InactiveUser

The issue seems to be that you can't access your server once the server itself is connected to AirVPN. This makes sense. You would need to forward the RDP port to AirVPN: airvpn.org/ports

Then you could RDP to airvpn_server:port which will be forwarded to your_server_ip:rdp-port

(Another idea would be to have to separate network interfaces on the server - one that gets tunneled through VPN and one that doesn't - but port forwarding should be the easier way of doing this, I think.)

This is an excellent talk about current fingerprinting methods that don't need to rely on cookies or user agent strings.

It also sheds light on how ineffective certain kinds of "privacy-enhancing" addons are at spoofing user-identifiable information - in some cases they even increase the risk of being uniquely fingerprinted.

Link to video at SecurityTube.net:

http://www.securitytube.net/video/8943

X-Forwarded-For is related to HTTP headers and is used by non-anonymous HTTP proxies, this is how it is usually used:

1. you access a site going through such a proxy

2. the proxy accesses the site for you, adds X-Forwarded-For (containing your IP address) to HTTP header

3. site reads HTTP header and now knows your IP/location

I would say you can safely add a fake X-Forwarded-For, regardless of your use of (Air)VPN.

It will only defeat a small portion of georestriction methods, but if it helps in your specific case, go ahead.

As long as you're connected to the VPN, any "Tor leaks" would expose your VPN's IP, not your own. 

You might also find it worthwile to create a firewall rule set to prohibit any connections should your VPN connection drop, or if you forget to enable it.

User jessez has provided good advice for OS X users:

using pf (on OS X Lion and newer)

https://airvpn.org/topic/1713-win-mac-bsd-block-traffic-when-vpn-disconnects/page-2?do=findComment&comment=2532

using ipfw (on OS X Snow Leopard and older)

https://airvpn.org/topic/1713-win-mac-bsd-block-traffic-when-vpn-disconnects/page-3?do=findComment&comment=2756

Provided you set it up correctly (test it!) and don’t get infected by root-privileged malware (which would be able to disable your firewall), nothing could get around the VPN tunnel, no matter if you're currently connected to the VPN or not.

Thanks a lot for putting so much work into this guide. Maybe it should go into the forum's How-to section.

How's performance (Mbit/s trough tunnel; how many devices at once; ..) with your AVM 7141? It looks like a fairly old/slow router.

I agree with virtualization being an additional layer of security.

I disagree with TBB being "highly exploitable". The leaked presentation clearly shows that digging up native FF vulns is a pain in the ass, even for the NSA.

So, they won't waste such vulns for wide-spread attacks against Joe Blow users. ¹ ³

Also, VirtualBox is not a security product and it's maintained by Oracle, a commercial vendor with an awful track record wrt to code quality and security management. ²

---

¹ Case in point: The FF vuln recently used by FBI for their "Torsploit" was no 0day, it was long patched - which either means they didn't have a better vuln for a more effective exploit - or they didn't want to waste it for this particular attack. 

² https://www.whonix.org/wiki/Advanced_Security_Guide#About_VirtualBox

³ "The good news is that they went for a browser exploit, meaning there's no indication they can break the Tor protocol or do traffic analysis on the Tor network. (..) you can target individuals with browser exploits, but if you attack too many users, somebody's going to notice." from: https://blog.torproject.org/blog/yes-we-know-about-guardian-article

If you connect to AirVPN via Tor and browse the web like support staff suggested to you, you have a "partitioning of trust" situation. In short, you can use AirVPN without trusting AirVPN and you can use Tor without trusting Tor.

• you benefit from Tor, but exit nodes cannot sniff or log your traffic. All they can see is that you connect to a  VPN
• you benefit from using AirVPN (you can use sites that block Tor)
• you don't need to trust AirVPN - if the datacenters AirVPN uses get raided or AirVPN gets compromised somehow, all the attacker would see is your Tor IP, not your real IP. Remember, even if AirVPN doesn't store connection data, they do see, and have to see, the IP of your current connection. 

It is, of course, a huge performance hit. Tor will slow you down significantly. From my point of view, it makes more sense to use AirVPN directly and on top of that, browse with Tor Browser. But this is a totally different scenario, and everybody has different needs, so find out what you need and what works best for you.

And, do not forget to test your setups. Tor via VPN, VPN via Tor, this browser, that browser, lots of confusing situations. Just as important as getting all this to work is to make sure it doesn't fail - firewalling, blocking non-VPN connections, ...

Yes, if you browse with Tor Browser, you cannot do that.

1. There is a theoretical way to limit Tor to only choose Exit nodes from specific countries (read: https://www.torproject.org/docs/tor-manual.html.en scroll to ExitNodes and read the warnings, too). It kills your anonymity and is cumbersome, so really, don't do that.
2. If you need a Singaporian IP, use a VPN and a normal browser. (Don't forget that Tor Browser does more than just give you a Tor IP. Tor Browser has lots of security patches and privacy adjustments that you won't have with other browsers.)

xer:

Part 1 of your question: Yes, leave Tor alone. For all recent versions of TBB, the port number is 9150 (and open by default). All you have to do is to make an application, like for example your OpenVPN client, use it.

Part 2 of your question:

1) You --> TBB = browsing via Tor

2) Your application --> TBB's Socks port = your application connects to world through Tor

If that application is your OpenVPN client, pointed at Socks port 9150:

3) You --> VPN (while VPN is connected through Tor, see 2)! ) --> Internet 

Now, your question was, why does TBB not show the VPN IP address?

Well, because internally, TBB's Firefox uses Socks port 9150 to connect to the Tor process. It's the same procedure as in 2) !  So, whatever you do with your VPN configuration -  in Tor Browser, you will always see a Tor IP. 

Please ask again if it is still unclear!

VPNs next?

The sad reality is - nothing can really protect you from big-budget agencies. Not Tor, not VPNs.

They (NSA, GCHQ, FBI, ...) already attack / sniff VPN users whenever they can:

- decrypting flawed VPN crypto / protocols (like PPTP)

- matching incoming / outgoing traffic flows if they're unable to break the crypto

Using VPNs with good crypto - like AirVPN - requires them to fall back to the second method, which is more work, so we should definitely keep using VPNs to make it harder for them.

P.S.: the title saying "Controlled Tor Servers" makes it sound as if they compromised Tor and its node infrastructure itself. This is not the case. They "only" took over one website hosting service. This attack could have been carried out with a pwned www site just as well. Tor itself was and is fine. The out-dated browser that was exploited to harm Tor users wasn't. This is a subtle but encouraging difference to me.

Fingerprint tracking: https://panopticlick.eff.org

Cookieless cache tracking:  http://lucb1e.com/rp/cookielesscookies/

One more Firefox addon suggestion: 

"Secret Agent", constantly rotates user agent string and spoofs several other headers

https://www.dephormation.org.uk/index.php?page=81

It is very difficult to stay anonymous / untrackable with a regular browser. If you are really serious about this topic, there is no way around using Tor Browser, in my opinion.

There is one problem that was not mentioned yet:

Some sites do block Tor exits, and if we start putting Tor exits through AirVPN, these IPs will get blocked too. 

I think that is something to consider.