Jump to content
Not connected, Your IP: 18.117.141.69
john.smith033

VPN over Tor - how the traffic works

Recommended Posts

dear community,

 

I've read through https://airvpn.org/tor/ twice, studied some other materials and one thing is still not clear to me. I hope you can help me out here.

 

I want to do my best to make my desired activity with as much privacy as possible. I don't care if my ISP sees Tor traffic, so I chose VPN over Tor. I've followed the guide here https://airvpn.org/tor/ and set my Tor and AirVPN windows client accordingly. I don't need use network lock, because I run a clean VM just for this. "Test" button in AIrVPN's settings says my Tor config is alright. So what I do: Start Tor, start airVPN, connect VPN. As described in the guide:

 

Browsing with the Tor Browser, or running any application configured to use Tor Socks, generates traffic that's always directed to the Tor network and OUTSIDE the VPN tunnel. Technically because they use a connection that had been established before the VPN connection started.

 

What I would expect is, that when I use Tor browser to browse sites, my traffic goes through Tor AND through VPN. This doesn't happen, also when I browse with Tor, I don't see the traffic numbers in AirVPN client move. Alright.

 

Question: how do I access the site then, when I want to be covered in a way, that there is: ME -> Tor -> VPN -> site, rather than ME -> Tor -> site and ignore the VPN? I can't just open another Tor browser (it won't allow me). What am I not getting here?

When I open firefox/chrome of course I have VPN's public IP, whether the traffic goes through Tor I don't know, I guess it is, but I want to browse the sensitive site with Tor.

Share this post


Link to post

Not sure if it entirely answers your question, but from the faq there is an additional link for more TOR/AIRVPN setup explanations:

 

https://airvpn.org/topic/9196-i-have-access-to-onion-sites-under-air/?p=9382

 

Good luck!

 

this is the FAQ entry I was refering to:

 

- Which other steps can I take to increase my privacy and security?

Spoiler 

 

Share this post


Link to post

I haven't messed with using AIRVPN and Tor together but I may in the future in a scenario when I want dual layered encryption. IF I ever needed to use it I was wondering two things:

  1. When I use AIRVPN I ALWAYS use network lock as I want all traffic going through the VPN tunnel. However, on the page is says the first option on the explanation page is not compatible with network lock at the moment.
  2. With the second option explained (Tor OVER AIRVPN) on the FAQ about using Tor and AIRVPN together it states: "Your are not protected against malicious Tor exit nodes if you send/receive unencrypted traffic to/from the final host you connect to."

Please note that, with the above setup, if you connect to our web site with a Tor configured browser, our web server will see your Tor exit node IP address, so the site will display a red bottom box, as if you were not connected to an Air server.

 

After reading all of that it seems like the first option is better because you are protected against malicious Tor exit nodes? However, if network lock is not compatible with that mode you would have to really remind yourself to only use certain applications correct? With the first set up are you using the Tor browser or your normal browser to look at websites? Clarification would be nice! By the way the AIRVPN community is great at answering questions and I'm proud to be a part of it!

Share this post


Link to post

I would like to make sure you pause and consider the "large" picture where communication tunnels are constructed.  First let me say that I understand a slightly elevated concern when the tunnel exit node is a TOR relay.  The more pressing concern should be that when a user exits his/her tunnel, regardless of what the exit node is (VPN, TOR, other), any traffic to subsequent workspace is now out in the open.  It doesn't matter if you use several vpn relays combined with TOR, and in either order of preference, if you subsequently do anything http or similar you are out in the open.  HTTPS is somewhat better but onion all the way is light years more secure.  I understand you may not get a choice while connecting to the site you are participating in.  So I encourage those reading along here to NOT rely on any tunnel without due consideration of "post tunnel" activities.

Share this post


Link to post

Yes that is a factor to take into account, but not the question I was really asking...??

I would like to make sure you pause and consider the "large" picture where communication tunnels are constructed.  First let me say that I understand a slightly elevated concern when the tunnel exit node is a TOR relay.  The more pressing concern should be that when a user exits his/her tunnel, regardless of what the exit node is (VPN, TOR, other), any traffic to subsequent workspace is now out in the open.  It doesn't matter if you use several vpn relays combined with TOR, and in either order of preference, if you subsequently do anything http or similar you are out in the open.  HTTPS is somewhat better but onion all the way is light years more secure.  I understand you may not get a choice while connecting to the site you are participating in.  So I encourage those reading along here to NOT rely on any tunnel without due consideration of "post tunnel" activities.

Share this post


Link to post

 

Not sure if it entirely answers your question, but from the faq there is an additional link for more TOR/AIRVPN setup explanations:

 

https://airvpn.org/topic/9196-i-have-access-to-onion-sites-under-air/?p=9382

 

Good luck!

 

this is the FAQ entry I was refering to:

 

- Which other steps can I take to increase my privacy and security?

Spoiler 

 

 

thank you, this explanation made me understand it a bit more. In my scenario I need to access regular https sites, so if I use: MyComputer -> Tor -> AirVPN -> ex. google chrome to access web through https,

it should work ok, and my communication is tunneled through tor AND airvpn correctly, right?

among the other general security concerns, do I need to set up anything special in google chrome in such configuration?

 

I guess I don't want to dig deep into scenario where I want to access .onion sites with traffic going through Tor and VPN and Tor again

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...