Newbie Question on VPN before Tor

Could someone clarify one part of the very helpful Whonix documentation on “What’s the difference of installing a VPN on the host vs. Whonix-Gateway”.

In the “you must ask yourself” section it says the following:
“What should your VPN provider be able to see? All traffic? Then install the VPN on the host.”

Could someone elaborate on what “All traffic” means in this case. Does this mean the VPN can potentially log all of the follow information even though I’m going from the VPN into my Torified Whonix-Gateway:
-the specific destination URLs I’m reaching?
-all activity between me and my destination web sites (details on file downloads from sites, details on whether I posted to a site, etc.)?

Also, I assume there’s no way to utilize a VPN while hiding my real IP address from the VPN, (i.e. it won’t work to use Ubunto with Tor -> VPN -> Whonix-Gateway -> destination) ?

Thanks.

Could someone clarify one part of the very helpful Whonix documentation on "What's the difference of installing a VPN on the host vs. Whonix-Gateway".

In the “you must ask yourself” section it says the following:
“What should your VPN provider be able to see? All traffic? Then install the VPN on the host.”

Could someone elaborate on what “All traffic” means in this case.


All traffic generated by the host. All applications running on the host. Firefox, NTP, anything. This also includes Whonix-Gateway.

-the specific destination URLs I'm reaching? -all activity between me and my destination web sites (details on file downloads from sites, details on whether I posted to a site, etc.)?
VPNs installed on the host or on Whonix-Gateway will not be able to see anything origination from Whonix-Workstation (including destination URLs, downloads, etc.).
Also, I assume there's no way to utilize a VPN while hiding my real IP address from the VPN,
That's possible by installing the VPN inside the workstation.

USER → TOR → PROXY/VPN/SSH → INTERNET

(i.e. it won't work to use Ubunto with Tor -> VPN -> Whonix-Gateway -> destination) ?
I don't understand. Please rephrase if still open question.

I’d like to hear the experiences of anyone who installed VPN directly on Workstation (not your host), such as the following:

  • any difficulties or special tips to install OpenVPN on Workstation?
  • any difficulties or special tips to install whichever VPN client you used on Workstation?
  • how poor is the speed and performance compared to running VPN on the host? Is this setup practical for anything besides basic browsing? Are there frequent drops and reconnects of the VPN?

Thanks all.

Good day,

I’ve never been able to get OpenVPN to run properly with my VPN provider, which is why I use a custom workstation with Debian. The speed doesn’t seem to suffer to much, though the Ping takes a rather big hit.

Have a nice day,

Ego

Glad to report now I’ve successfully set up a paid VPN service running on my host. It uses OpenVPN, which I was required to also install on my host. After connecting to my VPN, I run Whonix and the Whonix Tor Browser works fine.

Now I’m considering trying to install OpenVPN and a paid VPN directly on Whonix Workstation (Tor->VPN). I’ve been reviewing the Tor-VPN setup documentation. Am I correct setting up Tor->VPN is quite a bit more complex than the VPN-Tor setup?

My main question is if I start changing configuration and settings in Workstation to set up Tor->VPN will it mess up my current VPN-Tor setup? In other words, is it possible to have both setups in place at the same time so you can chose one or the other? It looks like installing OpenVPN and a VPN client on Workstation is complex, so I’m concerned about being unsuccessful in that setup and also in the process messing up my current VPN->Tor setup :frowning:

Am I correct setting up Tor->VPN is quite a bit more complex than the VPN-Tor setup?
More difficult indeed.
My main question is if I start changing configuration and settings in Workstation to set up Tor->VPN will it mess up my current VPN-Tor setup?
No.
In other words, is it possible to have both setups in place at the same time
Yes.