Jump to content
Not connected, Your IP: 3.237.2.4
milipum

How about Double VPN ?

Recommended Posts

Guys your service is very good, but why you do not have a double vpn? At least a few servers.

For, example

Netherlands-Singapore

or

Luxembourg-Switzerland.

Think about it please. It would be awesome. And very good for privacy.

 

 

Share this post


Link to post

Guys your service is very good, but why you do not have a double vpn? At least a few servers. For, example Netherlands-Singapore or Luxembourg-Switzerland. Think about it please. It would be awesome. And very good for privacy.

 

Hello,

 

you can already do it by yourself. Each account can establish up to 3 concurrent connections so multi-hop solutions are trivial. However "multi-hopping" on servers all owned by the same company is not an optimal solution, you might prefer OpenVPN over TOR, or TOR over OpenVPN, which are much safer.

 

Kind regards

Share this post


Link to post

Are they any tutorials how to achieve a double hop using a vm or especially any other methods that you can point to here plz ?

​I know some vm guides can be found but ​I think having such a guide would be a useful resource here at airvpn.org.

Share this post


Link to post

Are they any tutorials how to achieve a double hop using a vm or especially any other methods that you can point to here plz ?

​I know some vm guides can be found but ​I think having such a guide would be a useful resource here at airvpn.org.

Very good question of interest for me too.  I'm running, as host OS, Win 8.1 Pro with a VM created using Oracle's VirtualBox.  In the VM, I'm running Win 7 Pro as the guest OS.  I'm thinking of learning some programming techniques that would require ultimate security/privacy.  Currently, an older version of AirVPN client is on the host OS and Eddie 2.7 was recently installed on the guest OS.

 

When working on the VM guest OS, I access a wireless router connected to a cable modem via Eddie 2.7, then run a DOS command fix for DNS leakage.  On dnsleaktest.com, only the AirVPN server is detected.  So far, so good... uTorrent works fine, Firefox works fine, and both with very good bandwidth.

 

Question:  Can I run AirVPN 2.7 on the host OS using Wi-Fi to exit on a Nerherland server, and then start the VM, guest OS and run AirVPN 2.7 through the same Wi-Fi adapter to exit on a Canada server?  What I'm hoping to achieve is a VPN tunnel to Canada that goes through a VPN tunnel to Netherland. 

1. In this scenario, would any ping, sniffer or website see me (my IP address) coming from Canada instead of the Netherland VPN server or my cable modem IP address & country?? 

2. If this answer is "Yes, would be seen coming from Canada", then would either VPN tunnel/server still be active and protect my identity if the other VPN tunnel/server crashed??

 

I hope my question (maybe same or very similar to the Q by snaggle) isn't too convoluted in trying to supply the spec for what I hope to set up.  Please let me know if you need more info or can provide a tweak for what I hope to use.

 

Thanks in advance for your help!

Share this post


Link to post

Hello,

 

two of the most effective "multi-hopping" setups are extensively described here:

https://airvpn.org/tor

 

If you run our client Eddie you do not even need a middle-box or a VM for OpenVPN over TOR. As far as we know Eddie was the first and currently is the only open source OpenVPN wrapper/GUI for Linux and OS X in the world that saves you from using a middle-box or a VM.

 

About VMs and OpenVPN, maybe the quickest solution is running a guest OS attached to the host via NAT (important!). Connect the host to VPNServer1 and then connect the guest to VPNServer2. On the guest OS (and only on the guest OS) you will have traffic tunneled over VPNServer2 over VPNServer1. On the Internet your VM will appear with the exit-IP address of VPNServer2.

 

Kind regards

Share this post


Link to post

Guys, I don't know if you are wanting 2 VPN's or a combination of VPN and TOR as suggested by Staff.  The process of combining TOR with a vpn is very easy to do (doesn't really matter which is over the other).

 

For 2 or more VPN's setting up a route is quite simple to do IF you have proper hardware.  You would use your host OS (I vote linux but your vote counts for your system) to connect via the Eddie client or a vpn config generated by Air.  That would be vpn1 and form the obfuscated bridge for the second vpn (you repeat this process and even use more than 2 vpn's if you want).  One limiting factor is the hardware NICs on your computer.  You cannot use the same port twice.

 

I don't feel the liberty here to link to other forums where we already have all this worked out.  You might also consult the posts by pfsense_fan here as usage of pfsense offers unlimited circuitry.  An example would be grab an intel 1340 T4 or 1350 T4 where you would literally snap in 4 new ports that would open up the full process with choices.  If you have the hardware, the setup is free and you can have it humming along in under 30 minutes once you know how.

 

If NIC hardware is not available to you (money, or whatever) perhaps you might use one hop on your router via ddwrt and then use your host OS for the second hop.  That would work too.

 

Don't be intimidated this is really not tough, although there is a learning curve.

Share this post


Link to post

Many thanks to Staff and retiredpilot! I apppreciate your time to layout some options, links to info or the means to find more info on this topic.  Time to get to work.

Share this post


Link to post

Are they any tutorials how to achieve a double hop using a vm or especially any other methods that you can point to here plz ?

​I know some vm guides can be found but ​I think having such a guide would be a useful resource here at airvpn.org.

 

You can do double hop without a VM. You have to configure the routing table and the OpenVPN client correctly as you set up each VPN connection. See this post:

 

https://airvpn.org/topic/11277-its-possible-connect-two-vpn-at-the-same-time/?p=16345

Share this post


Link to post

NaDre,

 

Your resolution is also a "crisp" way to go about this.  I have read through the thread you linked and it follows well actually.  It offers a solution for some that might not want to mess with VM's, but it does venture away from "point and click".  If someone has 50 bucks and wants to snap in a 4 port NIC they also accomplish the task by chaining VM's.  Both solutions offer many hops for those that want to go there!

 

I really enjoyed reading your presentation.  I may give it a shot on one of my machines just for the heck of it.  I am all Linux so I'll have to modify accordingly if I actually proceed.  For me a consideration (security) is ISOLATION of data exchange between machines, which is something a well crafted VM is pretty good at accomplishing (e.g. Whonix approach).  In your approach even though the TAPs are different they are in fact running on the same host machine and my initial thoughts turn to isolation issues (initial reaction without studying the scheme at length) within the OS.

 

Your thoughts on that dimension - isolation strength?

Share this post


Link to post

...

Your thoughts on that dimension - isolation strength?

 

Clearly there is a security/privacy advantage to running your browser (or whatever) that will use the VPN connection in its own VM. That way there is very little for the client you are running to spy on. And browsers can certainly spy. Hard to stop them.

 

I just wrote that post to answer a technical question. To make it work, you have to have a fundamental understanding of how the VPN gets set up. And that I think is a good thing.

 

But I don't actually worry so much about privacy myself. I have my PC set up so that I only use the VPN for torrenting. Whatever I feel I need to hide, I hide. But there isn't really much that I feel I need to hide. I guess I am basically pretty boring.

 

As far as responding to the extreme (and frankly useless, except maybe to the next dictator) mass surveillance that is going on, I feel the best response is not to hide, but to object to it and criticize it in public.

Share this post


Link to post

NaDre,

 

Thank you for the response.

 

 

 

 

I feel the best response is not to hide, but to object to it and criticize it in public.

 

 

I say do both.  That is what I am attempting anyway!!

Share this post


Link to post

Not sure if this works correctly but it should be doable if you have a router with VPN and use an otherone (different company) on your pc you'll have 2 different ip adresses (i think).

Share this post


Link to post

Is it possible to set up multi-hop connections using custom configs? I'd like to use double or triple hop without the hassle of booting up a VM.

 

For the record, I know that a multi-hop VPN doesn't mitigate the risk of having an untrustworthy provider. However, if your provider IS trustworthy it adds extra protection against traffic analysis attacks that are very simple for spy agencies when you have a single hop setup.

 

Just look at TOYGRIPPE, the NSA database of VPN exit nodes:

 

http://strategicstudyindia.blogspot.com/2014/09/nsas-turbulence-sigint-processing-and.html

 

Tasking what goes in and out and matching up the traffic is such an obvious attack vector, I can't help but assume it's being done.

 

EDIT: forgot to add, the solution of changing routing tables and so on also seems to have the problem of being complicated, if not more so than the VM solution. I'd also have no idea how to adapt it to Linux either.

Share this post


Link to post

Is it possible to set up multi-hop connections using custom configs? I'd like to use double or triple hop without the hassle of booting up a VM.

 

Hello!

 

A VM (or a middle-box) is needed but you could evaluate OpenVPN over TOR (natively supported by client Eddie) which is better anyway. Or just go with TOR over OpenVPN, another very simple solution (at least for browsing). In both cases no VMs or middle-boxes are needed.

 

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...