying to point out that supposed futility.
Maybe I fundamentally misunderstand everyone who said what you said, which
is that the last VPN will be able to decipher your traffic no matter what.
But isn't that dead wrong?
Isn't that what double NAT'ing does, or, more to the point, TOR?
Why does it work perfectly for TOR and not work at all for VPN?
In all the cases the VPNs know your IP.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 361 |
Nodes: | 16 (2 / 14) |
Uptime: | 123:31:10 |
Calls: | 7,716 |
Files: | 12,861 |
Messages: | 5,727,956 |