[tor-talk] Tor -> VPN Clarification

[Mirimir]

On 01/30/2015 03:05 AM, Squeak wrote:
> Hello,
> 
> Relative newbie here, and I was wondering if someone could help me with
> something please. I keep seeing people describing connections to the Tor
> and is VPN connections in the following two ways:
> 
> Tor -> VPN
> VPN -> Tor
> 
> So if I fire up Tunnelblick, connect to my VPN provider and then open
> TBB which of the above does this describe?

That's "VPN -> Tor". Your Tor client reaches the entry guard through the
VPN provider's exit server.

> And also, is there a recommended way of connecting these two technologies?

There is none ;)

> Another thing I've noticed is in the Tunnelblick client that there is an
> option to connect to a Socks5 proxy, this suggests to me that I can send
> the VPN connection through the Tor network.

Yes. That uses the --socks-proxy option in OpenVPN.[0]

> But I am confused as to why one would want to do this, and what the
> benefits/disadvantages might be?

It's one way to access websites that reject connections from Tor exits.
Many VPN IPs are also blocked, but many aren't. More generally, websites
won't see that you're using Tor, which may be desirable. But a key
disadvantage is that the VPN connection prevents Tor from switching
circuits. So overall, there's probably less anonymity.

In order for this to be at all useful, there must be no observable
association between you and the VPN provider. You must pay for the VPN
with cash by mail, or via Tor with Bitcoins that have been _thoroughly_
anonymized via Tor. And you must never connect the VPN except through
Tor. Bottom line, you must never screw up!

There's also VPN -> Tor -> VPN. You can even add JonDonym to the mix.

> Really appreciate any help you guys could give me!
> 
> Squeak

[0]
http://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html