Double vpn

[buginot 0]

Very interested in this topic.

[go558a83nk 362]

OK. 

[buginot 0]

OK. 

 

 

PS 

Will there be support for this function?

[dIecbasC 38]

Why would you want to do this? I'm genuinely curious.

[flat4 79]

Double the protection

You don't want to catch anything

[dIecbasC 38]

Isn't it true though that if someone can crack the surrounding later, then cracking the identical inner later vpn would be possible too? You'd have the layer different encryption technologies to make it worthwhile I guess. Why not just run one stronger system?

[iwih2gk 93]

Isn't it true though that if someone can crack the surrounding later, then cracking the identical inner later vpn would be possible too? You'd have the layer different encryption technologies to make it worthwhile I guess. Why not just run one stronger system?

 

Just to make sure we are talking in the correct "vein", I believe the OP is referring to using two vpn servers.  If that is true then there would be some definite merit.  You would not have to "crack the surrounding layer" as you put it.  Air allows for 3 simultaneous connections per account and it is almost trivial to use multi-hop if a member wants to.  True - you have to configure your own system, but using VM's and pfsense would allow what the OP describes and is asking for.  Benefits?  I believe there are numerous benefits.  Accordingly:

 

I don't believe any adversary is likely to crack the Air structure from the inside.  However; an adversary can "sit on" the datacenter that hosts a vpn server from the outside and over time can determine via traffic analysis just where you are headed.  Its a fact and not really up for debate on that.  Doesn't mean they have cracked the tunnel just that they know where you are going if they spend the time.  So now lets make it alot tougher to do.  Enter a NL server (example only here) and then jump/hop to a server in another country, and then jump/hop again to a third server.  Its like the metaphor of spokes on a bicycle wheel.  A hundred spokes coming into a server and going out, now the same hundred new spokes coming in and going out of servers two and three.  Just do the math on how that works and non-trivializes the tracking of such a path.  You can do exactly that right now with any Air account if you wanted to.  In addition you could still jump on a TOR circuit after that and go "crazy" with covering your trail.  There are speed tradeoffs and you'll have to determine just how many hops you need to feel safe for your "threat model".  Personally, I am never less than four, but that is just me.

 

Sure you can argue that another vpn provider for multiple vpn servers would be better, and that is likely true enough due to partition of trust issues.  I am just commenting that a multi hop circuit on Air only is better than one hop IF someone on the outside of a tunnel is trying to watch your "moves".

[dIecbasC 38]

oh right....that makes more sense. I couldnt see the benefit of a VPN tunnel inside another VPN tunnel but what you say makes sense - thanks for sharing. 

[go558a83nk 362]

I know of another VPN provider that has VPN chains as part of their service.  You can build your own.  The way it works is that you connect to the gateway that's the start of the chain on a unique port.  Once connected you appear to be at the end link of the chain.

 

They sell it by saying it increases security or anonymity.  However, I think the more important use of the chains is to take advantage of better routing.

 

For example, I can connect to USA servers directly.  But, it might be faster for me to chain through Singapore, then USA.

[rickjames 106]

I think the more important use of the chains is to take advantage of better routing.

 

For example, I can connect to USA servers directly.  But, it might be faster for me to chain through Singapore, then USA.

A buddy actually does that for gaming because his isp's routing is really horrible. He gets better pings by jumping to a nearby vpn then to the game server.

 

I would love to see some downloadable configs for a simple 2 server hop though. Its easy to do with a vm but being able to ssh/ssl -> vpn -> vpn would make me smile.

[go558a83nk 362]

 

I think the more important use of the chains is to take advantage of better routing.

 

For example, I can connect to USA servers directly.  But, it might be faster for me to chain through Singapore, then USA.

A buddy actually does that for gaming because his isp's routing is really horrible. He gets better pings by jumping to a nearby vpn then to the game server.

 

I would love to see some downloadable configs for a simple 2 server hop though. Its easy to do with a vm but being able to ssh/ssl -> vpn -> vpn would make me smile.

 

Air has some good tricks that most other VPN don't have (SSH and SSL and great config generator) but maybe they will implement the chains as a way of keeping a step ahead of the pack. 

[iwih2gk 93]

One thing to pay attention to with some of the "other" providers that offer multi-hop:  they have VERY few choices.  e.g. - they may have two dozen servers spread around but if you want multi-hop you can pick from maybe 2.  In other words it becomes very obvious even at the start of your tunnel that you are likely a multi-hop user and that you are going to a defined second server (rigidly structured by the vpn provider).  Now I just go to the obvious server and pick up your trail with only a small hesitation.  Even so this is better than nothing.  However;  with almost 70 servers to choose from, the mathematics involved makes using my own routing configuration on Air exponentially tougher to trace.

 

Hey this is just my two cents.  Take it or leave it.