[tor-talk] Tor -> VPN Clarification

Alexis Wattel alexiswattel at gmail.com
Fri Jan 30 14:45:09 UTC 2015 

To use Tor => VPN, you can use the Socks proxy option in your tunnel software I believe. 

To grasp the subtle difference, I imagine that every application that need to speak to a remote server asks itself the question "Where iz Internet?'. 

With the proxy, you signify to the application that Internet is "located" at the Tor daemon. Any request that the program sends to the the wild will be thus sent to by the daemon to be translated as a connection to a Tor Entry Node (instead of directly aiming at the server). The VPN connection will therefore be made through Tor. (*) 


Without a proxy, the application use the default gateway, e.g. your home router, to forward the requests. It establishes therefore a direct connection to the VPN. This set up puts you virtually on the VPN's local network, thus your OS's Internet gateway is now the same than the VPN's one. 

Then, another app, Tor browser, need to send a request. It is instructed per the socks option that Internet is at the Tor daemon. Tor then wants to send a request to an Entry node, look for where is the Internet, the OS tells that it is accessible through the VPN. So the connection is VPN => Tor. 

I hope these explanations are as clear as I intended ;) 

* : At least this is the way regular applications work, one would need to verify that it is the same for a VPN software which is particular in that I creates a new network. I guess that if it has this option, it actually does the routing in the way I mentioned, but at the same time I wonder how the host computer can cope with needing a proxy to reach local network... But perhaps it magically works, dunno ! 


Le 30 janvier 2015 13:27:27 CET, Squeak <squeak at riseup.net> a écrit :
>Hi Guys,
>
>Thanks for the prompt replies, they are really helpful.  The image you
>posted Bill Berry was especially illuminating, thanks!
>
>So VPN -> Tor is what I'm currently doing with Tunnelblick and TBB, but
>could somebody detail how and with which programs you would achieve Tor
>-> VPN please?    I'm having a little trouble visualising how that
>would
>work.
>
>A follow-up question about the Tunnelblick set up, if someone does
>directly attack my connection and somehow manages to crack the VPN
>encryption they are only going to see that I'm using Tor.  Is that
>correct?
>
>Thanks again!
>
>Squeak
>
>Ben Tasker:
>> VPN + Tor may also be useful if you're on a connection where you
>definitely
>> don't want your local ISP (or perhaps someone else on/with access to
>the
>> same network) to see that you're using Tor.
>> 
>> In this case, the ISP may not be a BT or a Verizon, but a hotel
>wireless
>> provider, employer, starbucks etc.
>> 
>> In that instance, the local ISP might also object to a VPN, of
>course, but
>> generally speaking a VPN (or an SSH tunnel) is generally seen as
>'OK'.
>> 
>> What you're doing there, though, is shifting the trust you'd normally
>have
>> for your/an ISP to the VPN provider which may or may not prove wise
>in the
>> long run.
>> 
>> On Fri, Jan 30, 2015 at 10:30 AM, Bill Berry <bill at techwang.com>
>wrote:
>> 
>>> This image explains VPN + tor quite well;
>>>
>>> https://vigilantcanuck.files.wordpress.com/2015/01/vpn-tor.png
>>>
>>> IMO this setup is a pretty sensible idea given the recent
>de-anonymisation
>>> attacks (e.g. CMU). If your Tor connection gets comprimised, all the
>Feds
>>> have (hopefully) is your VPN IP.
>>>
>>> The best way to set this up is VPN at a router level (e.g.
>>> http://wiki.hidemyass.com/OpenWRT_OpenVPN_Setup), then run Tails or
>Tor
>>> browser on your laptop.
>>>
>>>
>>> On 30/01/15 10:15, Cyrus wrote:
>>>
>>>> Squeak:
>>>>
>>>>> Hello,
>>>>>
>>>>> Relative newbie here, and I was wondering if someone could help me
>with
>>>>> something please. I keep seeing people describing connections to
>the Tor
>>>>> and is VPN connections in the following two ways:
>>>>>
>>>>> Tor -> VPN
>>>>> VPN -> Tor
>>>>>
>>>>> So if I fire up Tunnelblick, connect to my VPN provider and then
>open
>>>>> TBB which of the above does this describe?  And also, is there a
>>>>> recommended way of connecting these two technologies?
>>>>>
>>>> You connect to Tor through the VPN in this case.
>>>>
>>>> PC <=> Internet <=> VPN server <=> Internet <=> Tor Network <=>
>Internet
>>>>
>>>>  Another thing I've noticed is in the Tunnelblick client that there
>is an
>>>>> option to connect to a Socks5 proxy, this suggests to me that I
>can send
>>>>> the VPN connection through the Tor network.  But I am confused as
>to why
>>>>> one would want to do this, and what the benefits/disadvantages
>might be?
>>>>>
>>>> If you don't want a log of your actual IP, doing this would be a
>>>> benefit. Though if they already have logged where you are once as a
>>>> customer, the point of this is moot. If you had a different
>account, you
>>>> could then use the VPN anonymously.
>>>>
>>>>> Really appreciate any help you guys could give me!
>>>>>
>>>>> Squeak
>>>>>
>>>>>
>>>>>
>>>>>
>>> --
>>> --
>>> High quality Shiba Inu at the right price! Quality dogs for over 15
>years!
>>>
>>>
>>> --
>>> tor-talk mailing list - tor-talk at lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>
>> 
>> 
>> 
>
>-- 
>Jabber: squeak at riseup.net
>OTR: 870E5621 47EE1378 CEF24FC5 64D92F30 5801E7BF
>Key ID: F15C63C08104AE96
>Key Fingerprint: 86C6 6D30 31EE 741C A405  3C39 F15C 63C0 8104 AE96
>
>
>------------------------------------------------------------------------
>
>-- 
>tor-talk mailing list - tor-talk at lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list