VPN chaining

dwright

I was reading about a provider and came across a feature they called VPN chaining, where you connect to several nodes in sequence, a bit like Tor I suppose. With them you can connect to up to 4 of their servers.

Would it be possible to do this with AirVPN? If not, would you be able to enable it?

Also, if you did and I connected to 3 nodes for example, would the 3rd node have any 'knowledge' of the first node I connected to?

I have tried connecting to more than one server at once without success. I have also tried first connecting to a different provider and then Air (and vice versa) but it didn't work.

Staff

Hello,

sorry, we do not offer this option by default, which is considered substantially useless and less secure in comparison to TOR over OpenVPN (or OpenVPN over TOR), because all the nodes are operated by the same entity.

Kind regards

dd79

Isnt this the routing (double hoping) that allows me to access american streaming sites, even if connection to a swedish vpn server?

Staff

Isnt this the routing (double hoping) that allows me to access american streaming sites, even if connection to a swedish vpn server?

Correct!

Kind regards

lordlukan

Hello,

sorry, we do not offer this option by default, which is considered substantially useless and less secure in comparison to TOR over OpenVPN (or OpenVPN over TOR), because all the nodes are operated by the same entity.

Kind regards

Interesting response! How about this senario.

1. A court orders the data centre to provide them with logs of all network traffic associated with AirVPN server (source IP address, source port, destination IP address, destination port, time, bytes).

2. user -(1)→ VPN -(2)→ Internet. Enough data and analysis can yield (1) and (2) network activity and get the IP address of the user.

3. AirVPN doesn't need to provide this data. Data centre already has it.

4. Chaining 2 or more services (even from same provider, but in different jurisdictions) will make this kind of analysis more difficult.

I wouldn't describe it as useless :-)

lordlukan

I have tried connecting to more than one server at once without success. I have also tried first connecting to a different provider and then Air (and vice versa) but it didn't work.

It will work if you use UDP for the first hop on provider 1 and TCP on the 2nd hop of provider 2. It certainly works when having the first hop on a router (OpenWrt) providing wifi and then connecting with openvpn clinet on pc. You may have stability issues, however.

Staff

Hello,

sorry, we do not offer this option by default, which is considered substantially useless and less secure in comparison to TOR over OpenVPN (or OpenVPN over TOR), because all the nodes are operated by the same entity.

Kind regards

Interesting response! How about this senario.
1. A court orders the data centre to provide them with logs of all network traffic associated with AirVPN server (source IP address, source port, destination IP address, destination port, time, bytes).

Hello!

So, they already can see your real IP address in the first place, if that VPN server is the first hop you connect to.

2. user -(1)→ VPN -(2)→ Internet. Enough data and analysis can yield (1) and (2) network activity and get the IP address of the user.

So, even if they can't see your real IP address, they can see the exit-IP address of another server of the same company.

3. AirVPN doesn't need to provide this data. Data centre already has it.
4. Chaining 2 or more services (even from same provider, but in different jurisdictions) will make this kind of analysis more difficult.

It can slow it down. OpenVPN over TOR can make it impossible.

I wouldn't describe it as useless :-)

It is useless in comparison to OpenVPN over TOR.

Additionally, OpenVPN over TOR protects you against the VPN provider itself, while multi-hopping to different servers of the same provider does not.

Kind regards

Royee

I too was thinking why not spread the level of trust with VPN chaining, but as pointed out above multi hopping may not. OpenVPN over tor would protect against the VPN or anyone knowing at least who you are.

But is

User VPN 1 > VPN 2

Still going to much faster then say

User > OpenVPN over tor

?

Staff

I too was thinking why not spread the level of trust with VPN chaining, but as pointed out above multi hopping may not. OpenVPN over tor would protect against the VPN or anyone knowing at least who you are.

But is

User VPN 1 > VPN 2

Still going to much faster then say

User > OpenVPN over tor

?

Hello!

Yes, in most cases it will be faster. Additionally you will have no protocol limitations like in TOR. However, it's not as secure as TOR over VPN, or VPN over TOR. As usual, it depends on the balance between security and performance that you want to achieve. Such balance can be correctly evaluated only by yourself, carefully, according to the sensitiveness of the data you need to receive or impart.

Probably the easiest way to connect over a VPN over a VPN is through a VM attached via NAT (important!) to the host machine. The host connects to VPN1. The VM connects to VPN2. On the VM all the traffic will be tunneled over VPN2 over VPN1. This solution has also some nice side-effects, the usual advantages of running a VM: disasters and attacks isolation, portability, option to keep the virtual disk encrypted with the assurance that no unencrypted data can be written without your knowledge outside the virtual machine disk.

Kind regards

Royee

thanks I like that idea of of host to VPN 1> VM to VPN2, and as you said protect it via encryption, guess it is for the super paranoid like myself !

JamesDean

Here'a question I've always thought about, but never asked:

If I have connected directly to Air in the past, but then connect via Tor one time...can that 'connected via Tor' session, be linked in any way to my previous 'direct connect' sessions?

I was under the impression that if you didn't *always* connect via Tor, it is of no use to do so now. Am I correct? (I hope not! LOL)

zzyzx

Hello,

I apologize for the lack of knowledge in this field (also, I don't think I can start a new thread since I haven't made enough posts so I have to bump up this (nice) thread). I've read about and tried VPN chaining with a VM as aforementioned in this thread.

I have a question about what is actually happening in the following scenario (I can't reproduce it right now). My friend has a VPN configured on a DD-WRT router. I connected to AirVPN on my laptop while connecting to that router via WiFi. It didn't really concern me at the time, so I didn't check my IP, but I was able to connect to the web normally.

Thank you!

zhang888

Simple. You connect to AirVPN from the VPN server you are connected to via WiFi. That is in case the WiFi is bridged to the VPN interface on that router, which in most cases will be.

zzyzx

Thank you for your reply zhang888.

Is this setup similar to chaining two VPN's using a VM?

How would you (or anyone) rate this setup (connecting to AirVPN from DD-WRT router with a second VPN configured on it) for it's anonymity with the following two configurations?

1) AirVPN over Tor: I've read in this forum that VPN over Tor is the best configuration to secure your traffic, since the AirVPN will not know the user's true IP + all traffic is encrypted, so not even the Tor will know the nature of it. However, wouldn't the first Tor node know the user's true IP?

2) Chaining two VPN's using a VM ( AirVPN -> VPN 2): All traffic is encrypted however, VPN 2 will know the user's true IP.

Please correct me if I am wrong about anything.

Thank you!

zhang888

In both of your examples the second VPN provider will not know your original IP, since you are connecting to it via the first one or via Tor.

Tor>VPN is the most anonymous but also significantly slower, if you trust your provider and the connection methods it offers are not blocked

from your source, there is no reason to use such an overhead setup.

zzyzx

Thank you, again, for your help zhang888!

I'll put all my faith in a VPN over Tor (Tor > VPN); it gets kind of confusing for me when the comparison operator points the other way.

I'm in the midst of trying to get AirVPN over Tor working on OSX, but am having trouble connecting to Tor even though I have installed the Tor Bundle (not just the Tor Browser) and configured AirVPN client and the torrc file as I posted here. I'll try to get it working properly.

https://airvpn.org/topic/9978-vpn-chaining/?do=findComment&comment=52937

Thank you!

VPN chaining

Recommended Posts

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Share this post

Link to post

Join the conversation